●●●●● Ten Principles of Privacy ●●●● ●●0 ●●● ●●●● ● Limited Use The database shall run only those queries that are consistent with the purposes for which the information has been collected Example If data was collected for purpose of treatment then a query asking for the data for a purpose like drug marketing will not be entertained
11 Ten Principles of Privacy ⚫ Limited Use ⚫ The database shall run only those queries that are consistent with the purposes for which the information has been collected. ⚫ Example : If data was collected for purpose of treatment then a query asking for the data for a purpose like drug marketing will not be entertained
●●●●● Ten Principles of Privacy ●●●● ●●0 ●●● ●●●● ● Limited disclosure o The personal information stored in the database shall not be communicated outside the database for purposes other than those for which there is consent from the donor of the information Example: A donor can give consent for releasing his medical information for research purposes but not for marketing purposes
12 Ten Principles of Privacy ⚫ Limited Disclosure ⚫ The personal information stored in the database shall not be communicated outside the database for purposes other than those for which there is consent from the donor of the information. ⚫ Example: A donor can give consent for releasing his medical information for research purposes but not for marketing purposes
●●●●● Ten Principles of Privacy ●●●● ●●0 ●●● ●●●● ● Limited retention e Personal information shall be retained only as long as necessary for the fulfillment of the purposes for which it has been collected Example: The medical history of a patient can only be retained for a period of 2 months after the patient has been treated unless the patient has given consent to release his information for research
13 Ten Principles of Privacy ⚫ Limited Retention ⚫ Personal information shall be retained only as long as necessary for the fulfillment of the purposes for which it has been collected. ⚫ Example: The medical history of a patient can only be retained for a period of 2 months after the patient has been treated unless the patient has given consent to release his information for research
●●●●● Ten Principles of Privacy ●●●● ●●0 ●●● ●●●● ● Accuracy Personal information stored in the database shall be accurate and up-to-date. Example: Consider a scenario when a physician gives wrong medication to a patient due to outdated medical information about the patient stored in the database . Not a good idea o
14 Ten Principles of Privacy ⚫ Accuracy ⚫ Personal information stored in the database shall be accurate and up-to-date. ⚫ Example: Consider a scenario when a physician gives wrong medication to a patient due to outdated medical information about the patient stored in the database…Not a good idea ☺
●●●●● Ten Principles of Privacy ●●●● ●●0 ●●● ●●●● ● Safety Personal information shall be protected by security safeguards against theft and other misappropriations. Example: a person must not be able to masquerade as a company employee and steal all the user data, for his own organization
15 Ten Principles of Privacy ⚫ Safety ⚫ Personal information shall be protected by security safeguards against theft and other misappropriations. ⚫ Example: A person must not be able to masquerade as a company employee and steal all the user data, for his own organization