When evaluating Data Protection laws and enforcement appetite, one sometimes needs to refer to the 7 principles. These were agreed by the OECD in 1980 and I summarise them below.
- Notice, Data subjects should be given notice when their data is being collected.
- Purpose, Data should only be used for the purpose stated
- Consent, Data should not be disclosed without the data subject’s consent
- Security, Collected data should be kept secure from potential abuses
- Disclosure, Data subjects should be informed as to who is collecting their data