AustLII Home | Databases | WorldLII | Search | Feedback

Privacy Law and Policy Reporter

Privacy Law and Policy Reporter (PLPR)
You are here:  AustLII >> Databases >> Privacy Law and Policy Reporter >> 1994 >> [1994] PrivLawPRpr 50

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

Greenleaf, Graham --- "Draft Privacy principles for the US National Information Infrastructure" [1994] PrivLawPRpr 50; (1994) 1(4) Privacy Law & Policy Reporter 69

Draft Privacy principles for the US National Information Infrasturcture

These are the draft Principles developed by the Privacy Working Group. A 40- paragraph commentary was also released.

I General Principles for the National Information Infrastructure

Information Privacy Principle

  1. Individuals are entitled to a reasonable expectation of information privacy.
Information Integrity Principles

Participants in the NII rely on the integrity of the information it contains. It is therefore the responsibility of all participants to ensure that integrity. In particular, participants in the NII should, to the extent reasonable:

  1. Ensure that information is secure, using whatever means are appropriate.

II Principle for Information Collectors

(entities that collect personal information directly from the individual)

Collection Principle

Before individuals make a decision to provide personal information, they need to know how it is intended to be used, how it will be protected, and what will happen if they provide or withhold the information. Therefore, collectors of this information should:

  1. Tell the individual why they are collecting the information, what they expect it will be used for, what steps they will take to protect its confidentiality and integrity, the consequences of providing or withholding information, and any rights of redress.

III Principles for Information Users

(information collectors and entities that obtain, process, send or store personal information)

Acquisition and Use Principles

Users of personal information must recognise and respect the stake individuals have in the use of personal information. Therefore, users of personal information should:

  1. Assess the impact on personal privacy of current or planned activities before obtaining or using personal information.
  2. Obtain and keep only information that could reasonably be expected to support current or planned activities and use the information only for those or compatible purposes.
  3. Assure that personal information is as accurate, timely, complete and relevant as necessary for the intended use.
Protection Principle

Users of personal information must take reasonable steps to prevent the information they have from being disclosed or altered improperly. Such users should:

  1. Use appropriate managerial and technical controls to protect the confidentiality and integrity of personal information.
Education Principle

The full effect of the NII on both data use and personal privacy is not readily apparent, and individuals may not recognise how their lives can be affected by networked information.

Therefore, information users should:

  1. Educate themselves, their employees, and the public about how personal information is obtained, sent, stored and protected, and how these activities affect others.
  2. Ensure that information is accurate, timely, complete, and relevant for the purpose for which it is given.
Fairness Principles

Because information is used to make decisions that affect individuals, those decisions should be fair. Information users should, as appropriate:

  1. Provide individuals a reasonable means to obtain, review, and correct their own information.
  2. Inform individuals about any final actions taken against them and provide individuals with means to redress harm resulting from improper use of personal information.
  3. Allow individuals to limit the use of their personal information if the intended use is incompatible with the original purpose for which it was collected, unless that use is authorised by law.

IV Principles for Individuals who Provide Personal Information

Awareness Principles

While information collectors have a responsibility to tell individuals why they want information about them, individuals also have a responsibility to understand the consequences of providing personal information to others. Therefore, individuals should obtain adequate, relevant information about:

  1. Planned primary and secondary uses of the information.
  2. Any efforts that will be made to protect the confidentiality and integrity of the information.
  3. Consequences for the individual of providing or withholding information.
  4. Any rights of redress the individual has if harmed by improper use of the information.
Redress Principles

Individuals should be protected from harm resulting from inaccurate or improperly used personal information. Therefore, individuals should, as appropriate:

  1. Be given means to obtain their information and be provided opportunity to correct inaccurate information that could harm them.
  2. Be informed of any final actions taken against them and what information was used as a basis for the decision.
  3. Have a means of redress if harmed by an improper use of their personal information

Graham Greenleaf

AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback