Building a Successful Data Management Framework: The Fair Information Practice Principles

Building a Successful Data Management Framework

The proliferation of privacy and data protection regulations around the world, data security risks, as well as consumers’ emerging awareness of their rights and growing expectation that companies take steps to protect their privacy and personal information, require organizations to take a structured approach toward their privacy and data management practices. Developing a proactive privacy and data management program is essential not only for compliance and data risk management but also to maintain consumers’ trust and confidence, and to sustain and grow the organization’s position in a competitive marketplace.

Most privacy and data protection programs are based on the internationally recognized Fair Information Practice Principles. These principles and the concepts they contain were first formulated in the 1970s and still play an important role in the development of data protection regulations around the world.

Transparency: organizations should be transparent and provide notice to the individual regarding collection, use, dissemination, and maintenance of personal information.
Individual Participation: organizations should involve the individual in the process of using personal information and, to the extent practicable, seek individual consent for the collection, use, dissemination, and maintenance of such information. Organizations should also provide mechanisms for appropriate access, correction, and redress regarding their use of personal information.
Purpose Specification: organizations should articulate the authority that permits the collection of personal information and specifically articulate the purpose or purposes for which the information is intended to be used.
Data Minimization: organizations should only collect personal information that is directly relevant and necessary to accomplish the specified purposes and only retain personal information for as long as is necessary to fulfill these purposes.
Use Limitation: organizations should use personal information solely for the purposes specified in the privacy notice. Sharing personal information outside the organizations should be for a purpose compatible with the purpose for which the information was collected.
Data Quality: organizations must ensure that personal information is accurate, relevant, timely, and complete.
Security: organizations must protect personal information with reasonable security measures from risks such as unauthorized access, destruction, use, alteration or disclosure of data.
Accountability: organizations should be accountable for complying with these principles, provide training to all employees and contractors who use personal information, and audit the actual use of personal information to demonstrate compliance with these principles and all applicable privacy protection requirements.

The main elements of the Fair Information Practice Principles are agreed on by many countries and sectors of the economy, and are included in the policies and corporate documents of many large companies. Building a privacy program on these Principles will establish a solid data management foundation that will help your organization to adapt to and comply with the myriad of privacy regulations emerging around the world.