FIPPs Fair Information Practice Principles

Similar documents
Notice of Privacy Practices

Christina Narensky, Psy.D.

Paola Bailey, PsyD Licensed Clinical Psychologist PSY# 25263

This policy sets out how Legacy Foresight and its Associates will seek to ensure compliance with the legislation.

Protection of Privacy Policy

Key & Access Policy - DRAFT

Diana Gordick, Ph.D. 150 E Ponce de Leon, Suite 350 Decatur, GA Health Insurance Portability and Accountability Act (HIPAA)

Guidelines for the Stage of Implementation - Self-Assessment Activity

Privacy Policy Framework

Lesli K. Johnson Licensed Psychologist Licensed Independent Social Worker 17 Blue Line Drive Athens, Ohio (740)

Privacy Policy SOP-031

CCTV Policy. Policy reviewed by Academy Transformation Trust on June This policy links to: T:Drive. Safeguarding Policy Data Protection Policy

Lecture for January 25, 2016

CCTV Policy. Policy reviewed by Academy Transformation Trust on June This policy links to: Safeguarding Policy Data Protection Policy

YOUR RIGHTS. In Intermediate Care Facilities for Persons with. Mental Retardation (ICF-MR) Programs. Texas Department of Aging and Disability Services

Your Rights. In An ICF-MR Program

Reporters' Memorandum: Restatement Third of Information Privacy Principles

Pickens Savings and Loan Association, F.A. Online Banking Agreement

University of Massachusetts Amherst Libraries. Digital Preservation Policy, Version 1.3

University of Southern California Guidelines for Assigning Authorship and for Attributing Contributions to Research Products and Creative Works

Counselling Consent. What is counselling all about? How will counselling help? Risks involved in counselling. Values Statement

Data Protection and Information Security. Photography and Filming - Guidelines for the use of Personal Data

Berkeley Postdoc Entrepreneur Program (BPEP)

Australian Census 2016 and Privacy Impact Assessment (PIA)

THE UNIVERSITY OF AUCKLAND INTELLECTUAL PROPERTY CREATED BY STAFF AND STUDENTS POLICY Organisation & Governance

Parenteral Nutrition Down Under Inc. (PNDU) Working with Pharmaceutical Companies Policy (Policy)

2018 / Photography & Video Bell Lane Primary School & Children s Centre

California State University, Northridge Policy Statement on Inventions and Patents

Violent Intent Modeling System

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Privacy framework

ADDENDUM D COMERICA WEB INVOICING TERMS AND CONDITIONS

Computer Ethics. Dr. Aiman El-Maleh. King Fahd University of Petroleum & Minerals Computer Engineering Department COE 390 Seminar Term 062

Global citizenship at HP. Corporate accountability and governance. Overarching message

Photography and Videos at School Policy

CARAPELLI FOR ART COMPETITION RULES AND REGULATIONS

COMMUNICATIONS POLICY

Sample Code of Conduct

When Must a Non-UH Investigator Seek Review by the UH IRB? the Issue of Engagement

Paid Surveys Secret. The Most Guarded Secret Top Survey Takers Cash In and Will Never Tell You! Top Secret Report. Published by Surveys & Friends

Privacy Impact Assessment on use of CCTV

Your Personal Services Corporation

Intellectual Property Ownership and Disposition Policy

Bankruptcy claims allege funds misuse

Person-Centered Planning and Service Delivery Requirements

INFORMATION PACKAGE For CLIENTS

Office for Nuclear Regulation Strategy

Initial Insulin Pump Funding Request

The Rules Aggie Style!

Privacy Law in Canada: Obligations and Risks in the Cyber Age Dina L. Maxwell Associate Lawyer

F98-3 Intellectual/Creative Property

YOUR RIGHTS. In Local Authority Services. Texas Department of Aging and Disability Services. Published by

Guide to the Requirements for Public Information and Disclosure GD-99.3

Virtual Reality Driving Simulator. for Older Drivers

Use of Photographs (Senior School) Policy

Lesson 2: What is the Mary Kay Way?

