Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CIPM MAY 2023 > 9. Respond: Data Subject Rights > Flashcards

9. Respond: Data Subject Rights Flashcards

1
Q

Privacy Notice - is the privacy information that you make available or provide to individuals when you collect information about them.

Privacy Notice - External Document

Purposes of a Privacy Notice:

A

Purposes of a Privacy Notice:
- Compliance
- Fairly & Transparently process PII
- Making information accessible regarding how PII is used
- Meeting individuals expectations
- Building trust and confidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Privacy Notice Content and Accessibility

A

Privacy Notice typically explains:
- Who the organization is
- What information it collects
- How the information will be used
- With whom it will share the information

Strategies to keep privacy notice accessible:
- Layered Approach
- Just-In-Time Notice
- Icon/Symbols
- Privacy Dashboards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Consent vs Opt-In/Opt Out

A

Privacy Notices inform individuals of an organization’s privacy practices, but do not solicit or imply consent.

Opt In - involves an active, affirmative indication
Opt Out - a lack of action implies choice

Record of consent
Prechecked box is not sufficient

Procedures for Withdrawal of Consent:
- address when and how consent may be withdrawn
- rules for communication with individuals
- method for withdrawing and documenting requests

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Procedures for Withdrawal of Consent:

A
  • address when and how consent may be withdrawn
  • rules for communication with individuals
  • method for withdrawing and documenting requests
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Tailoring Privacy Notice to Children & Ensuring Parental Consent

A
  • Compliance: laws specify rules around privacy notice to children
  • Language and Delivery
  • Age
  • Purpose of Processing

COPPA, GDPR: special privacy notice for children, parental consent

CCPA: selling requires parental consent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Data Subject Rights and Data Portability

A

Data Subject Rights - it is critical for organizations to have robust policies related to data subjects rights and be able to respond in a timely manner.

EU-Specific Data Subject Rights - affects organizations within and outside the EU, given the broad scope of GDPR.

Data Portability - means that PII must be transferrable is a right under GDPR based on consent or contract.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Right to Erasure vs Right to be Forgotten

A

Right to Erasure - Under GDPR, individuals have the right to erasure of their PII.

Erasure - ceasing processing and deleting data.

Right to be Forgotten - applies to PII that has been made public by the organization (Erasure has been broadened to include this right)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Internal Procedures for Privacy Complaints

A
  • Differentiating between sources & types of complaints
  • Designing proper receipts
  • Implementing a centralized intake process
  • Tracking the process
  • Reporting and documenting resolutions
  • Redress

Departments & Roles should be easy to reach through phone, email or physical address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CIPM MAY 2023 (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions