ABSTRACT
US and International Privacy Principles A large number of discussions, held in academic, government, and private venues over the past two decades, have resulted in generally recognized privacy principles originally incorporated in US statutes in the 1970s. For purposes of this text, the core principles first published in 1981 by the US Department of Commerce,1 as amended with input from several sources, including the state of California and the Center for Democracy and Technology, deserve mention.2 Based on considerable legal analysis and debate by privacy advocates, these principles are withstanding the test of time and litigation. It should be noted that US laws generally lack the privacy rights set out in Canadian, European, and Asian laws. Therefore, the principles represent useful guidelines for the proper collection and use of personally identifying information, including Internet information, about individuals. The principles are as follows:
1. Notice to individuals when personally identifiable information is collected (awareness)
2. Limits on use and disclosure of data for purposes other than those for which the data were collected (choice)
3. Limitations on the retention of data 4. Requirements to ensure the accuracy, completeness, and timeliness of information 5. The right of individuals to access information about themselves
6. The opportunity to correct information or challenge decisions made, based on incorrect data (recourse)
7. Appropriate security measures to protect the information against abuse or unauthorized disclosure (data security)
8. Redress mechanisms for individuals wrongly and adversely affected by the use of personally identifiable information (enforcement, verification, and consequences)
A Consumer Privacy Bill of Rights drafted and announced in 2013 by the White House3 was a nonstarter in Congress, but it illustrated that there is some support for incorporating the principles outlined into US statutes. The US Government (USG) has established presidentially approved Adjudicative Guidelines for Determining Eligibility for Access to Classified Information (latest edition 2006, 32 CFR Part 147),4 which have existed in substantially the same form since President William Clinton signed them into effect in an executive order (EO) in August 1995. Currently, federal practices include notice, consent, verification, appeal, correction, and confidentiality, which directly conform to the privacy principles cited. In over 45 years of involvement at various levels, from conducting background investigations to overseeing security and counterintelligence in the federal agencies at the National Security Council, I have observed a passionate dedication-in professionals involved in security, investigative, intelligence, clearance, and adjudicative work-to the rule of law, fair play, and the privacy principles listed. Because the adjudicative guidelines contain both behaviors of concern and mitigating factors to be considered in a determination of eligibility for access to classified information, they represent well-established benchmarks for any employer with a need to protect valuable intellectual property in the workplace or ensure the trustworthiness of those hired or cleared.