OK well how this call will go is I will start of by asking you some questions about your business and your application which you sent through.

FACULTY OF ENGINEERING & INFORMATION TECHNOLOGIES RESEARCH DATA MANAGEMENT PROVISIONS 2015

RESEARCH DATA MANAGEMENT PROCEDURES 2015

Intellectual Property

ONR Strategy 2015 to 2020

Ars Hermeneutica, Limited Form 1023, Part IV: Narrative Description of Company Activities

(1) Patents/Patentable means:

Big Data and Personal Data Protection Challenges and Opportunities

View Terms and Conditions: Effective 12/5/2015 Effective 6/17/2017

Loyola University Maryland Provisional Policies and Procedures for Intellectual Property, Copyrights, and Patents

DISPOSITION POLICY. This Policy was approved by the Board of Trustees on March 14, 2017.

Suggest holding off until next time you visit, so you can ask your parents first.

Public Information and Disclosure RD/GD-99.3

SUPERIOR COURT OF THE DISTRICT OF COLUMBIA ORDER

Enabling Trust in e-business: Research in Enterprise Privacy Technologies

Vital Records Data Practices Manual

Clinton Foundation Refuses to Release Names of 1,076 Secret Foreign Donors

Efese, ethics in research

Comprehensive. Campaign Plan

A Guide for Structuring and Implementing PIAs

ARAMINTA FREEDOM INITIATIVE

Robert Bond Partner, Commercial/IP/IT

Privacy Procedure SOP-031. Version: 04.01

Personal Data Protection Competency Framework for School Students. Intended to help Educators

2

Customer Service Charter

DEPARTMENT OF PUBLIC SAFETY DIVISION OF FIRE COLUMBUS, OHIO. SOP Revision Social Media Digital Imagery

TECHNOLOGY COMMERCIALIZATION AND INNOVATION STRATEGY

PREP Course 10: Electronic External Interests Review & The HRPP Review Process Presented by: Hallie Kassan Scott Beardsley Gerry Kassoff

Lewis-Clark State College No Date 2/87 Rev. Policy and Procedures Manual Page 1 of 7

2. What is Text Mining? There is no single definition of text mining. In general, text mining is a subdomain of data mining that primarily deals with

A POLICY in REGARDS to INTELLECTUAL PROPERTY. OCTOBER UNIVERSITY for MODERN SCIENCES and ARTS (MSA)

ideastudio guide About the Studio Location & Phone Contact Information Online Information

TECHNOLOGY, ARTS AND MEDIA (TAM) CERTIFICATE PROPOSAL. November 6, 1999

Primary IVF Conditions for Registration For Assisted Reproductive Treatment Providers under the Assisted Reproductive Treatment Act 2008

Proper Lab Attire. Published on UC Davis Safety Services (

THE UNIVERSITY OF TORONTO DRAMA FESTIVAL

University of Houston System. System-wide Public Art Committee (SPAC) Operating Procedures Manual

Photography policy. Policy history

ACCESS MANAGEMENT IN ELECTRONIC COMMERCE SYSTEM

This Privacy Policy describes the types of personal information SF Express Co., Ltd. and

What makes C+P different?

4.1. Accurate: The information is a true reflection of the original observation.

Questacon Smart Skills Initiative APPLICATION PA PRINCIPAL PARTNER

Digital Preservation Policy

Transcription:

FIPPs Fair Information Practice Principles T H E G O L D S TA N DA R D F O R P R OT EC T I N G P E R S O N A L I N F O R M AT I O N

Learning Objectives Recognize the Fair Information Practice Principles (FIPPs). Demonstrate an understanding of FIPPs by linking principles and practices. Accurately apply FIPPs to scenarios involving the collection, use, disclosure, and protection of personal information.

