It is important that the security of information systems is compatible with the legitimate use and flow of data and information in the context of the host society. It is appropriate that the nature and amount of data that can be collected is balanced by the nature and amount of data that should be collected. It is also important that the accuracy of collected data is assured in accordance with the amount of damage that may occur due to its corruption. For example, individuals' privacy should be protected against the power of computer matching. Public and private information should be explicitly identified. Organization policy on monitoring information systems should be documented to limit organizational liability, to reduce potential for abuse, and to permit prosecution when abuse is detected. The monitoring of information and individuals should be performed within a system of internal controls to prevent abuse.
Note: The authority for the following candidate principles has not been established by committee consensus, nor are they derived from the OECD principles. These principles are submitted for consideration as additional pervasive principles.