M(2) 10 Fair Information Principles Flashcards
Name the 10 Principles
A Ip C L L A S O Ia Cc
1) Accountability
2) Identifying Purposes
3) Consent
4) Limiting Collection
5) Limiting Use, Disclosure, Retention
6) Accuracy
7) Safeguards
8) Openness
9) Individual Access
10) Challenging Compliance
Form the ground rules for the CUD of personal information
(1) Accountability
an organization is responsible for the info it CUD’s, and should appoint someone to this position
(2) Identifying Purposes
The purpose for the information being collected should be made clear before/at the time of collection
ie needs to be a reason for collection
(3) Consent
Knowledge and consent of the individual are required for the CUD of personal information
EXCEPT - when breach of agreement/fraud is suspected
UNLESS - the law already gives consent ie bartender have consent to ask age under Liquer Control Act
(4) Limiting Collection
The extent of information collected should be limited to what it’s intended use is, no unlawful or unfair means must be used
(5) Limited Use, Disclosure, and Retention
Unless the individual consents or it is required by law, personal information can only be used/disclosed for the purposes for which it was collected, and only kept as long as it serves that purpose
(6) Accuracy
(job of gov/org to uphold)
Personal information should be as accurate/complete and up to date as possible in order to properly satisfy the purposes for which it is to be used
(7) Safeguards
Personal information must be protected by an appropriate amount of proper security relative to the sensitivity of the information
(ie Security! )
(8) Openness
An organization must make detailed info about its privacy policies and practices public and readily available
(9) Individual Access
Upon request, an individual must be informed of the existence, use, and disclosure of their personal information and be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate
(10) Challenging Disclosure
An individual should be able to challenge an organizations compliance with the above principles, their challenge should be addressed to the person accountable for their organizations compliance with PIPEDA, usually their Chief Privacy Officer, this officer should be able to provide a reasonable reason
CA has two types :
(1) Power/Order Making - can make you do something
(2) Ombudsman’s - can’t make you do anything
Additional OPC unreasonable purposes
- CUD for unlawful purposes
- profiling/categorizing in unethical/unfair ways
- CUD of personal information for purposes known to cause harm
- publishing personal information with the intent of charging for its removal
- requiring passwords to social account of employees for screening
- conducting surveillance on an individual using their own audio or video devices
