Personal information is collected consistent with the entity’s objectives related to privacy
The collection of personal information is limited to that necessary to meet the entity’s objectives
Methods of collecting personal information are reviewed by management before they are implemented to confirm that personal information is obtained (a) fairly, without intimidation or deception, and (b) lawfully, adhering to all relevant rules of law, whether derived from statute or common law, relating to the collection of personal information
Management confirms that third parties from whom personal information is collected (that is, sources other than the individual) are reliable sources that collect information fairly and lawfully
Data subjects are informed if the entity develops or acquires additional information about them for its use.