FIPPA sets out requirements that public
bodies must follow to protect the personal information that they hold. These requirements
embody the principles of ‘fair information practices’ which are increasingly
accepted around the world.
While fair information practices may
be formulated differently from one country or organization to another, they are based on
the following minimum standards:
Collection
Organizations must collect personal
information from the individual concerned, except in specified circumstances, and collect
only what is required.
Personal information collected for one
purpose cannot be used for another purpose, without the consent of the individual.
Disclosure
Personal information cannot be released to
another organization or individual, except in specified circumstances.
Information management
Records and data management procedures must
be followed to ensure that personal information is secure and not retained any longer than
necessary.
Individual access
An individual must be able to access his or
her own personal information and to correct or annotate this information.
Openness
Documentation about information management
policies and practices, as well as about personal information holdings, should be
available to the public and easily understandable.
Accountability
Organizations are accountable for their
personal information policies, practices and holdings. They shall designate an individual
who is responsible for the organization’s compliance with fair information practices.
Independent review
There should be an avenue of independent
review for individuals concerned about the personal information policies, practices or
holdings of an organization.
|