Personal Information shall not be used or disclosed for purposed other than those for which it was collected, except with the consent of the individual or corporation, or as required by law.
The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization, and shall by collected by fair and lawful means.
Personal information shall be retained only as long as necessary for the fulfillment of those purposes.
Personal information shall be as accurate, complete, and up-to-date as us necessary for the purposes for which it is to be used.
Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information, and have it amended as appropriate. In certain situations, the organization may not be able to provide access to all the personal information it holds about an individual. Exceptions to the access requirement should be limited and specific, and reasons for denying access should be provided to the individual upon request.
An individual shall be able to address any concerns, regarding compliance, with the principles of the organization or a designated individual.