I. General Principles for All National Information Infrastructure (NII) Participants

A. Information Privacy Principle

Personal information should be acquired, disclosed, and used only in ways that respect an individual's privacy.

B. Information Integrity Principle

Personal information should not be improperly altered or destroyed.

C. Information Quality Principle

Personal information should be accurate, timely, complete, and relevant for the purpose for which it is provided and used.

II. Principles for Users of Personal Information

A. Acquisition Principle

Information users should: 1) assess the impact on privacy in deciding whether to acquire, disclose, or use personal information; and 2) acquire and keep only information reasonably expected to support current or planned activities.

B. Notice Principle

Information users who collect personal information directly from the individual should provide adequate, relevant information about: 1) why they are collecting the information; 2) what the information is expected to be used for; 3) what steps will be taken to protect its confidentiality, integrity, and quality; 4) the consequences of providing or withholding information; and 5) any rights of redress.

C. Protection Principle

Information users should use appropriate technical and managerial controls to protect the confidentiality and integrity of personal information.

D. Fairness Principle

Information users should not use personal information in ways that are incompatible with the individual's understanding of how it will be used, unless there is a compelling public interest for such use.

E. Education Principle

Information users should educate themselves and the public about how information privacy can be maintained.

III. Principles for Individuals who Provide Personal Information

A. Awareness Principle

Individuals should obtain adequate, relevant information about: 1) why the information is being collected; 2) what the information is expected to be used for; 3) what steps will be taken to protect its confidentiality, integrity, and quality; 4) the consequences of providing orwithholding information; and 5) any rights of redress.

B. Empowerment Principle

Individuals should be able to safeguard their own privacy by having: 1) a means to obtain their personal information; 2) a means to correct their personal information that lacks sufficient quality to ensure fairness in its use; 3) the opportunity to use appropriate technical controls, such as encryption, to protect the confidentiality and integrity of communications and transactions; and 4) the opportunity to remain anonymous when appropriate.

C. Redress Principle

Individuals should, as appropriate, have a means of redress if harmed by an improper disclosure or use of personal information. 

¹ Information Infrastructure Task Force: 1995.

 
For questions about the content of this product, please contact Lee M. Hoffman.