These new Guidelines constitute the first update of the original 1980 version that served as the first internationally agreed upon set of privacy principles.
Two themes run through the updated Guidelines:
- A focus on the practical implementation of privacy protection through an approach grounded in risk management, and
- The need to address the global dimension of privacy through improved interoperability.
The expert group also produced a report which identifies a number of issues that were raised but not fully addressed as part of the review process and which could be considered by candidates for possible future study.
A number of new concepts are introduced, including:
- National privacy strategies. While effective laws are essential, the strategic importance of privacy today also requires a multifaceted national strategy co-ordinated at the highest levels of government.
- Privacy management programmes. These serve as the core operational mechanism through which organisations implement privacy protection.
- Data security breach notification. This provision covers both notice to an authority and notice to an individual affected by a security breach affecting personal data.
Download the full OECD privacy framework booklet including the 2013 Privacy Guidelines
Other revisions modernise the OECD approach to transborder data flows, detail the key elements of what it means to be an accountable organisation, and strengthen privacy enforcement. As a step in a continuing process, this revision leaves intact the original “Basic Principles” of the Guidelines. On-going work by the OECD on privacy protection in a data-driven economy will provide further opportunities to ensure that its privacy framework is well adapted to current challenges.
>> See also: The OECD Going Digital project