James S. Huggins' Refrigerator Door: Click here to go to my Home Page. oecd privacy principles; organization for economic co-operation and development privacy principles; qwerty
.
OECD Privacy D: Personal Data Privacy Goes International - - - The U-2, high altitude spy plane. My brother is a U-2 pilot. - - - original photo from an unknown source

OECD Privacy-D

Personal Data Privacy Goes International

 

What Is This Page?

This page is a discussion of my privacy policies, in accordance with the privacy principles established by the Organization for economic Cooperation and Development (OECD).

This page was developed, in part, through the use of the OECD Privacy Statement Generator located at cs3-hq.oecd.org/scripts/pwv3/pwhome.htm.

The resulting statement has been substantially edited both to fit the style and tone of this site as well as the secondary educational goals of this page.

In addition, all of the substance of these notices are also provided on my Privacy Statement page. But this OECDpage presents them in a slightly different order and a slightly different form.

Other Privacy Pages On My Site

General Privacy Page

The general privacy page provides an overview of all of my privacy policies. Although it is lengthy and thorough, I still think it is easy to read. You might even find a bit of humor if you look for it.

It also provides links to my specific privacy pages including:

CIPEATone

On Wednesday, 26.Jul.2000, Senators Spence Abraham, John McCain and John Kerry introduced the Consumer Internet Privacy enhancement Act (CIPEA). This proposed legislation never made it into the law. But I used the law as a model to construct a privacy statement which would comply. I did it as an exercise in learning more about privacy principles.

I have created a CIPEAprivacy disclosure page (which I call CIPEATone) to clarify the the notices proposed by CIPEA(Consumer Internet Privacy enhancement Act). All of the disclosures on the CIPEATone page are functional duplicates of disclosures on my privacy page, but they have been "organized" according to the structure of CIPEA. This page also provides background and impact information regarding CIPEA and links to other articles and resources for CIPEA.

COPPA Cabana

I have created a COPPA Privacy Disclosure page (which I call COPPA Cabana) to provide the notices required by COPPA (Children's Online Privacy Protection Act) related to information practices of this site regarding personal information and privacy of children. This page also provides background and impact information regarding COPPA and links to other articles and resources for COPPA.

What is this Site?

This site is my personal website.

I use this site to explore topics I'm interested in and to promote myself.

Where is this Site?

I am located in the United States of America. The web host for this site is also located in the United States of America.

What is OECD?

The OECDis a club of like-minded countries.

The 30 member countries participate in the organization to discuss, develop and perfect economic and social policy. They compare experiences, seek answers to common problems and work to co-ordinate domestic and international policies. Their exchanges may lead to agreements to act in a formal way - for example, by establishing legally-binding codes for free flow of capital and services, agreements to crack down on bribery or to end subsidies for shipbuilding. More often, their discussion serves to inform internal national work on areas of public policy and helps to clarify the impact of national policies on the international community.

It is rich, in that OECDcountries produce two thirds of the world's goods and services, but it is not an exclusive club. Essentially, membership is limited only by a country's commitment to a market economy and a pluralistic democracy. The core of original members has expanded from Europe and North America to include Japan, Australia, New Zealand, Finland, Mexico, the Czech Republic, Hungary, Poland and Korea.

You can learn more about OECDfrom their website at www.oecd.org.

Does OECD"Require" This Site to Post This Information?

No. But I post it because I am working to remain aware of privacy issues and posting this, and similar notices, helps me to explore the different concerns and ramifications of policies.

Thus, posting this information:

  1. Helps me to understand the OECDguidelines,
  2. May help others to understand the OECDguidelines,
  3. May help others to see how easy it is to comply, and
  4. Helps reinforce my commitment to privacy.

Where Can I See the Text of the OECD Privacy Guidelines?

The OECDhas established Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

(The prior link is for a "security restricted" version of the document.
An unrestricted version can be purchased here.)

That Is a Huge Document; Can You Summarize? What Does This Document Require?

The guidelines create seven Privacy Principles. These are:

  1. Collection Limitation
  2. Data Quality
  3. Purpose Specification
  4. Use Limitation
  5. Security Safeguards
  6. Openness
  7. Individual Participation

Collection Limitation Principle

"There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject".

[Paragraph 7 of the OECD Privacy Guidelines
See also paragraphs 50 - 52 of the explanatory Memorandum].

Data Quality Principle

"Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date"

[Paragraph 8 of the OECD Privacy Guidelines
See also paragraph 53 of the explanatory Memorandum].

Purpose Specification Principle

"The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose."

[Paragraph 9 of the OECD Privacy Guidelines
See also paragraph 54 of the explanatory Memorandum].

Use Limitation Principle

"Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with Paragraph 9 [Purpose Specification Principle] of the OECD Privacy Guidelines except: a) with the consent of the data subject; or b) by the authority of law."

[Paragraph 10 of the OECD Privacy Guidelines
See also paragraph 55 of the explanatory Memorandum].

Security Safeguards Principle

"Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data."

[Paragraph 11 of the OECD Privacy Guidelines
See also paragraph 56 of the explanatory Memorandum].

Openness Principle

"There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the Data Controller."

[Paragraph 12 of the OECD Privacy Guidelines
See also paragraph 57 of the explanatory Memorandum].

Individual Participation Principle

"An individual should have the right:

a) to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him;

b) to have communicated to him, data relating to him

  • within a reasonable time;
  • at a charge, if any, that is not excessive;
  • in a reasonable manner; and
  • in a form that is readily intelligible to him;

c) to be given reasons if a request made under subparagraphs (a) and (b) is denied, and to be able to challenge such denial; and

d) to challenge data relating to him and, if the challenge is successful to have the data erased, rectified, completed or amended."

[Paragraph 13 of the OECD Privacy Guidelines
See also paragraphs 58-61 of the explanatory Memorandum].

Accountability Principle

"A Data Controller should be accountable for complying with measures which give effect to the principles stated above."

[Paragraph 14 of the OECD Privacy Guidelines
See also paragraph 62 of the explanatory Memorandum].

What Is "Personal Data"?

The OECD Privacy Guidelines use "Personal data" in the broadest possible way. It includes "any information relating to an identified or an identifiable individual". Thus, it includes any kind of information once linked with an individual.

What "Personal Information" Does This Site Collect?

I offer three opportunities for people visiting my site to give me "personal information":

  1. Anyone can email me and tell me anything they want. Their email would include their email address. And it might include other "personal information".
     
  2. Anyone can sign up for my email/ezine lists (e.g.,  Snippets and TestZine), giving me their email address (which is "personal information")
     
  3. Anyone can sign my Guestbook, telling me anything they want (including "personal information").

I also collect information through the webserver (e.g., the referring URL), but that information is never associated with an individual and is not "personal information" for these purposes.

even though the webserver information is not considered "personal information" I discuss it on this page for completeness.

Information Collected By the Webserver

If you visit this site, the webserver will automatically collect:

  • your current TCP/IP address
     
  • The URL of the page that referred you to my site (this is called "referrer information")

Information Collected for email/ezine Lists

When you join any of my email/ezine lists (e.g., TestZine and TestZine and HEFS Bulletin), I keep your email address (because it really wouldn't make much sense to have an email/ezine list if I didn't keep your email address).

And I keep information necessary to provide an audit trail in order to comply with the CAN-SPAM Act of 2003.

Here is a list of Subscription Information that I keep for all email/ezine lists I host on my site using the Gammadyne Mailer system:

Personal and Status Information

  • Subscriber ID
    (your unique code assigned by the system)
  • Subscriber Status
    (whether you are subscribed or not; when you unsubscribe I mark you as unsubscribed, but keep you in the system to show history)
  • Subscriber Name
    (if you give me your name, I keep it; otherwise I have only your email address)
  • email address
  • Date/Time of the subscription request

Current Issue Information

  • Sent status
    (whether the current issue has been sent yet)

Subscription Process Information

  • Date/time of the original subscribe request
  • Date/time of the last subscribe date/time
  • Email address used for the subscription request
  • IP Address used for the subscription request
  • Whether the subscription came via web or email
  • Date/time of the subscription confirmation
  • Email Address used to confirm subscription
  • IP Address used to confirm the subscription

Unsubscription Process Information

  • Date/Time of an unsubscription request
  • Email address specified for the unsubscription
  • Whether the unsubscription came via web or email
  • Date/Time of the unsubscription confirmation
  • Email Address used to confirm unsubscription
  • IP Address used to confirm the unsubscription
  • Unsubscribe reason
    (e.g., by your request, because of bounces)

Pending Confirmation Information

  • Number of Confirmation Reminders sent
  • Date/Time of the Last Confirmation Reminder sent

Miscellaneous Information

  • Date/Time of last action on the subscription
  • Number of bounces detected
  • Administrative notes

NB: I am able to keep this information because the Gammadyne Mailer lets me customize the database and program special functions.

Information Collected Through My Guestbook

If you sign my Guestbook, the Guestbook will show whatever information you leave. If you leave me your email address, it will show your email address. If you leave your name, it will show that. If you leave the URL of your website, it will show that. If you leave your name, your dog's name and your birthday, it will show that.

Information Collected Through email to Me

If you send me an email, I will have your email address as well as anything else you tell me.

Cookies

I don't use cookies. Period.

Children's Data

I don't knowingly collect data from children. I use simple tools to discourage disclosure by children. And, if I discover personal data from children, I delete it. For more information, see my COPPA Cabana page.

What Is a "Data Controller"?

The Data Controller is an important figure in the OECDscheme.

In stating the Openness Principle, Paragraph 12 of the OECD Privacy Guidelines says:

"Means should be readily available of establishing . . .the identity and usual residence of the Data Controller."

In stating the Accountability Principle, Paragraph 14 of the OECD Privacy Guidelines says:

"A Data Controller should be accountable for complying with measures which give effect to the principles stated above."

In the definitions of the OECD Privacy Guidelines it says:

"the Data Controller means a party who, according to domestic law, is competent to decide about the contents and use of personal data regardless of whether or not such data are collected, stored, processed or disseminated by that party or by an agent on its behalf."

Note that the Data controller may be a natural person or a "legal person". Thus, it could be an individual. Or, alternatively, it could be a public authority, an organization, a department within an organization or a board of directors.

Who is the Data Controller for this Site?

I am the Data Controller for this site.

My contact information is:

James S. Huggins, 
Attn: Privacy Mail Stop P2W
11150 Beamer Road #109-P2W
Houston, Texas 77089-2331

Email me for my phone number which I keep off the site to reduce sales calls

Collection Limitation Principle

"There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject".

[Paragraph 7 of the OECD Privacy Guidelines
See also paragraphs 50 - 52 of the explanatory Memorandum].

You can access the pages of this site without disclosing any personal information.

As stated before, I offer three opportunities for people visiting my site to give me "personal information":

  1. email to me
     
  2. My email/ezine lists (e.g.,  Snippets and TestZine), and
     
  3. My Guestbook.

All such data collection occurs lawfully and by fair means and with the full knowledge and consent of the data subject.

Data Quality Principle

"Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date"

[Paragraph 8 of the OECD Privacy Guidelines
See also paragraph 53 of the explanatory Memorandum].

As stated before, I offer three opportunities for people visiting my site to give me "personal information":

  1. email to me
     
  2. My email/ezine lists (e.g.,  Snippets and TestZine), and
     
  3. My Guestbook.

In each of these cases, the relevance is either dictated by the nature of the use (e.g., an email address for an email list) or is independently deemed relevant by the data subject. All such information can be easily updated at any time using the same techniques used to originally supply the information.

Purpose Specification Principle

"The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose."

[Paragraph 9 of the OECD Privacy Guidelines
See also paragraph 54 of the explanatory Memorandum].

As stated before, I offer three opportunities for people visiting my site to give me "personal information":

  1. email to me
     
  2. My email/ezine lists (e.g.,  Snippets and TestZine), and
     
  3. My Guestbook.

In each of these cases, the purpose is specified at the time of the data collection or earlier. The information is only used for these purposes. (e.g., an email address for an email list is only used for the email list).

Use Limitation Principle

"Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with Paragraph 9 [Purpose Specification Principle] of the OECD Privacy Guidelines except: a) with the consent of the data subject; or b) by the authority of law."

[Paragraph 10 of the OECD Privacy Guidelines
See also paragraph 55 of the explanatory Memorandum].

