Fair Information Practice Principles
FRTIB’s privacy program adheres to the Fair Information Practice Principles (FIPPs). The Agency has incorporated the following principles in several Agency-wide processes to evaluate information systems, processes, programs, and activities that impact individual privacy. The FIPPs include:
- Access and Amendment — Individuals are provided with appropriate access to PII and the opportunity to correct or amend PII.
- Accountability — FRTIB monitors audits, and documents compliance with the FIPPs through a number of processes, including but not limited to the PTA/PIA and SORN processes. Additionally, FRTIB has incorporated key privacy requirements into the Agency’s Rules of Behavior, which are enforced through a process that can include discipline, to strengthen accountability.
- Authority — FRTIB limits the PII that it creates, collects, uses, processes, stores, maintains, disseminates, and discloses to what is directly relevant and necessary to accomplish the legally authorized purpose. FRTIB ensures that the appropriate authorities are documented in the appropriate notices.
- Minimization — FRTIB creates, collects, uses, processes, stores, maintains, disseminates, and discloses PII that is directly relevant and necessary to accomplish the legally authorized purpose. The PII is maintained for as long as is necessary to accomplish the purpose.
- Quality and Integrity — FRTIB creates, collects, uses, processes, stores, maintains, disseminates, and discloses PII with the accuracy, relevance, timeliness, and completeness as is reasonably necessary to ensure fairness to the individual.
- Individual Participation — Individuals are involved in the process of using PII and, to the extent practicable, individual consent is granted for the creation, collection, use, processing, storage, maintenance, dissemination, or disclosure of PII. Individuals may address concerns or complaints to FRTIB’s SAOP.
- Purpose Specification and Use Limitation — FRTIB provides notice of the specific purposes for which PII is collected and only use, process, store, maintain, disseminate, and disclose PII for the purpose explained in the notice.
- Security — FRTIB ensures that administrative, technical, and physical safeguards are established to protect PII commensurate with the risk and magnitude of the harm that would result from its unauthorized access, use, modification, loss, destruction, dissemination, and disclosure.
- Transparency — FRTIB provides clear and accessible notice regarding the creation, collection, use, processing, storage, maintenance, dissemination, and disclosure of PII.