APPENDIX I

TEN PRINCIPLES OF PRIVACY PROTECTION

  1. Be accountable
    Establish policies and responsibilities
  2. Identify Purposes
    Explain why information is collected and used
  3. Obtain consent
    for information collection, use and disclosure
  4. Limit collection
    Only gather information required for identified purposes
  5. Limit use, disclosure and retention
    Destroy data when no longer required
  6. Ensure Accuracy
    Keep frequently use information up-to-date
  7. Safeguard security
    Keep sensitive information secure, control access
  8. Be open
    Communicate policies and practices
  9. Provide access
    Enable member/employee access to their records
  10. Challenge Compliance
    Invite feedback, quickly investigate and resolve complaints