Fair Information Practices


Also found in: Acronyms.

Fair Information Practices

A general term for a set of standards governing the collection and use of personal data and addressing issues of privacy and accuracy. In the UK, the term Data Protection is preferred; in the EU, the term Personal Data Privacy is preferred. 

OECD’s Guidelines on Protection of Privacy and Transborder Flows of Personal Data principles:
Collection Limitation Principle
There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.

Data Quality Principle
Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.

Purpose Specification Principle
The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfilment of those purposes, or such others as are not incompatible with those purposes, and as are specified on each occasion of change of purpose.

Use Limitation Principle
Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with the Purpose Specification Principle except:
(a) with the consent of the data subject; or
(b) by the authority of law.

Security Safeguards Principle
Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorised access, destruction, use, modification or disclosure of data.

Openness Principle
There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller.

Individual Participation Principle
An individual should have the right:
• To obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him or her;
• To have communicated to him or her data relating to him or her within a reasonable time; at a charge, if any, that is not excessive; in a reasonable manner; and in a form that is readily intelligible to him or her;
• To be given reasons if a request made under sub-paragraphs(a) and (b) is denied, and to be able to challenge such denial; and
• To challenge data relating to him or her and, if the challenge is successful to have the data erased, rectified, completed or amended.

Accountability Principle
A data controller should be accountable for complying with measures which give effect to the principles stated above.
Mentioned in ?
References in periodicals archive ?
I How well does the DJC's online privacy policy comply with FTC Fair Information Practice Principles?
For example, although the FTC recommended that Web sites be required to provide users access to collected information, it could not define "access," admitting that the term could mean total access, partial access, or access only when the Web site "uses the personal information to grant or deny significant benefits to an individual, and where granting access would improve the accuracy of the data in a way that justifies the costs." (36) Depending on the definition, the proposed level of required "access" could actually become "no access." The Commission's other proposed principles provide equally scarce guidance regarding how online entities are to comply with the fair information practice principles.
Although all of the requirements of Fair Information Practices raise theoretical and practical concerns, four--notice, consent/choice, access, and onward transfer--are particularly problematic.
Is someone responsible for keeping up-to-date on current laws and regulations regarding fair information practices?
The federal Privacy Act and equivalent legislation in most Canadian provinces are the expression of internationally accepted privacy principles known as "fair information practices".
In 1980, the Council of Europe adopted a convention binding member states to create legislation establishing fair information practices. At the same time, the Organization for Economic Co-operation and Development adopted a set of privacy principles, the Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.
This commitment is built within a framework known as Fair Information Practices, which forms the foundation of our collection, storage, use and distribution of customer information.
Over the last thirty years, governments and theorists around the world have identified a core set of fair information practices to assure citizens' participation in the collection and use of their personal information.
government to establish a code of fair information practices, which include an individual's right to get access to personal information held by others and would require a person's consent before such information could be disclosed to others.
"Not one of the companies adequately addressed all the elements of the Fair Information Practices," a set of principles that provide privacy policies were "typically confusing, incomplete, and inconsistent." The report, "Surfer Beware III: Privacy Policies without Privacy Protection," concluded that "consumers are more at risk today than they were in 1997." The document can be found on SM Online.
"The reality is that only a small percentage of web sites even begin to approach the type of privacy protection that would be provided by the most rudimentary privacy law in this country." He called for the government to establish a privacy agency with the expertise, competence and resources that the Federal Trade Commission - now filling that role - drastically lacks; to promote the enforcement of Fair Information Practices and to encourage new techniques to limit or eliminate the collection of personal data.

Full browser ?