[2] The FTC has been studying online privacy issues since 1995, and in its 1998 report,[3] the Commission described the widely accepted Fair Information Practice Principles of Notice, Choice, Access, and Security.
[1] The commission also identified Enforcement, the use of a reliable mechanism to provide sanctions for noncompliance as a critical component of any governmental or self-regulatory program to protect online privacy.
[1][4] Fair Information Practice was initially proposed and named[5] by the US Secretary's Advisory Committee on Automated Personal Data Systems in a 1973 report, Records, Computers and the Rights of Citizens,[6] issued in response to the growing use of automated data systems containing information about individuals.
The central contribution of the Advisory Committee was the development of a code of fair information practice for automated personal data systems.
[9] The OECD Guidelines, Council of Europe Convention, and European Union Data Protection Directive[10] relied on FIPs as core principles.
All three organizations revised and extended the original U.S. statement of FIPs, with the OECD Privacy Guidelines being the version most often cited in subsequent years.
Access/Participation[14] Access as defined in the Fair Information Practice Principles includes not only a consumer's ability to view the data collected, but also to verify and contest its accuracy.
The FTC identified three types of enforcement measures: self-regulation by the information collectors or an appointed regulatory body; private remedies that give civil causes of action for individuals whose information has been misused to sue violators; and government enforcement that can include civil and criminal penalties levied by the government.
[16] Currently the FTC version of the Fair Information Principles are only recommendations for maintaining privacy-friendly, consumer-oriented data collection practices, and are not enforceable by law.
[21] Additionally, the principles continue to serve as a model for privacy protections in newly developing areas, such as in designing Smart Grid programs.
[22] The Organisation for Economic Co-operation and Development (OECD) and European Union, among others, have adopted more comprehensive approaches to fair information practices.