Various laws and regulations have been enacted in different countries to protect an individual’s PII. These laws and regulations all embody – to various degrees – the following principles:
- Principle of Notice: Individuals must be given prior notice regarding the collection, use, and disclosure of their PII.
- Principle of Choice: Individuals must have the choice of opting out or opting in regarding the collection, use, and disclosure of their PII.
- Principle of Access: Individuals must be able to access – and correct if need – their PII.
- Principle of Security: Organizations storing, transmitting, and managing PII must take reasonable and appropriate measures to protect the PII data.
- Principle of Enforcement: Privacy policies and obligations must be enforced.