Bierce & Kenerson, P.C.

Privacy and Security Breach Portal: General Principles of Privacy Laws

In general in the United States based on statutes, regulations and tort principles, there are five core principles of privacy: notice/awareness; choice/consent; access/participation; integrity/security; and enforcement/redress. Based on OECD principles from the 1980s, the U.S. principles resemble those of the EUs Data Protection Directive.

First, the data subject needs to be given notice and be aware of the intended uses of personal information.
Second, the data subject needs to have a means of expressing choice and consent to the use of personal information.
Third, the data subject should have some assurance that access is limited to authorized recipients. Onward transfer should be prohibited except for intended uses.
Fourth, the collector of data should provide reasonably adequate measures of security to protect data security. The data should be maintained without distortion.
Finally, the data subject should have some means of rectifying errant data and enforcing mismanagement of data.

The most contentious principle is perhaps the rule governing choice and consent. Choice addresses the level of consent to secondary uses of information, that is, uses beyond those necessary to complete the contemplated transaction.

There may be simple solutions to avoid violations. Encryption, timely data erasure, avoiding collecting of sensitive information, and document retention policies should be considered.

© Copyright 2004-2008 Bierce & Kenerson, P.C.^SM.
Attorney Advertising.
Privacy Policy | Disclaimer | Copyright Notice | Site Map