https://community.isc2.org/t5/Governance-Risk-Compliance/Questions-about-first-three-of-OECD-Privacy-Principles/m-p/47710#M489 <P><A href="http://oecdprivacy.org/" target="_blank" rel="noopener">OECD Privacy Principles</A> start with the following three principles.</P><P>&nbsp;</P><OL><LI>Data Quality Principle</LI><LI>Purpose Specification Principle</LI><LI>Security Safeguards Principle</LI></OL><P>I think that you should specify purposes of gathering personal data, then gather the data and keep the quality of the data. Why do you think OECD describes #1 prior to #2?</P><P>&nbsp;</P><P>Next question is about #1 and #3. Why do you think OECD separates #1 and #3? I think they are very similar and the difference is only that #1 requires keeping data up-to-date. So I think #1 should include only "keeping data up-to-date" in its meaning. What do you think?</P> Mon, 09 Oct 2023 09:59:45 GMT Masahiro 2023-10-09T09:59:45Z https://community.isc2.org/t5/Governance-Risk-Compliance/Questions-about-first-three-of-OECD-Privacy-Principles/m-p/47710#M489 <P><A href="http://oecdprivacy.org/" target="_blank" rel="noopener">OECD Privacy Principles</A> start with the following three principles.</P><P>&nbsp;</P><OL><LI>Data Quality Principle</LI><LI>Purpose Specification Principle</LI><LI>Security Safeguards Principle</LI></OL><P>I think that you should specify purposes of gathering personal data, then gather the data and keep the quality of the data. Why do you think OECD describes #1 prior to #2?</P><P>&nbsp;</P><P>Next question is about #1 and #3. Why do you think OECD separates #1 and #3? I think they are very similar and the difference is only that #1 requires keeping data up-to-date. So I think #1 should include only "keeping data up-to-date" in its meaning. What do you think?</P> Mon, 09 Oct 2023 09:59:45 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Questions-about-first-three-of-OECD-Privacy-Principles/m-p/47710#M489 Masahiro 2023-10-09T09:59:45Z