Introduction

The Fair Information Practices (FIPs) and the Belmont Report are two key sets of principles that have been implemented into laws both nationally and internationally since their respective publications in 1973 and 1976. It was not until 1981, however, that the FIPs were officially adopted by the Organization for Economic Co-operation and Development (OECD). In contrast, the National Research Act created the National Commission for the Protection of Human Subjects of Biomedical and Behavioral Research in 1974. This commission was charged with identifying “the basic ethical principles that should underlie the conduct of biomedical and behavioral research” and developing principles to ensure that all research done conforms to these principles. Neither the FIPs nor the Belmont Report supply concrete steps to follow, nor do they make explicit recommendations for practices. Rather, each of these documents provide a general rule on how to properly protect research subjects.

Overview of Principles

FIPs

The FIPs were designed as a “set of aspirational principles … used to model rules for responsible data practices”. Countries and legislative bodies are able to choose which aspects and principles of the FIPs it wishes to adopt, thus leading to the FIPs serving as the closest thing to a “universal privacy touchstone” that exists today. The FIPs (or a version of them) are included in most privacy regulations implemented internationally. Core principles of the FIPs require that data collecting entities must:

  • Limit the amount of personal data collected and collect this data with the knowledge and consent of the data subject (the Collection Limitation Principle).
  • Ensure that the data collected is relevant to the purpose for which it will be used and is “accurate, complete, and up-to-date” (the Data Quality Principle).
  • Specify the purposes for which data is collected (the Purpose Specification Principle).
  • Obtain consent to use and disclose personal data for purposes other than those specified at the time of collection (the Use Limitation Principle).
  • Be transparent about data collection practices and policies (the Openness Principle).
  • Allow individuals to access data collected from them, challenge the data, and have inaccurate data erased, rectified, completed, or amended (the Individual Participation Principle).
  • Be accountable for complying with the principles (the Accountability Principle).

Belmont Report

The Belmont Report outlines three basic ethical principles: Respect for Persons, Beneficence, and Justice. The first principle, Respect for Persons, requires that researchers acknowledge the autonomy of subjects as well as protect subjects with diminished autonomy. A researcher should give weight to a subjects’ opinions and choices and refrain from overpowering their actions unless they are clearly harmful to others. Beneficence is defined as acts of kindness or charity that go beyond strict obligation, and the second principle is derived from this ideal. The principle of Beneficence focuses on the requirements of the Hippocratic Oath, and it mainly revolves around the goal to “do no harm”. The Belmont Report requires researchers to maximize possible benefits while minimizing possible harms and to decide when it is justifiable to seek certain benefits despite the risks. Namely, it tasks them with determining the point at which the risks outweigh the benefits. The third principle, Justice, states that an injustice occurs when some benefit to which a person is entitled is denied without good reason or when some burden is imposed unduly. This principle is centered around the fact that subjects should be treated equally.

Want to learn more about FIPs and the Belmont Report? In coming weeks, we’ll address the similarities and differences between these sets of principles that guide the Arcus approach to privacy.