The OECDPrivacy GuidelinesThese are the eight principles listed in Part 2 of the book. In the original text, these correspond to sections 8 to 7.
(1) Collection Restriction Principles (Collection Limitation)
- There should be limits on the collection of personal data and all such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subjects.
(2) Data Quality Principles (Data Quality)
- Personal data should be relevant to the purposes for which it is to be used, and, to the extent necessary for those purposes, should be accurate, complete, and up-to-date.
(3) Principle of clarity of purpose (Purpose Specification)
- The purposes for which personal data are collected should be made clear at the latest at the time the data is collected, and their subsequent use should be limited to compatible purposes that are relevant to the achievement or change of those purposes at each time.
(4) Principles of Usage Restrictions (Use Limitation)
- Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with Section 9, except as follows:
a) With the consent of the data subject, or
b) When required by law.
(5) Safety protection principles (Security Safeguards)
- Personal data should be protected by reasonable security safeguards against risks such as loss or unauthorised access, destruction, use, modification or disclosure.
(6) Principle of Disclosure (Openness)
- There should be general, publicly available information about developments, practices and policies regarding personal data. There should be readily available means to verify the existence and nature of personal data, its primary use, and the identity and usual location of the data controller.
(7) The principle of individual participation (Individual Participation)
- Individuals should have the right to:
a) Obtain confirmation from the data controller or otherwise whether the data controller holds data relating to him/her
b) To be informed about the data relating to you by:
i. Within a reasonable time
ii. At a reasonable fee (if any);
iii. In a reasonable manner
iv. In a form that is easily understandable to the individual
c) to be informed of the reasons for any denial of a request under (a) and (b) and to be able to appeal any such denial.
d) To object to data relating to you and, if your objection is upheld, to have that data erased, rectified, completed or amended;
(8) Principle of responsibility (Accountability)
- Data controllers should be accountable for complying with measures to give effect to the above principles.