Focusing public attention on emerging privacy and civil liberties issues

Guidelines for the Regulation of Computerized Personal Data Files

On December 14, 1990, the United Nations adopted General Assembly resolution 45/95. The resolution, Guidelines for the Regulation of Computerized Personal Data Files, set out Fair Information Practices for the use of personal data. The United Nations General Assembly recommended that governments incorporate the privacy guidelines into legislation and administrative regulations. The guidelines lay out the following ten principles to provide minimum guarantees of privacy protection for personal data.

  1. Principle of lawfulness and fairness: Demands fairness and lawfulness in the collection and processing of personal data.

  2. Principle of accuracy: Puts responsibility on the persons doing the data collection to ensure the data collected is accurate.

  3. Principle of the purpose-specification: Requires the purpose of the data collection to be transparent in order to ensure the data is used only for the specified purpose and that the data is only kept as long as it is needed to achieve the stated purpose.

  4. Principle of interested-person access: Guarantees the right to know that one’s data is being used and also guarantees access to that data in an intelligible form. It requires appropriate remedies to rectify unlawful, unnecessary, or inaccurate data.

  5. Principle of non-discrimination: Forbids the collection of data "likely to give rise to unlawful or arbitrary discrimination" safe for the exceptions under principle 6. Covered data includes "racial or ethnic origin, colour, sex life, political opinions, religious, philosophical and other beliefs as well as membership of an association or trade union."

  6. Power to make exceptions: Makes exceptions to Principle 5 for that which is "necessary to protect national security, public order, public health or morality . . . [and] the rights and freedoms of others . . ." as well as ". . . within the limits prescribed by the International Bill of Human Rights . . ." or other similar documents.

  7. Principle of security: Requires protection of the data from natural disasters and human dangers like theft or misuse.

  8. Supervision and sanctions: Requires the designation of an authority "responsible for supervising observance of the principles set forth above."

  9. Transborder data flows: Allows for free circulation of data between countries when those countries have "comparable safeguards for the protection of privacy."

  10. Field of application: Extends the applicability of the principles "to all public and private computerized files."