B. Privacy by Design

Question 1

What is privacy by design?

Answer 1

The concept that privacy is part of the design of products, systems, software, etc. and is built in my default.

Question 2

Data minimization

Answer 2

collect only what you need

Question 3

process oriented privacy design strategy

Answer 3

Commitment to processing personal information in a privacy-friendly way and ensuring that these commitments are honored.

Question 4

Data oriented privacy design strategy

Answer 4

Focus on technical ways that data can be processed with the maximization of privacy in mind.

Question 5

Privacy by Design

Answer 5

1) Integrates privacy protections into physical stems, technology products and business processes.
2) Ensures can be assured that privacy controls are in place from the outset of a project

Question 6

Privacy by Design Foundational Principles

Answer 6

1) Proactive not Reactive
2) Preventative not Remedial
3) Privacy as the Default Setting
4) Privacy Embedded into Design
5) Full Functionality- Positive-Sum, not Zero-Sum
6) End-to-End Security - Full Lifecycle Protection
7) Visibility and Transparency - Keep it Open
8) Respect for User Privacy - Keep it User-Centric

Question 7

Instituting Privacy by Design

Answer 7

1) Commit to the Program
2) Create a Privacy Standard
3) Perform Privacy Reviews of Products and Services
4) Perform a data flow analysis
5) Inform consumers of your privacy practices
6) Provide privacy controls for users
7) Provide users with access to data
8) Apply data retention and destruction policies
9) Secure sensitive data

Question 8

goal setting

Answer 8

including privacy

Question 9

document requiremments

Answer 9

documenting what you will do and what you won’t do – useful for testing after building

Question 10

quality attributes

Answer 10

1) identifiability
2) confidentiality
3) availability

Question 11

information needs

Answer 11

what is the least amount of data needed to accomplish this goal

Question 12

high level design

Answer 12

comprises of:

1) quality attributes (identify, confident, available)
2) architectures: (usable front-end, compliant back-end)
3) design representation (design includes all nodes throughout system)

Question 13

low level design/implementation

Answer 13

• reuses libraries, frameworks, APIs when possible from other parts of system for consistency’s sake

Question 14

impose controls

Answer 14

1) architecture (decentralize operations)
2) secure (using abstraction/hiding)
3) supervise (enforcement of privacy policies)
4) balance (ensuring that solutions don’t incur further risks)

Question 15

testing and validation

Answer 15

validating the requirements. comprised of:

1) unit testing
2) system testing
3) integration testing
4) manual testing

Question 16

ongoing vigilance practices against privacy and security risks

Answer 16

1) code reviews (peer to peer)
2) code audits (3rd party to organization)
3) runtime behavior monitoring (noting spikes and dips)
4) keeping software up to date with modern standards

Question 17

What are the three primary ways that data is anonymized?

Answer 17

1) Suppression
2) generalization, and
3) noise addition

Question 18

What is perturbation data privacy?

Answer 18

Data perturbation is a data security technique that adds ‘noise’ to databases allowing individual record confidentiality.

This technique allows users to ascertain key summary information about the data that is not distorted and does not lead to a security breach.

Question 19

How is data perturbation used in Healthcare?

Answer 19

Data perturbation is a form of privacy-preserving data mining for electronic health records (EHR).

There are two main types of data perturbation appropriate for EHR data protection. The first type is known as the probability distribution approach and the second type is called the value distortion approach.

Question 20

Is differential privacy a data perturbation technique?

Answer 20

Differential privacy is a data perturbation technique.

Question 21

How does differential privacy work?

Answer 21

Data perturbation is a privacy preservation technique that alters the values of data elements in a database to maintain individual record.

Differential privacy involves adding noise to hide the true value of data points.

Question 22

What is a common misconception when considering data anonymization solutions?

Answer 22

That encryption for data security is a form of data masking.

Data maskingand data encryptionare two technicallydistinct data privacy solutions. Data encryption, at the structured data field level, is a data masking function. However, both can be useful to address regulatory compliance, such as theGDPRandCCPAand other data privacy use cases, such as protecting bigdata analyticsto reduce data exposure risks.

Question 23

Example of Data protection by design


Answer 23

The use of pseudonymization (replacing personally identifiable material with artificial identifiers) and encryption (encoding messages so only those authorized can read them).

Question 24

Example of Data protection by default


Answer 24

A social media platform should be encouraged to set users’ profile settings in the most privacy-friendly setting by, for example, limiting from the start the accessibility of the users’ profile so that it isn’t accessible by default to an indefinite number of persons.

Question 25

What does data protection by default mean?

Answer 25

Data protection by default means you need to specify this data before the processing starts, appropriately inform individuals and only process the data you need for your purpose. It does not require you to adopt a ‘default to off’ solution.

When a female visitor fills in an online form in order to subscribe to a newsletter list, she is submitting her name and her email address or/and any additional personal information about herself. She can by default expect that the controller will process her personal data according to the GDPR, in the way and only for the purposes that she has given her consent for, before she clicks the ‘Submit’ button and submits her subscription to the newsletter list.

Question 26

Blurring

Answer 26

Data blurring uses an approximation of data values to render their meaning obsolete and/or render the identification of individuals impossible.