FTC fair information practice
FTC fair information practice
Main page

FTC fair information practice

logo
Community Hub0 subscribers

FTC fair information practice

logo
Community Hub0 subscribers
What are your thoughts?
Be the first to start a discussion here.
Be the first to start a discussion here.
FTC fair information practice

The fair information practice principles (FIPPs) of the United States Federal Trade Commission (FTC) are guidelines that represent widely accepted concepts concerning fair information practice in an electronic marketplace.

FTC fair information practice principles are the result of the commission's inquiry into the way in which online entities collect and use personal information and safeguards to assure that practice is fair and provides adequate information privacy protection. The FTC has been studying online privacy issues since 1995, and in its 1998 report, the commission described the widely accepted fair information practice principles of notice, choice, access, and security. The commission also identified enforcement, the use of a reliable mechanism to provide sanctions for noncompliance as a critical component of any governmental or self-regulatory program to protect online privacy.

Fair information practice was initially proposed and named by the US Secretary's Advisory Committee on Automated Personal Data Systems in a 1973 report, Records, Computers and the Rights of Citizens, issued in response to the growing use of automated data systems containing information about individuals. The central contribution of the Advisory Committee was the development of a code of fair information practice for automated personal data systems. The Privacy Protection Study Commission also may have contributed to the development of FIPs principles in its 1977 report, Personal Privacy in an Information Society.

As privacy laws spread to other countries in Europe, international institutions took up privacy with a focus on the international implications of privacy regulation. In 1980, the Council of Europe adopted a Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data. At the same time, the Organisation for Economic Cooperation and Development (OECD) proposed similar privacy guidelines in the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. The OECD Guidelines, Council of Europe Convention, and European Union Data Protection Directive relied on FIPs as core principles. All three organizations revised and extended the original U.S. statement of FIPs, with the OECD Privacy Guidelines being the version most often cited in subsequent years.

The core principles of privacy addressed by these principles are:

1. Notice/Awareness Consumers should be given notice of an entity's information practices before any personal information is collected from them. This requires that companies explicitly notify some or all of the following:

2. Choice/Consent Choice and consent in an on-line information-gathering sense means giving consumers options to control how their data is used. Specifically, choice relates to secondary uses of information beyond the immediate needs of the information collector to complete the consumer's transaction. The two typical types of choice models are 'opt-in' or 'opt-out.' The 'opt-in' method requires that consumers affirmatively give permission for their information to be used for other purposes. Without the consumer taking these affirmative steps in an 'opt-in' system, the information gatherer assumes that it cannot use the information for any other purpose. The 'opt-out' method requires consumers to affirmatively decline permission for other uses. Without the consumer taking these affirmative steps in an 'opt-out' system, the information gatherer assumes that it can use the consumer's information for other purposes. Each of these systems can be designed to allow an individual consumer to tailor the information gatherer's use of the information to fit their preferences by checking boxes to grant or deny permission for specific purposes rather than using a simple "all or nothing" method.

3. Access/Participation Access as defined in the Fair Information Practice Principles includes not only a consumer's ability to view the data collected, but also to verify and contest its accuracy. This access must be inexpensive and timely in order to be useful to the consumer.

See all
User Avatar
No comments yet.