Skip to content

The ISO 29100 privacy framework sets forth the following eleven core principles:

1. Consent and choice

2. Purpose legitimacy and specification

3. Collection limitation

4. Data minimization

5. Use, retention and disclosure limitation

6. Accuracy and quality

7. Openness, transparency and notice

8. Individual participation and access

9. Accountability

10. Information security

11. Privacy compliance

While the privacy framework does not propose formal requirements for each of the above principles, it does provide bullet points that discuss what it means to “adhere” to each principle.  Those bullet points can be viewed as controls that an organization might consider in relation to each principle.