Introduction Today we purchase just about everything online clothes, airline tickets, books, to name a few. We use social networks to keep in touch with friends, family, and business associates. We give companies our credit card numbers to buy goods and services; we share our emails with everyone. Increasingly, we want to know: How is my information being used? With whom is it being shared? How is it being protected from unauthorized use and disclosure?

A little history With the proliferation of computers in the 1970 s, organizations began collecting personal information on a grand scale. There were few rules for protecting this electronically captured personal information. In 1974, as part of the Privacy Act, the government defined Fair Information Practice Principles (FIPPs). Although these principles are not in themselves law, they form the backbone of privacy law in the United States.

FIPPs today Since then, FIPPs have become the gold standard for protecting personal information. These tried and true principles provide the terms and conditions by which we collect, use, and retain personal information.

Valuing privacy at Berkeley At UC Berkeley, we have a long legacy of protecting the privacy of our students, faculty, and staff. The free flow of information is essential to our mission to openness and creativity in teaching and research. When personal information is involved, we are responsible for keeping it safe and secure.

Privacy awareness FIPPs guide us to ask questions about how we handle personal information: Has this person been informed about and consented to our privacy practices? Is this student s personal information properly protected from unauthorized use and disclosure? Do I need this personal information to do my job?

The Five Principles Transparency Accountability Choice Information Protection Information Review and Correction

Transparency Transparency Accountability Choice Information Protection Information Review and Correction

Transparency The Transparency principle promises openness and honesty about the information we collect, use, and retain. In other words, we promise users there will be no secret data collection.

Transparency One way organizations achieve transparency is to disclose their practices in a Privacy Statement, which states, for example: We will only collect and use your information to complete the following transactions. Before we use your information for any other purpose, we will ask your permission.

Transparency Transparency requires that organizations inform customers about their practices and gain consent before collecting or using personal information.

Transparency and Privacy Statements Privacy Statements (including those at Berkeley) are largely based on FIPPs. They outline: the purpose of the collection of personal information how that information will be used and protected whether it will be shared with others; if so, with whom and for what purpose how long it will be retained and the manner of disposal

Transparency and Privacy Statements Privacy Statements should be clearly posted on websites, giving users a choice whether or not to disclose personal information.

Choice Transparency Accountability Choice Information Protection Information Review and Correction

Choice Transparency and choice go hand in hand. Privacy Statements make privacy practices transparent, giving people the information they need to make informed choices about whether or not to disclose personal information.

Choice Organizations need an individual s consent before collecting personal information. Consent must be for a specific purpose, such as for enrolling a student or for purchasing a book. If organizations want to use personal information for any other purpose, such as to put people on their mailing lists, they must obtain consent.

Information Review and Correction Transparency Accountability Choice Information Protection Information Review and Correction

Information Review and Correction The next FIPPs principle, Information Review and Correction, establishes that individuals should have the right to review and correct personal information.

Information Review and Correction To ensure data is correct and current, organizations need to provide users access to that information. If direct access is not possible, then organizations need to provide a means for reporting inaccuracies.

Information Protection Transparency Accountability Choice Information Protection Information Review and Correction

Information Protection Information Protection ensures that personal information is only used and disclosed under the terms of consent. In subscribing to this principle, organizations promise to protect the quality and integrity of personal information.

Information Protection Organizations protect personal information by: incorporating FIPPs into their systems and processing obtaining information from reputable sources the best source is always the individual only accessing personal information on a need to know basis conducting regular audits scrubbing files to ensure they are accurate, relevant, and timely At Berkeley, we conduct spot check audits to ensure the quality and integrity of personal data.

Accountability Transparency Accountability Choice Information Protection Information Review and Correction

Accountability The Accountability principle holds organizations accountable for complying with FIPPs. This training is part of UC Berkeley s ongoing effort to be accountable. Reporting potential misuses of personal information is another way we hold ourselves accountable. If you suspect that personal protections have been violated, report potential abuses to your supervisor or campus Privacy Officer.

