Sign in Subscribe
2 min read Cybersecurity

The Fair Information Practice Principles Act

The Fair Information Practice Principles (FIPP) is designed to apply to any situation involving handling information about people. This acts as a framework to guide federal and international laws regarding data protection and information management (FPC.Gov, n.d.).

FIPP is derived from meeting the requirements of the Privacy Act of 1974. The Privacy Act of 1974 is the primary driver behind federal privacy law. This applies to any records maintained by the federal government about U.S. citizens or lawful permanent residents (Privacy Act, 2024). While the Privacy Act of 1974 protects citizens and lawful residents, adding non-resident aliens and possibly undocumented persons residing in the United States may be worth adding to an amended version. However, FIPP is primarily applied to government agencies, although businesses have been encouraged to adopt their recommendations.

FIPP is designed to promote consideration of transparency in government information handling by focusing on several specific areas. (Performance, 2022).

FIPP requires that agencies are transparent about PII practices and policies and clearly explain how they handle PII. This is intended to ensure that data subjects understand their rights and what providing consent means.

FIPP also requires that individuals be involved in handling their own PII. This generally means that individuals provide consent, but it also requires provision for allowing individuals to conduct privacy inquiries, request privacy data deletion, and file complaints.

Another requirement is that agencies are only to handle PII that they have the authority to manage as required for their government function. This is meant to ensure that scope creep prevents agencies from exceeding their jurisdiction for privacy data collection.

Agencies must provide an explicit purpose for handling PII and ensure that PII is only handled in the way authorized at the time of collection.

Agencies shall minimize the collection of PII to the minimum amount required for accomplishing the legally obligation tasks of the agency.

Agencies should collect accurate and timely information to protect the principle. This ensures that the data being gathered is relevant and does not incorrectly portray the individual who is the subject of the data collection. Misrepresenting an individual could lead to harm, especially for public figures who suffer a data breach.

Agencies shall provide access and amendment to PII. This meets earlier requirements to allow for individuals to be involved with data but explicitly requires that individuals can modify data if they disagree with it.

Agencies shall ensure that agencies secure PII to prevent inadvertent disclosure, loss, destruction, or dissemination. This prevents privacy harm by ensuring proper lifecycle control of data.  

Agencies are accountable to federal requirements and must have clearly defined roles for employees and contractors handling PII. This works to minimize exposure to PII.

FIPP has been recently criticized for being archaic and ineffective at dealing with modern privacy risks. Because FIPP principles heavily drive privacy impact assessments, PIAs sometimes are less effective because they do not consider contemporary issues such as cyberstalking or sharing embarrassing information on social media. FIPP has also been similarly criticized for lacking the ability to contextualize morally objectionable privacy data collections (Issues, 2021).

FIPP does not follow a standardized release model. Instead, it follows a set of reports and guidelines associated with the original FIPPS document. The last major update was issued in 2000 in a report to Congress (Pitofsky et al., n.d.). Additional recommendations were provided in 2012 through another report delivered to Congress. These reports differ because the 2000 update was primarily a status report, whereas the 2012 report was oriented more toward business practice recommendations.

References:

FPC.gov. (n.d.). Retrieved February 10, 2024, from https://www.fpc.gov/resources/fipps/

Issues. (2021, December 20). Time to Modernize Privacy Risk Assessment. Issues in Science and Technology. https://issues.org/modernize-privacy-risk-assessment-fipps/

Performance, S. S. and (Director). (2022, January 24). FPC Fair Information Practice Principles. https://vimeo.com/669614456

Pitofsky, R., Anthony, S. F., Thompson, M. W., Swindle, O., & Leary, T. B. (n.d.). Federal Trade Commission. PRIVACY ONLINE.

Privacy Act. (2024, January 25). U.S. Department of the Treasury. https://home.treasury.gov/

 

 

Published by:

Tyler Hardy

You might also like...

Sep
12

Privacy Harms of Appropriation

Appropriation is described by both Solove and tort law as the “use or benefit the name or likeness of another”
2 min read
Sep
06

NIST Cybersecurity Framework v2

In early 2024, the National Institute of Standards and Technology (NIST) unveiled a major overhaul to their flagship cybersecurity framework.
2 min read
Aug
21

Augmented Reality Privacy Challenges

Augmented and extended reality devices pose unique privacy challenges in a rapidly changing industry. With new products such as Meta’
2 min read
Aug
10

Data Privacy by Design

In 2013, Dr. Ann Cavoukian, Ontario's Information and Privacy Commissioner, presented a presentation titled “Avoiding Privacy by Disaster”
3 min read
Jul
08

American Privacy Rights Act

On April 7th, 2024 a House Committee on Energy and Commerce released draft legislation for a sweeping reform to United
2 min read

Member discussion