|
| Principle | Practice/Meaning |
| Collection limitation | Collect the minimum amount of information that is needed for the relationship or transaction at issue— —By lawful and fair means. —With the knowledge and consent of the individual. |
| Data quality | Information should be relevant, accurate, timely, and complete. |
| Purpose specification | Use of data should be specified at the time that data are collected. |
| Use limitation (restriction on secondary uses) | Data should only be used for the specific purpose for which they are collected and for which the individual understands they will be used, except under two conditions: —With the prior consent of the individual, and —With the appropriate legal authority. |
| Security | The integrity of the information and the system should be maintained to ensure against loss, destruction, unauthorized access, modification, unauthorized use, or disclosure. |
| Openness/notice | There should be no secret data systems. People should be able to ascertain the existence of data systems and their purposes and uses. |
| Individual participation | An individual has rights to —Know if he or she is a subject of a system, —Access information about him- or herself, —Challenge the quality of that information, and —Correct and amend that information. |
| Accountability | The organization collecting and using information can be held responsible for abiding by these principles through: —Enforcement and/or —Redress. |
 |