Data Privacy Principles

ACLU Data Privacy Principles, adopted from The Fair Information Practice Principles and informed by ACLU values and policies, guide how ACLU collects, uses, and protects personal information. In accordance with our Data Privacy Principles, ACLU aims to:

1. Transparency. Make clear what data we are collecting and how it will be used.
2. Individual Participation. Where possible and appropriate, gather individuals’ consent for the collection, use, sharing, and maintenance of personal information and provide them with the choice to know, access, delete, or correct the contents of the personal information we hold.
3. Purpose Specification. Articulate the purpose(s) for which the collected personal information will be used and how it will be used.
4. Data Minimization. Only collect personal information that is directly relevant and necessary to accomplish the specified and communicated purpose(s). Only retain the information for as long as is necessary to fulfill the specified purpose(s).
5. Use Limitation. Use personal information solely for the purpose(s) specified and share personal information solely for purposes compatible with the purpose for which the information was collected.
6. Data Quality and Integrity. Ensure personal information we process is accurate, relevant, timely, and complete for the purposes for which the information was collected.
7. Security. Protect personal information with physical, technical, and administrative safeguards appropriate to the data and associated risks, in order to protect against unauthorized access to and improper use of information we collect.
8. Accountability. Ensure personnel (employees, interns, and volunteers) who handle personal information have received appropriate training and monitor the actual use of personal information to demonstrate compliance with these principles and requirements under applicable privacy laws.