The Organization for Economic Cooperation and Development (OECD) established the following guidelines for ethical computing:

  • Collection Limitation Principle affirms that there should be limits on the gathering of personal data, and any such data should be obtained by lawful and justified means and, where appropriate, with the knowledge or consent of the data subject.
  • Data Quality Principle affirms that personal data should have relevance to the purposes for which they are to be used, and to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.
  • Purpose Specification Principle affirms that the purposes for the collection of personal data be specified not after the time of data collection and the subsequent use limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose.
  • Use Limitation Principle affirms that personal data should not be disclosed, made accessible, or otherwise used except with the consent of the data subject, or by the authority of the law.
  • Security Safeguards Principle affirms that personal data should be protected by sound security safeguards against such risks as loss or unauthorized access, destruction, use, modification, or disclosure of data.
  • Openness Principle affirms that there should be a policy of openness about developments, practices, and policies with respect to personal data. Methods should be readily available to establish the existence and nature of personal data and the main purposes of their use, as well as the identity and usual residence of the data controller.
  • Individual Participation Principle states that an individual should have the right:
    • To obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him.
    • To have communicated to him data relating to him within a reasonable time at a charge, if any, that is not excessive:
      • In a reasonable manner.
      • In a form that is readily intelligible to him.
    • To be given reasons if a request is denied, and to be able to challenge such denial.
    • To challenge data relating to him and, if the challenge is successful to have the data erased, rectified, completed or amended.
  • Accountability Principle affirms that a data controller should be accountable for complying with measures that give effect to the principles stated above.
  • Transborder Issues affirms that a member country should abstain from restricting transborder transmissions of personal data between itself and another member country except where the latter does not yet accordingly observe these guidelines or where the re-export of such data would bypass its domestic privacy legislation. A member country can also enforce restrictions in respect of certain categories of personal data for which its domestic privacy legislation includes specific regulations in view of the nature of that data and for which the other member country provides no equivalent protection.

Start learning with Cybrary

Create a free account

Related Posts

All Blogs