Let s review Transparency promises openness and honesty; no secret data collection. One way organizations achieve transparency is to disclose their practices in a Privacy Statement. Choice gives users a choice whether or not to disclose personal information. Information Review and Correction grants users access to their personal information and the opportunity to report anything that they think is incorrect.

Let s review Information Protection ensures that personal information is only used and disclosed under the terms of consent. Organizations promise to protect the quality and integrity of personal information. Accountability holds organizations accountable for complying with FIPPs. Broadly incorporating FIPPs into campus privacy practices is part of assuming accountability.

Some examples The following examples illustrate the importance of understanding and applying FIPPs. In some of the following situations, people do the right thing. Others illustrate how a failure to comply with FIPPs can have adverse consequences.

Transparency Transparency promises openness and honesty; no secret data collection. One way organizations achieve transparency is to disclose their practices in a Privacy Statement. You have been asked to launch a new website for your unit. You want to adhere to the principle of transparency. In your Privacy Statement, you are specific about what type of information you plan to collect and the purposes for which it will be used and disclosed. But you need to make sure that you have covered all the bases.

Transparency Refer to the Privacy Statement for UC Berkeley Websites policy. At Berkeley, Privacy Statements must adhere to the principles and practices outlined in this policy. In addition you may want o make sure your supervisor and Privacy Officer review your Privacy Statement. Also ensure that systems and processes have built in proper protections.

Choice Choice gives users a choice whether or not to disclose personal information. David wants to buy a book for a class and finds an online company that offers the best price. He wants to make only this one transaction. The company s Privacy Statement mentions his email address may be added to the company s mailing list in order to be notified of future offers. David knows this will result in a lot of unwanted email. He selects the option No when asked if he wants to receive promotional emails.

Choice Many UC policies and practices are based on choice. For example, a student who doesn t want personal information collected electronically may request another method of collection. Alumni and donors email addresses may not be added to mail lists without their consent. Whenever possible, we give the campus community a choice about how their personal information will be used.

Information Review and Correction Information Review and Correction grants users access to personal information and the opportunity to report anything they think is incorrect. Chris has been under treatment at a medical facility. The medical staff have tried several medications to treat him; some were effective, some were not. He s moving to a new town and wants to make sure all of his records are correct before he moves. He asks to see his medical records and discovers that one of the medications he stopped taking months ago is still listed as current. He requests that his record be updated. Under the FIPPs principle, Information Review and Correction, Chris has the right to access and correct his record.

Information Protection Information Protection ensures that personal information is only used and disclosed under the terms of consent. Organizations promise to protect the quality and integrity of personal information. A man gets a divorce and moves to a new city. He sets up a new email address and bank account. Although he informs the organizations he does business with of these changes, his records are not updated in a timely manner. He discovers his personal information, much of it very sensitive, is still being sent to his ex-wife. In this example, his personal information has not been properly protected; the quality and integrity of his personal data has been compromised.

Accountability Accountability holds organizations accountable for complying with FIPPs. Berkeley holds itself accountable for complying with FIPPs by broadly incorporating FIPPs into campus privacy practices and daily operations. Our Privacy Office assumes accountability by providing FIPPs training and investigating potential misuses of personal information.

Accountability Accountability holds organizations accountable for complying with FIPPs. Berkeley holds itself accountable for complying with FIPPs by broadly incorporating FIPPs into campus privacy practices and daily operations. Our Privacy Office assumes accountability by providing FIPPs training and investigating potential misuses of personal information.

Summary FIPPs benefit both organizations and individuals. FIPPs ensure that individuals have choices about how their personal information is used. Organizations use FIPPs to guide decisions and actions around the collection, use, disclosure, and retention of personal information. At Berkeley, many of our privacy policies and practices stem from FIPPs.

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback