The ISO 29100 privacy framework does not include formal requirements that a company must follow, but it does provide bullet points under each of its proposed principles that discuss what it means to adhere to the principle and many organizations refer to those bullet points as proposed controls. In total, the original version of the ISO 29100 framework proposed approximately 70 controls that fall under (or can be considered subcategories of) the following 11 principles:
1. Consent and choice
2. Purpose legitimacy and specification
3. Collection limitation
4. Data minimization
5. Use, retention and disclosure limitation
6. Accuracy and quality
7. Openness, transparency and notice
8. Individual participation and access
9. Accountability
10. Information security
11. Privacy compliance