ABSTRACT
A large number of discussions, held in academic, government, and private venues over the past two decades, have resulted in generally recognized privacy principles originally recognized in U.S. statutes in the 1970s. For purposes of this text, the core principles rst published by the U.S. Department of Commerce in 1998,1 as amended with input from several sources, including the State of California and the Center for Democracy and Technology, deserve mention.2 Based on considerable legal analysis and debate by privacy advocates, these principles are withstanding the test of time and litigation. It should be noted that U.S. law lacks the privacy rights set out in Canadian, European, and Asian laws. Therefore, the principles represent useful guidelines for the proper collection and use of Internet information about individuals. The principles are
1. Notice to individuals when personally identiable information is collected (awareness)
2. Limits on use and disclosure of data for purposes other than those for which the data were collected (choice)
3. Limitations on the retention of data 4. Requirements to ensure the accuracy, completeness, and timeli-
ness of information
5. The right of individuals to access information about themselves 6. The opportunity to correct information or challenge decisions
made, based on incorrect data (recourse) 7. Appropriate security measures to protect the information against
abuse or unauthorized disclosure (data security) 8. Redress mechanisms for individuals wrongly and adversely
affected by the use of personally identiable information (enforcement, verication, and consequences)
The U.S. government has established presidentially approved adjudicative guidelines for eligibility for access to classied information.3 Currently, federal practices include notice, consent, verication, appeal, correction, and condentiality, which directly conform to the privacy principles cited. In over forty-two years of involvement at various levels, from background investigators to overseers in the federal agencies and National Security Council, I have observed a passionate dedication, in professionals involved in security, investigative, intelligence, and adjudicative work, to the rule of law, fair play, and the privacy principles listed. Since the adjudicative guidelines contain both behaviors of concern and mitigating factors to be considered in a determination of eligibility for access to classied information, they represent well-established benchmarks for any employer with a need to protect valuable intellectual property in the workplace.
