Guidelines on the Protection of Privacy and Transborder Flows of Personal Data

Citation: OECD, Guidelines on the Protection of Privacy and Transborder Flow of Personal Data (Sept. 23, 1980)

The OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data contain a revised version of the Fair Information Practices developed by the U.S. Department of Health, Education & Welfare in its 1973 report titled Records, Computers, and the Rights of Citizens: Report of the Secretary’s Advisory Committee on Automated Personal Data Systems (1973).

The OECD version of the Fair Information Practices was reaffirmed by OECD ministers in a 1998 declaration and further endorsed in a 2006 OECD report. The OECD version of the principles states:

with the knowledge or consent of the individual.
 * Collection limitation. The collection of personal information should be limited, should be obtained by lawful and fair means, and, where appropriate,

which it is collected, and should be accurate, complete, and current as needed for that purpose.
 * Data quality. Personal information should be relevant to the purpose for


 * Purpose specification. The purposes for the collection of personal information should be disclosed before collection and upon any change to that purpose, and its use should be limited to those purposes and compatible purposes.

for other than a specified purpose without consent of the individual or legal authority.
 * Use limitation. Personal information should not be disclosed or otherwise used

security safeguards against risks such as loss or unauthorized access, destruction, use, modification, or disclosure.
 * Security safeguards. Personal information should be protected with reasonable


 * Openness. The public should be informed about privacy policies and practices, and individuals should have ready means of learning about the use of personal information.


 * Individual participation. Individuals should have the following rights: to know about the collection of personal information, to access that information, to request correction, and to challenge the denial of those rights.

information should be accountable for taking steps to ensure the implementation of these principles.
 * Accountability. Individuals controlling the collection or use of personal