What: Fair Information Principles also known as the Fair Information Practice Principles (FIPPs) is a set of standards to maintain privacy and security in a data-centric society. It was initially proposed under the 1973 US Gov report “Records, Computers and the Rights of Citizens” and revised under the FIPs principles in the 1977 report “Personal Privacy in an Information Society”. (R1)
Why: Personal data needs accountability standards to ensure that data is collected lawfully and protected in ways consistent with individual and societal norms whether said data is received directly or indirectly. Data accountability means that the organization collecting personal data has taken steps to “develop and implement privacy risk assessments, policies, processes and procedures that help enforce data usage rules that honor societal norms, respect user control, and ensure data is reasonably secure.” (R2)
Examples: Numerous compliance frameworks (COBIT, NIST) and governmental regulations (FISMA, HIPAA) have sought to protect personal data via precedents found in the FIPs model.
References:
(R1) https://en.wikipedia.org/wiki/FTC_fair_information_practice
(R2) Trustworthy Computing Next White Paper, Microsoft (2012)
https://www.privacyfirst.nl/aandachtsvelden/item/154-the-fair-information-principles-canada.html