Fair+Information+Practices

Over the past 30 – 40 years, government agencies, international organizations and standards-setting bodies around the world have evolved a set of information principles that have become known as Fair Information Practices. The notion of fair information practices was first articulated in a report by the US Department of Health, Education and Welfare in 1973 titled [|Secretary’s Advisory Committee on Automated Personal Data Systems, Records, Computers and the Rights of Citizens] July, 1973 (see section III – [|Safeguards for Privacy]). The report stated:

//Safeguards for personal privacy based on our concept of mutuality in record-keeping would require adherence by record-keeping organizations to certain fundamental principles of fair information practice.//
 * //There must be no personal-data record-keeping systems whose very existence is secret.//
 * //There must be a way for an individual, to find out what information about him is in a record and how it is used.//
 * //There must be a way for an individual to prevent information about him obtained for one purpose from being used or made available for other purposes without his consent.//
 * //There must be a way for an individual to correct or amend a record of identifiable information about him.//
 * //Any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take reasonable precautions to prevent misuse of the data.//

//These principles should govern the conduct of all personal-data record-keeping systems. Deviations from them should be permitted only if it is clear that some significant interest of the individual data subject, will be served or if some paramount societal interest can be clearly demonstrated; no deviation should be permitted except as specifically provided by law.//

The concept evolved further with the development of the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data in 1980 which expanded the principles to be considered as fair information practices (See eHealthRisk Wiki link for more information).

In the 1990's and 2000's some countries developed comparable (though not identical) sets of Fair Information Practice principles based on the OECD Guidelines. These included Canada's CSA Model Code for the Protection of Personal Information and Australia's National Privacy Principles (Extracted from the Privacy Amendment (Private Sector) Act 2000). (See eHealthRisk Wiki links for more information).