Sites must disclose information practices before collecting data. Includes identification of collector, uses of data, other recipients of data, nature of collection (active/inactive), voluntary or required, consequences of refusal, and steps taken to protect confidentiality, integrity, and quality of the data
There must be a choice regime in place allowing consumers to choose how their information will be used for secondary purposes other than supporting the transaction, including internal use and transfer to third parties. Opt-in/Opt-out must be available.
Consumers should be able to review and contest the accuracy and completeness of data collected about them in a timely, inexpensive process.
Data collectors must take reasonable steps to assure that consumer information is accurate and secure from unauthorized use.
There must be in place a mechanism to enforce FIP
principles. This can involve self-regulation, legislation giving consumers legal remedies for violations, or federal statutes and regulation.
Complete transparency to user by providing disclosure and choice options on the host Web site. “Robust” notice for PII (time/place of collection; before collection begins). Clear and conspicuous notice for non-PII.
Opt-in for PII, opt-out for non-PII. No conversion of non-PII to PII without consent. Opt-out from any or all network advertisers from a single page provided by the host Web site.
Reasonable provisions to allow inspection and correction.
Reasonable efforts to secure information from loss, misuse, or improper access.
Done by independent third parties, such as seal programs and accounting firms.
Advertising networks will not collect information about sensitive financial or medical topics, sexual behavior or sexual orientation, or use Social Security numbers for profiling.