What are fair information practices FIP established by the Federal Trade Commission FTC )?

FIPs attempt to protect individual rights through three main mechanisms—notice, consent, and access.

Notice: The concept of Notice refers to providing information to consumers related to how an organization processes personal information. The scope of required notice, whether mandated by law or not, includes not only what information is collected from the data subject, but how the organization uses the data, who is entitled to access it (including third parties), and other similar considerations. Notice serves the larger goals of allowing consumers to make informed decisions and providing organizational accountability.

Consent: The concept of consumer Consent is another way of referring to providing consumers the ability to determine whether and/or how their personal information is collected, used, and retained by an organization. This includes making a determination of whether an organization has the authority to transfer personal information to third parties. Obtaining consumer consent may not be appropriate in every situation, as the 2012 FTC Report recognized. Where the option to consent is provided, however, that option should always be meaningful.

Consent may be express or implied, with certain types of data collection requiring express approval. Express, affirmative consent is sometimes referred to as "Opt-in" consent and requires an affirmative indication or act that provides consent to collect or use a person's information. The counterpart to this, "Opt-out" consent, is a passive form of acceptance that is implied by a person's conduct or actions, as well as the context of the transaction. The distinction between opt-in and opt-out consent is often an important concept to be aware of when reviewing applicable laws and regulations; some laws specifically require that a form of opt-in consent be obtained from a consumer before collecting or processing personal information, while other laws permit opt-out consent. Under the Telemarketing Sales Rule ("TSR"), for example, telemarketers are required to obtain opt-in consent before a telemarketer is permitted to play a pre-recorded message (as opposed to presenting a live human) to a consumer.

Access: Providing data subjects with Access to the information an organization processes about the individual is also as individual right afforded by most articulations of FIPs. Included in the right of access is the ability to update or correct inaccurate information. Some laws specifically require that organizations allow persons the ability to correct inaccurate information. For example, HIPAA's Privacy Rule mandates that consumers be provided the ability to amend their "personal health information" held by a covered entity, or alternatively, if the covered entity does not agree with the proposed changes, an individual may file a statement that must be included in the file and any future use or disclosure. The Federal Education Rights and Privacy Act of 1974 ("FERPA") provides a similar right with respect to student records.

What is the considered as fair information practices?

What are the 5 core elements created by the Fair Information Practice Principles?

What are the two core principles of the FTC Fair Information Practice Principles?

How many principles does FTC have?