APPENDIX I

TEN PRINCIPLES OF PRIVACY PROTECTION

1. Be accountable
   Establish policies and responsibilities
2. Identify Purposes
   Explain why information is collected and used
3. Obtain consent
   for information collection, use and disclosure
4. Limit collection
   Only gather information required for identified purposes
5. Limit use, disclosure and retention
   Destroy data when no longer required
6. Ensure Accuracy
   Keep frequently use information up-to-date
7. Safeguard security
   Keep sensitive information secure, control access
8. Be open
   Communicate policies and practices
9. Provide access
   Enable member/employee access to their records
10. Challenge Compliance
    Invite feedback, quickly investigate and resolve complaints