You are here:
AustLII >>
Databases >>
Privacy Law and Policy Reporter >>
1994 >>
[1994] PrivLawPRpr 50
Database Search
| Name Search
| Recent Articles
| Noteup
| LawCite
| Help
Greenleaf, Graham --- "Draft Privacy principles for the US National Information Infrastructure" [1994] PrivLawPRpr 50; (1994) 1(4) Privacy Law & Policy Reporter 69
Draft Privacy principles for the US National Information Infrasturcture
These are the draft Principles developed by the Privacy Working
Group. A 40- paragraph commentary was also released.
I General Principles for the National Information Infrastructure
Information Privacy Principle
- Individuals are entitled to a reasonable expectation of information
privacy.
Information Integrity Principles
Participants in the NII rely on the integrity of the information
it contains. It is therefore the responsibility of all participants
to ensure that integrity. In particular, participants in the NII
should, to the extent reasonable:
- Ensure that information is secure, using whatever means are
appropriate.
II Principle for Information Collectors
(entities that collect personal information directly from the
individual)
Collection Principle
Before individuals make a decision to provide personal information,
they need to know how it is intended to be used, how it will
be
protected, and what will happen if they provide or withhold the
information. Therefore, collectors of this information should:
- Tell the individual why they are collecting the information,
what they expect it will be used for, what steps they will take
to protect
its confidentiality and integrity, the consequences
of providing or withholding information, and any rights of redress.
III Principles for Information Users
(information collectors and entities that obtain, process, send
or store personal information)
Acquisition and Use Principles
Users of personal information must recognise and respect the stake
individuals have in the use of personal information. Therefore,
users of personal information should:
- Assess the impact on personal privacy of current or planned
activities before obtaining or using personal information.
- Obtain and keep only information that could reasonably be
expected to support current or planned activities and use the
information
only for those or compatible purposes.
- Assure that personal information is as accurate, timely, complete
and relevant as necessary for the intended use.
Protection Principle
Users of personal information must take reasonable steps to prevent
the information they have from being disclosed or altered improperly.
Such users should:
- Use appropriate managerial and technical controls to protect
the confidentiality and integrity of personal information.
Education Principle
The full effect of the NII on both data use and personal privacy
is not readily apparent, and individuals may not recognise how
their
lives can be affected by networked information.
Therefore, information users should:
- Educate themselves, their employees, and the public about
how personal information is obtained, sent, stored and protected,
and how
these activities affect others.
- Ensure that information is accurate, timely, complete, and
relevant for the purpose for which it is given.
Fairness Principles
Because information is used to make decisions that affect individuals,
those decisions should be fair. Information users should,
as appropriate:
- Provide individuals a reasonable means to obtain, review,
and correct their own information.
- Inform individuals about any final actions taken against them
and provide individuals with means to redress harm resulting from
improper
use of personal information.
- Allow individuals to limit the use of their personal information
if the intended use is incompatible with the original purpose
for
which it was collected, unless that use is authorised by law.
IV Principles for Individuals who Provide Personal Information
Awareness Principles
While information collectors have a responsibility to tell individuals
why they want information about them, individuals also have
a
responsibility to understand the consequences of providing personal
information to others. Therefore, individuals should obtain
adequate,
relevant information about:
- Planned primary and secondary uses of the information.
- Any efforts that will be made to protect the confidentiality
and integrity of the information.
- Consequences for the individual of providing or withholding
information.
- Any rights of redress the individual has if harmed by improper
use of the information.
Redress Principles
Individuals should be protected from harm resulting from inaccurate
or improperly used personal information. Therefore, individuals
should, as appropriate:
- Be given means to obtain their information and be provided
opportunity to correct inaccurate information that could harm
them.
- Be informed of any final actions taken against them and what
information was used as a basis for the decision.
- Have a means of redress if harmed by an improper use of their
personal information
Graham Greenleaf
AustLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.austlii.edu.au/au/journals/PrivLawPRpr/1994/50.html