* Onward transfer: to consider the potential impact of sharing even minor details of individuals' records, preventing criminals from piecing together user profiles based on bits of data that are made public.
* Privacy and security by design: to build security into all phases of authentication systems during development to eliminate vulnerabilities and other security problems.
* Security: to consider both the external and internal threats that could pose risks to sensitive information that is collected.
* Accountability: to have auditing processes in place that allow for rapid determination of the impact of potential breaches of data.
*Access data quality: to ensure that data that is collected and stored is correct and that users have the ability to change any mistakes to their information quickly and without a lot of hassle.
Schwartz said that the CDT felt compelled to update its regulations based on all the work that is currently ongoing within the public and private sectors aimed at stopping data breaches and providing increased security for both end users and the organizations they interact with online.
"We're seeing a lot of activity in this space for creating strong credentials for many reasons, including terrorism, online security, and billing purposes," he said. "As those efforts continue to grow, we knew there was a need for new policy, and we wanted to position these principles now, ahead of that work."