Skip to Content

Fair Information Practices

This formulation of a code of fair information practices is derived from several sources, including codes developed by the Department of Health, Education, and Welfare (1973), Organization for Economic Cooperation and Development (1980), and the Council of Europe (1981).

HEW Code of Fair Information Practices

In 1972, Elliot L. Richardson, then Secretary of the U.S. Department of Health Education and Welfare (HEW), appointed an Advisory Committee on Automated Personal Data Systems to explore the impact of computerized record keeping on individuals. In the committee’s report, published a year later, the Advisory Committee proposed a Code of Fair Information Practices. These principles formed the basis for all subsequent codes and laws related to information collection, especially the Privacy Act of 1974.

PPSC Fair Information Practices

Created by the Privacy Act of 1974, the Privacy Protection study Commission released its final report in July 1977, entitled “Personal Privacy in an Information Society.” The report recommended a series of information practices to protect the privacy of industry-specific records.

OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data

In September 1980, the Organization for Economic Co-operation and Development (OECD) adopted a series of guidelines designed to harmonize national privacy legislation without interrupting the free flow of information between borders. The guidelines are broken down into eight principles which cover the collection, security, and primary and secondary uses of the data. These principles have become the baseline for evaluating privacy and data protection initiatives.

EU Data Protection Directive

In 1995, the Directive on the Protection of Personal Data was formally adopted by the Council of Ministers of the European Union. The Directive granted data subjects a number of important rights including the right of access to personal data, the right to know where the data originated (if such information is available), the right to have inaccurate data rectified, a right of recourse in the event of unlawful processing, and the right to withhold permission to use data in certain circumstances — for example, individuals have the right to opt-out free of charge from being sent direct marketing material.

The EU Data Protection Directive has forced the United States government and industry leaders to carefully reexamine the U.S. privacy policies. In May of 2000, the EU Member States voted unanimously to approve the U.S. proposed safe harbor principles, which are designed to enable corporations to run multinational operations and meet the EU standard for adequate privacy protection. In July of 2000, despite privacy protection concerns raised by the European Parliament, the European Commission declared its final approval of the agreement.

Summary and text of the EU Data Protection DirectiveBriefing materials on the EU Directive