Scribd Logo
Upload

Welcome to Scribd!

  • OECD, GAPP, PIPEDA and UK Data Protection Act: 3. Privacy Principles

    Uploaded by

    Krishnanjali Vu
    27 views5 pages
    The document discusses several privacy principles and frameworks, including those from the OECD, GAPP, PIPEDA, and UK Data Protection Act. The OECD principles focus on collection limitation, data quality, purpose specification, use limitation, security safeguards, openness, individual participation, and accountability. GAPP principles are based on OECD guidelines and address management, notice, choice and consent, collection, use, retention, disclosure, security, quality, and monitoring/enforcement. PIPEDA covers personal privacy for private organizations in Canada, and defines personal information. The UK Data Protection Act strengthens protection of sensitive personal data.

    Original Description:

    Original Title

    Privacy Principles

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses several privacy principles and frameworks, including those from the OECD, GAPP, PIPEDA, and UK Data Protection Act. The OECD principles focus on collection limitation, data quality, purpose specification, use limitation, security safeguards, openness, individual participation, and accountability. GAPP principles are based on OECD guidelines and address management, notice, choice and consent, collection, use, retention, disclosure, security, quality, and monitoring/enforcement. PIPEDA covers personal privacy for private organizations in Canada, and defines personal information. The UK Data Protection Act strengthens protection of sensitive personal data.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    27 views5 pages

    OECD, GAPP, PIPEDA and UK Data Protection Act: 3. Privacy Principles

    Uploaded by

    Krishnanjali Vu
    The document discusses several privacy principles and frameworks, including those from the OECD, GAPP, PIPEDA, and UK Data Protection Act. The OECD principles focus on collection limitation, data quality, purpose specification, use limitation, security safeguards, openness, individual participation, and accountability. GAPP principles are based on OECD guidelines and address management, notice, choice and consent, collection, use, retention, disclosure, security, quality, and monitoring/enforcement. PIPEDA covers personal privacy for private organizations in Canada, and defines personal information. The UK Data Protection Act strengthens protection of sensitive personal data.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    3.

    Privacy Principles: OECD, GAPP, PIPEDA and UK Data Protection Act

    Healhcare Core Privacy principles: Notice/Awareness, Choice/Consent, Access/Participation, Integrity/Security,


    and Enforcement/Redress.

    The Organisation for Economic Co-operation and Development (OECD)


    • Intergovernmental economic organization, with 38 member countries, founded in 1961.
    • Principles are found federal law in Part Two, paragraphs 7 though 14 of Annex to the Recommendation of the Council
    of 23rd September 1980: Guidelines Governing The Protection of Privacy and Transborder Flows of Personal Data.

    1.Collection Limitation Principle


    2.Data Quality Principle
    3.Purpose Specification Principle
    4.Use Limitation Principle
    5.Security Safeguards Principle
    6.Openness Principle
    7.Individual Participation Principle
    8.Accountability Principle
    1. Collection Limitation Principle: Should be limits to the collection of personal data with lawful and fair.
    2. Data Quality Principle: Personal data should be relevant, accurate, complete and kept up-to-date.
    3. Purpose Specification Principle: The purposes for which personal data are collected should be specified.
    4. Use Limitation Principle: Personal data should not be disclosed, made available.
    5. Security Safeguards Principle: Personal data should be protected by reasonable security safeguards against such
    risks as loss or unauthorised access, destruction, use, modification or disclosure of data.
    6. Openness Principle: Should be a general policy of openness about developments, practices and policies with
    respect to personal data.
    7. Individual Participation Principle: An individual should have the right:
     Reasonable time.
     No charge.
     Reasonable manner.
    8. Accountability Principle: A data controller should be accountable for complying with measures which give effect to
    the principles stated above.
    Generally Accepted Privacy Principles (GAPP)

    Rooted the principles from e OECD and ISO guidance. Personal information is collected, used,
    retained, and disclosed.

    Generally accepted privacy principles:


    • Management: The entity defines, documents, communicates, and assigns accountability for its privacy policies and
    procedures.
    • Notice: The entity provides notice about its privacy policies and procedures and identifies.
    • Choice and consent: The entity describes the choices available to the individual and obtains implicit or explicit consent.
    • Collection: The entity collects personal information only for the purposes identified in the notice.
    • Use, retention, and disposal: The entity limits the use of personal information.
    • Access: The entity provides individuals with access to their personal information for review and update.
    • Disclosure to third parties: The entity discloses personal information to third parties only for the purposes identified.
    • Security for privacy: The entity protects personal information against unauthorized access (both physical and logical).
    • Quality: The entity maintains accurate, complete, and relevant personal information for the purposes identified in the
    notice.
    • Monitoring and enforcement: The entity monitors compliance with its privacy policies and procedures.
    Personal Information Protection and Electronic Documents Act (PIPEDA)

    Federal privacy law for private-sector organizations in Canada. Objectives of PIPEDA are Personal
    information, coverage, complaints, principles.

    WHAT IS COVERED?

    Under PIPEDA the following can be considered personal information:

    • Age, name, ID numbers, income or financial information


    • Race, national, or ethnic origin
    • Marital status
    • Blood type
    • Medical, education or employment history
    • DNA
    • Social insurance number or driver’s license.
    • Opinions, evaluations, comments, social status, or disciplinary actions.
    • Employee files, credit records, loan records, medical records, existence of a dispute between a consumer and a
    merchant, intentions (for example, to acquire goods or services, or change jobs).
    • Social insurance number or driver’s license.
    UK Data Protection Act
    The Data Protection Act 2018, it’s controls how your personal information is used by
    organisations, businesses or the government.

    Stronger legal protection for sensitive information, such as:


    • Race
    • Ethnic background
    • Political opinions
    • Religious beliefs
    • Trade union membership
    • Genetics
    • Biometrics (where used for identification)
    • Health
    • Sex life or orientation

    You might also like