Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CIPM MAY 2023 > 5. Protection of Personal Data > Flashcards

5. Protection of Personal Data Flashcards

1
Q

Info Sec vs. Privacy

A

Security - focus on the control of data - building on risk management practices.

Privacy - focuses on the information itself and the people represented by the information.

Privacy: personal, sensitive, nonpersonal

InfoSec: public, confidential, highly confidential, restricted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Info Sec Controls (APT) & Categories of Info Sec Controls (PDC)

ISO27701?

A

Information Security Controls
- Administrative
- Physical
- Technical

Categories of Security Controls:
- Preventive
- Detective
- Corrective

ISO27701 - first mainstream global privacy management standard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Types of Controls (AART)

A

Administrative Controls - non-technical control measures established by management and derived from laws.

Access Controls - govern who has the right to access specific info

Role-Based Controls - ensures that only those who absolutely need access to certain information have it.

Technical Controls - ways to protect PII. i.e obfuscation & hashing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Privacy By Design - Embeds privacy into the design of technology, systems and practices to help ensure the existence of privacy.

PbD 7 Principles (P,PbD,PbD,FF,E2E,V&T,R)

A

Privacy By Design 7 Principles:
1. Proactive not reactive, Preventative not remedial
2. Privacy as the default
3. Privacy embedded into design
4. Full functionality - positive sum not 0 sum
5. End to End Security - Life Cycle Protection
6. Visibility and Transparency
7. Respect for User Privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Examples of Privacy Risk Models and Frameworks

A

Several Privacy Risk Models and Frameworks can be used in combination:
- FIPPs - Fair Information Practices Principles
- Factor Analysis of Information Risk (FAIR)
- NIST
- Risk Management Framework
- Cyber Security Framework
- Privacy Framework

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Data protection/GDPR principles

A
  • lawfulness, fairness, transparency
  • purpose limitations
  • storage limitations
  • data minimization
  • accuracy
  • accountability
  • Confidentiality. Integrity. Availability.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

C.I.A.

A

Confidentiality. Integrity. Availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

GDPR Article 25 (PbD & PbD)

A

Privacy by Design

Privacy by Default

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CIPM MAY 2023 (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions