Comparison of International Privacy Concepts 


Key to international privacy conceptsThe table below presents a comparison of privacy concepts set out in some domestic and international privacy regulations, laws, and guidelines in relation to Generally Accepted Privacy Principles. This is for illustrative purposes only and not meant to be comprehensive. Column 1 lists the 10 principles of Generally Accepted Privacy Principles. Columns 2 through 9 lists the significant principles discussed in specific laws and regulations. The "Key to Column and Source," that follows the table identifies the source of each law and regulation compared:

 

Key to Column and Source

  1. AICPA/CPA Canada Generally Accepted Privacy Principles, May 2009.
  2. Australia Privacy Act 1988, Privacy Act 1988, as amended, effective December 21, 2001.
  3. Canada Personal Information Protection and Electronic Documents Act (PIPEDA), also referred to as. Bill C-6, Second Session, Thirty-sixth Parliament, 48-49 Elizabeth II, 1999-2000, assented to April 13, 2000, effective January 1, 2001.
  4. EU Directive, European Union (EU), Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, October 24, 1995, effective October 25, 1998, as implemented in EU country-specific laws and regulations.
  5. OECD Guidelines, Organisation for Economic Cooperation and Development (OECD), Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data, September 23, 1980.
  6. U.S. FTC, Privacy Online: Fair Information Practices in the Electronic Marketplace, A Report to Congress, United States ( U.S.) Federal Trade Commission (FTC), May 2000.
  7. U.S. Safe Harbor, an agreement between the U.S. Department of Commerce and the European Commission's Internal Market Directorate, approved by the European Commission July 27, 2000, open for use November 1, 2000.
  8. U.S. United States Health Insurance Portability and Accountability Act of 1996 (HIPAA), Privacy Rule (compliance deadline April 16, 2003), Security Rule (compliance deadline April 21, 2005).
  9. U.S. Financial Services Modernization Act, also referred to as the Gramm-Leach-Bliley Act (GLBA), Title V – Privacy, Subtitle A, enacted November 12, 1999, effective November 13, 2000, Compliance by July 1, 2001. The Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, and Office of Thrift Supervision (collectively, the Agencies) published final Guidelines establishing standards for safeguarding customer information that implement sections 501 and 505(b) of GLBA.

(1) Generally Accepted Privacy Principles

(2) Australia
Privacy Act

(3) Canada
PIPEDA

(4) E.U.
Directive

(5) OECD Guidelines

Management

 

Accountability

Notification

Accountability

Notice

Openness

Identifying Purposes, Openness

Information to Be Given to the Data Subject

Purpose Specification, Openness

Choice and Consent

Use and Disclosure

Consent

Criteria for Making Data Processing Legitimate, Data Subject's Right to Object

Collection Limitation

Collection

Collection, Sensitive Information, Anonymity

Limiting Collection

Principles Relating to Data Quality, Exemptions and Restrictions

Collection (including consent) Limitation

Use, Retention, and Disposal 

Identifiers, Use and Disclosure

Limiting Use, Disclosure, and Retention

Making Data Processing Legitimate,

Special Categories of Processing,

Principles Relating to Data Quality, Exemptions and Restrictions, The Data Subject's Right to Object

Use Limitation (including disclosure limitation)

Access

Access and Correction

Individual Access

The Data Subject's Right of Access to Data

Individual Participation

Disclosure to Third Parties

Use and Disclosure, Transborder Data Flows

Limiting Use, Disclosure, and Retention

Transfer of Personal Data to Third Countries

Use Limitation (including disclosure limitation)

Security for Privacy 

Data Security

Safeguards

Confidentiality and Security of Processing

Security Safeguards

Quality

Data Quality

Accuracy

Principles Relating to Data Quality

Data Quality

Monitoring and Enforcement

Enforcement by the Office of the Privacy Commissioner

Challenging Compliance

Judicial Remedies, Liability and Sanctions, Codes of Conduct, Supervisory Authority and Working Party on the Protection of Individuals with Regard to the Processing of Personal Data

Individual Participation (including challenging compliance)

 

(1) Generally Accepted
Privacy Principles

(6) U.S. FTC

(7) U.S. Safe Harbor

(8) U.S. HIPAA

(9) U.S. GLBA

Management

 

 

Administrative requirements

 

Notice

Notice

Notice

Notice

Privacy and Opt Out Notices, Exceptions

Choice and Consent

Choice

Choice

Consent, Uses and Disclosures

Privacy and Opt Out Notices

Collection

 

Data Integrity

 

 

Use, Retention, and Disposal

 

(Implied but not specified in the principles)

Uses and Disclosures

Limits on Disclosures

Access

 

Access

Access

 

Disclosure to Third Parties

 

Onward Transfer

Uses and Disclosures, Accounting of Disclosures

Limits on Disclosures

Security for Privacy

Security

Security

Security Rule

Security Guidelines mandated by section 501(b) of GLBA

Quality

Integrity

Data Integrity

Amendment

 

Monitoring and Enforcement

Enforcement

Enforcement

Compliance and Enforcement by the Department of Health and Human Services

Enforcement by financial services industry regulators, the FTC, and SEC

 

<

 

 




A A A


 
Copyright © 2006-2016 American Institute of CPAs.