Privacy Principles
You might be asking, what principles can I use to make sure I'm acting in good faith with respect to the personally identifying data of my employees, customers, and partners? The Canadian Personal Information Protections and Electronic Documents Act described in Table 4-1 contains 10 principles that, if modified slightly, can serve as a guide:
- Accountability
Your organization is responsible for the personal information under its control and must designate someone who is accountable for complying with these principles.
- Identifying purposes
Any project must specify why it is collecting personal information at or before the time it does so.
- Consent
The subject's consent is required for the collection, use, or disclosure of personal information. Exceptions should be documented.
- Limiting collection
Projects may collect only the personal information that's necessary for the purpose they've identified, and must collect it by fair and lawful means.
- Limiting use, disclosure, and retention
Unless a project has the consent of the subject, or is legally required to do otherwise, projects may use or disclose personal information only for the purposes for which they collected it, and they may retain it only as long as necessary for those purposes.
- Accuracy
The subject's personal information must be accurate, complete, and up to date.
- Safeguards
Security safeguards must be employed to protect personal information.
- Openness
The project must make its personal information policies ...