As per the official DSCI Privacy Framework (DPF©), the framework is built upon a set of nine core
Privacy Principles that are foundational to establishing and assessing privacy initiatives in an
organization. These principles are as follows:
Notice – Individuals must be informed about the collection and use of their personal data.
Choice and Consent – The data subject’s choice must be respected through consent mechanisms.
Collection Limitation – Personal data must be collected only for identified purposes.
Use Limitation – Data should be used only for the purposes specified at the time of collection.
Data Quality – Ensuring data is accurate, complete, and kept up-to-date.
Access and Correction – Data subjects must have access to their data and the ability to correct it.
Security – Adequate protection of personal data against unauthorized access and breaches.
Openness – Organizations must be transparent about their privacy practices.
Accountability – The entity collecting and processing data is responsible for complying with the
principles.
These match exactly with the components listed in option A: I (Use Limitation), II (Accountability), III
(Data Quality), IV (Notice), V (Preventing Harm—not explicitly named in DPF, hence not part of the
standard nine), VI (Choice and Consent), VII (Access and Correction), VIII (Data Minimization), IX
(Openness).
Hence, the correct nine principles according to DPF© are exactly as listed in option A.
