F Fair Information Practices (FIP) Standards governing collection and use of personal data. Overview Protection and privacy of personal information is becoming increasingly important as e-commerce grows on the Internet. The concept of Fair Information Prac- tices (FIP) can be traced back to the Privacy Act of 1974, U.S. legislation designed to protect personal information collected by government agencies. The Organization for Economic Cooperation and Develop- ment in Europe incorporated these practices into its Guidelines for the Protection of Personal Data and Transborder Data Flows in 1980, which evolved into the European Union Data Protection Directive in 1995. FIP can be summarized in five basic principles: ● Notice: An agency collecting personal information from individuals must inform these individuals con- cerning its collection and use practices. ● Choice: Individuals must be able to determine how collected information should be used. ● Access: Individuals must be able to view, modify, and contest the accuracy of personal information collected about them. ● Security: Agencies collecting personal informa- tion must protect such information from unautho- rized access. ● Enforcement: There should be legal mechanisms in place to enforce these practices to ensure their compliance. Other important principles include these: ● Data integrity: Agencies collecting personal information must maintain the integrity of the data collected. ● Onward transfer: An agency collecting informa- tion from individuals must inform these individuals concerning its policies for passing such information on to other agencies. ● Remedy: Individuals must have avenues of remedy available should they determine that an agency holding personal information about them has mis- used this information or allowed it to be misused. For More Information The 1998 report “Privacy Online: A Report to Con- gress” by the Federal Trade Commission outlines the issues and practices surrounding FIP. You can down- load this report from www.ftc.gov/reports/privacy2000/ privacy2000.pdf in PDF format. See Also: privacy false negative Reporting of malicious events as benign by a security system. Overview False negatives occur when a firewall, intrusion detec- tion system (IDS), or other network security device identifies a malicious event as benign. False negatives are therefore failures of these security systems to prop- erly identify attempts to penetrate network defenses. They may be caused by misconfiguration of the security system or basic flaws in its design. Note that a mali- cious event resulting from a new form of exploit and ignored by a security system is not considered a flaw in the system, for no security system can completely defend against exploits that have not yet been con- ceived. (Heuristic methods try to anticipate new attacks but usually generate large numbers of false positives.) False negatives can have catastrophic effects for the net- work the security device is protecting. Penetration of F 109 . negatives are therefore failures of these security systems to prop- erly identify attempts to penetrate network defenses. They may be caused by misconfiguration of the security system or basic flaws. negative Reporting of malicious events as benign by a security system. Overview False negatives occur when a firewall, intrusion detec- tion system (IDS), or other network security device identifies. collection and use of personal data. Overview Protection and privacy of personal information is becoming increasingly important as e-commerce grows on the Internet. The concept of Fair Information