Fair Information Principles
In 1998, the Federal Trade Commission (FTC) conducted a study of 1,400 web
explained to consumers what might happen with their personal data. The
following five sections are copied directly from this study, Privacy Online:
A Report to Congress. The FTC expounded these Fair Information Principles as
a foundation that should be the basis of any self-regulatory process or
The most fundamental principle is notice. Consumers should be given notice
of an entity's information practices before any personal information is
collected from them. Without notice, a consumer cannot make an informed
decision as to whether and to what extent to disclose personal information.
Moreover, three of the other principles discussed below -- choice/consent,
access/participation, and enforcement/redress -- are only meaningful when
a consumer has notice of an entity's policies, and his or her rights with
While the scope and content of notice will depend on the entity's
substantive information practices, notice of some or all of the following
have been recognized as essential to ensuring that consumers are properly
informed before divulging personal information:
- identification of the entity collecting the data;
- identification of the uses to which the data will be put;
- identification of any potential recipients of the data;
- the nature of the data collected and the means by which it is collected
if not obvious (passively, by means of electronic monitoring, or actively,
by asking the consumer to provide the information);
- whether the provision of the requested data is voluntary or required,
and the consequences of a refusal to provide the requested information;
- the steps taken by the data collector to ensure the confidentiality,
integrity and quality of the data.
Some information practice codes state that the notice should also identify
any available consumer rights, including: any choice respecting the use
of the data; whether the consumer has been given a right of access to
the data; the ability of the consumer to contest inaccuracies; the availability
of redress for violations of the practice code; and how such rights can
In the Internet context, notice can be accomplished easily by the posting
of an information practice disclosure describing an entity's information
practices on a company's site on the Web. To be effective, such a disclosure
should be clear and conspicuous, posted in a prominent location, and readily
accessible from both the site's home page and any Web page where information
is collected from the consumer. It should also be unavoidable and understandable
so that it gives consumers meaningful and effective notice of what will
happen to the personal information they are asked to divulge.
The second widely-accepted core principle of fair information practice
is consumer choice or consent. At its simplest, choice means giving consumers
options as to how any personal information collected from them may be
used. Specifically, choice relates to secondary uses of information --
i.e., uses beyond those necessary to complete the contemplated transaction.
Such secondary uses can be internal, such as placing the consumer on the
collecting company's mailing list in order to market additional products
or promotions, or external, such as the transfer of information to third
Traditionally, two types of choice/consent regimes have been considered:
opt-in or opt-out. Opt-in regimes require affirmative steps by the consumer
to allow the collection and/or use of information; opt-out regimes require
affirmative steps to prevent the collection and/or use of such information.
The distinction lies in the default rule when no affirmative steps are
taken by the consumer. Choice can also involve more than a binary yes/no
option. Entities can, and do, allow consumers to tailor the nature of
the information they reveal and the uses to which it will be put. Thus,
for example, consumers can be provided separate choices as to whether
they wish to be on a company's general internal mailing list or a marketing
list sold to third parties. In order to be effective, any choice regime
should provide a simple and easily-accessible way for consumers to exercise
In the online environment, choice easily can be exercised by simply clicking
a box on the computer screen that indicates a user's decision with respect
to the use and/or dissemination of the information being collected. The
online environment also presents new possibilities to move beyond the
opt-in/opt-out paradigm. For example, consumers could be required to specify
their preferences regarding information use before entering a Web site,
thus effectively eliminating any need for default rules.
Access is the third core principle. It refers to an individual's ability
both to access data about him or herself -- i.e., to view the data in
an entity's files -- and to contest that data's accuracy and completeness.
Both are essential to ensuring that data are accurate and complete. To
be meaningful, access must encompass timely and inexpensive access to
data, a simple means for contesting inaccurate or incomplete data, a mechanism
by which the data collector can verify the information, and the means
by which corrections and/or consumer objections can be added to the data
file and sent to all data recipients.
The fourth widely accepted principle is that data be accurate and secure.
To assure data integrity, collectors must take reasonable steps, such
as using only reputable sources of data and cross-referencing data against
multiple sources, providing consumer access to data, and destroying untimely
data or converting it to anonymous form.
Security involves both managerial and technical measures to protect against
loss and the unauthorized access, destruction, use, or disclosure of the
data. Managerial measures include internal organizational measures that
limit access to data and ensure that those individuals with access do
not utilize the data for unauthorized purposes. Technical security measures
to prevent unauthorized access include encryption in the transmission
and storage of data; limits on access through use of passwords; and the
storage of data on secure servers or computers that are inaccessible by
It is generally agreed that the core principles of privacy protection
can only be effective if there is a mechanism in place to enforce them.
Absent an enforcement and redress mechanism, a fair information practice
code is merely suggestive rather than prescriptive, and does not ensure
compliance with core fair information practice principles.