FAIR INFORMATION PRACTICES Flashcards
What are Fair Information Practices (FIPs)?
A set of guidelines representing widely accepted concepts concerning fair information practice in an electronic marketplace.
What is the Notice/Awareness principle?
Organizations must provide clear and accessible notice about their processings before collecting personal data - including what personal data is collected - purposes - and rights of data subjects.
What is the Choice/Consent principle?
Individuals must have the choice to opt-in or opt-out of data collection and processing activities.
What does the Access/Participation principle entail?
Individuals should have the right to access and rectify their data - giving data subjects some control over their personal data.
What is the Integrity/Security principle?
Data must be kept up-to-date - accurate - and complete - and security measures should be taken to protect personal data.
What is the Enforcement/Redress principle?
Data subjects should have a way to seek redress if their data is mishandled (through regulatory oversight - self-regulation - etc.).
What is the Purpose Limitation principle?
Purpose must be specified at the time of data collection - and any subsequent use should be limited to those purposes or compatible ones. Purposes must be specified - explicit - and legitimate.
What is the Data Minimization principle?
The collection of personal data should be limited to what is necessary in relation to the purposes for which they are processed.
What does the Accountability principle entail?
As defined by OECD Guidelines and APEC Framework - organizations must be accountable for complying with data protection principles.
Which major privacy laws and frameworks are based on FIPs?
GDPR (General Data Protection Regulation) in the European Union - HIPAA (Health Insurance Portability and Accountability Act) in the United States - and others.