Comparison of International Privacy Concepts 


    Key to international privacy conceptsThe table below presents a comparison of privacy concepts set out in some domestic and international privacy regulations, laws, and guidelines in relation to Generally Accepted Privacy Principles. This is for illustrative purposes only and not meant to be comprehensive. Column 1 lists the 10 principles of Generally Accepted Privacy Principles. Columns 2 through 9 lists the significant principles discussed in specific laws and regulations. The "Key to Column and Source," that follows the table identifies the source of each law and regulation compared:

     

    Key to Column and Source

    1. AICPA/CPA Canada Generally Accepted Privacy Principles, May 2009.
    2. Australia Privacy Act 1988, Privacy Act 1988, as amended, effective December 21, 2001.
    3. Canada Personal Information Protection and Electronic Documents Act (PIPEDA), also referred to as. Bill C-6, Second Session, Thirty-sixth Parliament, 48-49 Elizabeth II, 1999-2000, assented to April 13, 2000, effective January 1, 2001.
    4. EU Directive, European Union (EU), Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, October 24, 1995, effective October 25, 1998, as implemented in EU country-specific laws and regulations.
    5. OECD Guidelines, Organisation for Economic Cooperation and Development (OECD), Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data, September 23, 1980.
    6. U.S. FTC, Privacy Online: Fair Information Practices in the Electronic Marketplace, A Report to Congress, United States ( U.S.) Federal Trade Commission (FTC), May 2000.
    7. U.S. Safe Harbor, an agreement between the U.S. Department of Commerce and the European Commission's Internal Market Directorate, approved by the European Commission July 27, 2000, open for use November 1, 2000.
    8. U.S. United States Health Insurance Portability and Accountability Act of 1996 (HIPAA), Privacy Rule (compliance deadline April 16, 2003), Security Rule (compliance deadline April 21, 2005).
    9. U.S. Financial Services Modernization Act, also referred to as the Gramm-Leach-Bliley Act (GLBA), Title V – Privacy, Subtitle A, enacted November 12, 1999, effective November 13, 2000, Compliance by July 1, 2001. The Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, and Office of Thrift Supervision (collectively, the Agencies) published final Guidelines establishing standards for safeguarding customer information that implement sections 501 and 505(b) of GLBA.

    (1) Generally Accepted Privacy Principles

    (2) Australia
    Privacy Act

    (3) Canada
    PIPEDA

    (4) E.U.
    Directive

    (5) OECD Guidelines

    Management

     

    Accountability

    Notification

    Accountability

    Notice

    Openness

    Identifying Purposes, Openness

    Information to Be Given to the Data Subject

    Purpose Specification, Openness

    Choice and Consent

    Use and Disclosure

    Consent

    Criteria for Making Data Processing Legitimate, Data Subject's Right to Object

    Collection Limitation

    Collection

    Collection, Sensitive Information, Anonymity

    Limiting Collection

    Principles Relating to Data Quality, Exemptions and Restrictions

    Collection (including consent) Limitation

    Use, Retention, and Disposal 

    Identifiers, Use and Disclosure

    Limiting Use, Disclosure, and Retention

    Making Data Processing Legitimate,

    Special Categories of Processing,

    Principles Relating to Data Quality, Exemptions and Restrictions, The Data Subject's Right to Object

    Use Limitation (including disclosure limitation)

    Access

    Access and Correction

    Individual Access

    The Data Subject's Right of Access to Data

    Individual Participation

    Disclosure to Third Parties

    Use and Disclosure, Transborder Data Flows

    Limiting Use, Disclosure, and Retention

    Transfer of Personal Data to Third Countries

    Use Limitation (including disclosure limitation)

    Security for Privacy 

    Data Security

    Safeguards

    Confidentiality and Security of Processing

    Security Safeguards

    Quality

    Data Quality

    Accuracy

    Principles Relating to Data Quality

    Data Quality

    Monitoring and Enforcement

    Enforcement by the Office of the Privacy Commissioner

    Challenging Compliance

    Judicial Remedies, Liability and Sanctions, Codes of Conduct, Supervisory Authority and Working Party on the Protection of Individuals with Regard to the Processing of Personal Data

    Individual Participation (including challenging compliance)

     

    (1) Generally Accepted
    Privacy Principles

    (6) U.S. FTC

    (7) U.S. Safe Harbor

    (8) U.S. HIPAA

    (9) U.S. GLBA

    Management

     

     

    Administrative requirements

     

    Notice

    Notice

    Notice

    Notice

    Privacy and Opt Out Notices, Exceptions

    Choice and Consent

    Choice

    Choice

    Consent, Uses and Disclosures

    Privacy and Opt Out Notices

    Collection

     

    Data Integrity

     

     

    Use, Retention, and Disposal

     

    (Implied but not specified in the principles)

    Uses and Disclosures

    Limits on Disclosures

    Access

     

    Access

    Access

     

    Disclosure to Third Parties

     

    Onward Transfer

    Uses and Disclosures, Accounting of Disclosures

    Limits on Disclosures

    Security for Privacy

    Security

    Security

    Security Rule

    Security Guidelines mandated by section 501(b) of GLBA

    Quality

    Integrity

    Data Integrity

    Amendment

     

    Monitoring and Enforcement

    Enforcement

    Enforcement

    Compliance and Enforcement by the Department of Health and Human Services

    Enforcement by financial services industry regulators, the FTC, and SEC

     

    <

     

     




    A A A


     
    Copyright © 2006-2014 American Institute of CPAs.