As stated before, I offer three opportunities for people visiting my site to give me "personal information":

  1. email to me
     
  2. My email/ezine lists (e.g.,  Snippets and TestZine), and
     
  3. My Guestbook.

As far as whether I would give it to third parties, let me quote from my Privacy Statement page:

I don't share information. I keep any information you disclose absolutely private. This does not apply of course to the Guestbook. Information disclosed there is shared with the whole world. But that is the whole point of a Guestbook, isn't it.

Security Safeguards Principle

"Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data."

[Paragraph 11 of the OECD Privacy Guidelines
See also paragraph 56 of the explanatory Memorandum].

As stated before, I offer three opportunities for people visiting my site to give me "personal information":

  1. email to me
     
  2. My email/ezine lists (e.g.,  Snippets and TestZine), and
     
  3. My Guestbook.

except for Guestbook information (which is shared with the whole world) all information provided is protected against loss or unauthorized access, destruction, use, modification or disclosure.

Openness Principle

"There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the Data Controller."

[Paragraph 12 of the OECD Privacy Guidelines
See also paragraph 57 of the explanatory Memorandum].

I am very open about my policies relating to personal data.

I offer a general privacy statement, a COPPA compliance statement, a CIPEAcompliance statement and this OECDdisclosure.

I fully disclose what data is collected, how it is collected and what it is used for.

I also fully disclose the identity and usual residence of the Data Controller (who, if you haven't figured it out by now, is me.)

Individual Participation Principle

"An individual should have the right:

a) to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him;

b) to have communicated to him, data relating to him

  • within a reasonable time;
  • at a charge, if any, that is not excessive;
  • in a reasonable manner; and
  • in a form that is readily intelligible to him;

c) to be given reasons if a request made under subparagraphs (a) and (b) is denied, and to be able to challenge such denial; and

d) to challenge data relating to him and, if the challenge is successful to have the data erased, rectified, completed or amended."

[Paragraph 13 of the OECD Privacy Guidelines
See also paragraphs 58-61 of the explanatory Memorandum].

Yep. I do that.

General

If you'll email me, I'll tell you how to check to see if I have any personal information about you.

email/ezine Information

If you are subscribed, you get the emails. If you are not subscribed, you do not.

Guestbook Information

If you view the guestbook, you can see the information I have.

email Information

I don't keep this information and routinely purge it.

Accountability Principle

"A Data Controller should be accountable for complying with measures which give effect to the principles stated above."

[Paragraph 14 of the OECD Privacy Guidelines
See also paragraph 62 of the explanatory Memorandum].

Yep. I do that too.


Links On My Site

Privacy StatementPrivacy Statement: All the privacy disclosures for my site. 

COPPA CabanaCOPPA Cabana: Information about and disclosures related to the Children's Online Privacy Protection Act (COPPA). 

CIPEA ToneCIPEATone: Information about and disclosures related to the Consumer Internet Privacy enhancement Act (CIPEA). 

Links Across the Net

Organization for Economic Co-operation and Development (OECD)Organization for economic Co-operation and Development (OECD):  The home page of the OECD. 

OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal DataOECDGuidelines on the Protection of Privacy and Transborder Flows of Personal Data: From 23.Sep.2000, these include both the Guidelines and an explanatory Memorandum. 

OECD Privacy Statement GeneratorOECD Privacy Statement Generator:  A web tool to assist in constructing a privacy statement for posting on a website. 

The extra text menu links (previously here) are being removed in the site redesign.
Browser and search engine improvements have eliminated the motivation/necessity for them.

This page created:
before
Sun, 26.Nov.2001

Last updated:
16:17, Sat, 10.May.2014

. . .

NOTICE --- SITE  UNDERGOING REWRITE - SEE LINK BELOW FOR DETAILS

 Explanation of the rewrite: New Page Layout.
 Check out my blog: My Ephemerae
 Yes ... I want you to link to my site Please link to me
 Want to email me? I'd love to hear from you.
 I have begun tutoring in the South Houston, Texas area.

. . .
oecd privacy principles; organization for economic co-operation and development privacy principles; qwerty . . . oecd privacy principles; organization for economic co-operation and development privacy principles; qwerty