IITF Policy

The following Privacy Principles outlined by the Privacy Working Group of the IITF are designed to apply to both industry and government collection of information. They were based upon the following beliefs about the unique nature of the electronic medium:

• consumers, government, and businesses have a shared responsibility for the fair and secure use of personal information
• the technology of the NII has the potential, as yet unexploited, to empower individuals to take steps to protect their personal information;
• openness about, and accountability for, the process of collecting and using personal information is crucial on the NII; but,
• openness and accountability will not be meaningful until consumers become educated about the ways in which their personal information is being used in cyberspace, and by whom.

The privacy principles also identify three values to govern the collection and dissemination of collected data -- information privacy, integrity and quality. In particular:

• A person's reasonable expectation on how information he or she provides is used and/or should be adhered to.
• Personal information should not be improperly altered or destroyed.
• Personal information should be accurate, up-to-date, and relevant to the purposes it was collected for.

Data gatherers have a number of responsibilities under the ITTF principles. Firstly, The Privacy Principles call on them to only gather data that is relevant to current or planned activities. Second, to assist a user in making an informed choice on whether or not to provide personal data, it is recommended that the organizations should disclose the following information;

• why they are collecting the information
• what they intend to do with the information
• what steps they are taking to protect the privacy and integrity of information collected
• the consequences of providing or not providing the requested information
• any rights the consumer has in terms of redress in the case of improper disclosure of personal information

However, the emphasis is not completely on the organisations in these Principles. An equal emphasis is placed on the user's duty to enure that these standards are adhered to by any organisation requesting information. It should also be kept in mind that protection of information privacy is not the only goal -- the free-flow of data must be preserved. The Privacy Principles merely state that a person's right to privacy, even when it conflicts with this aim, must be observed.