You are here:
Privacy Law and Policy Reporter >>
 PrivLawPRpr 50
| Name Search
| Recent Articles
Greenleaf, Graham --- "Draft Privacy principles for the US National Information Infrastructure"  PrivLawPRpr 50; (1994) 1(4) Privacy Law & Policy Reporter 69
Draft Privacy principles for the US National Information Infrasturcture
These are the draft Principles developed by the Privacy Working
Group. A 40- paragraph commentary was also released.
I General Principles for the National Information Infrastructure
Information Privacy Principle
Information Integrity Principles
- Individuals are entitled to a reasonable expectation of information
Participants in the NII rely on the integrity of the information
it contains. It is therefore the responsibility of all participants
to ensure that integrity. In particular, participants in the NII
should, to the extent reasonable:
- Ensure that information is secure, using whatever means are
II Principle for Information Collectors
(entities that collect personal information directly from the
Before individuals make a decision to provide personal information,
they need to know how it is intended to be used, how it will
protected, and what will happen if they provide or withhold the
information. Therefore, collectors of this information should:
- Tell the individual why they are collecting the information,
what they expect it will be used for, what steps they will take
its confidentiality and integrity, the consequences
of providing or withholding information, and any rights of redress.
III Principles for Information Users
(information collectors and entities that obtain, process, send
or store personal information)
Acquisition and Use Principles
Users of personal information must recognise and respect the stake
individuals have in the use of personal information. Therefore,
users of personal information should:
- Assess the impact on personal privacy of current or planned
activities before obtaining or using personal information.
- Obtain and keep only information that could reasonably be
expected to support current or planned activities and use the
only for those or compatible purposes.
- Assure that personal information is as accurate, timely, complete
and relevant as necessary for the intended use.
Users of personal information must take reasonable steps to prevent
the information they have from being disclosed or altered improperly.
Such users should:
- Use appropriate managerial and technical controls to protect
the confidentiality and integrity of personal information.
The full effect of the NII on both data use and personal privacy
is not readily apparent, and individuals may not recognise how
lives can be affected by networked information.
Therefore, information users should:
- Educate themselves, their employees, and the public about
how personal information is obtained, sent, stored and protected,
these activities affect others.
- Ensure that information is accurate, timely, complete, and
relevant for the purpose for which it is given.
Because information is used to make decisions that affect individuals,
those decisions should be fair. Information users should,
- Provide individuals a reasonable means to obtain, review,
and correct their own information.
- Inform individuals about any final actions taken against them
and provide individuals with means to redress harm resulting from
use of personal information.
- Allow individuals to limit the use of their personal information
if the intended use is incompatible with the original purpose
which it was collected, unless that use is authorised by law.
IV Principles for Individuals who Provide Personal Information
While information collectors have a responsibility to tell individuals
why they want information about them, individuals also have
responsibility to understand the consequences of providing personal
information to others. Therefore, individuals should obtain
relevant information about:
- Planned primary and secondary uses of the information.
- Any efforts that will be made to protect the confidentiality
and integrity of the information.
- Consequences for the individual of providing or withholding
- Any rights of redress the individual has if harmed by improper
use of the information.
Individuals should be protected from harm resulting from inaccurate
or improperly used personal information. Therefore, individuals
should, as appropriate:
- Be given means to obtain their information and be provided
opportunity to correct inaccurate information that could harm
- Be informed of any final actions taken against them and what
information was used as a basis for the decision.
- Have a means of redress if harmed by an improper use of their