B. Privacy by Design Flashcards

1
Q

What is privacy by design?

A

The concept that privacy is part of the design of products, systems, software, etc. and is built in my default.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Data minimization

A

collect only what you need

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

process oriented privacy design strategy

A

Commitment to processing personal information in a privacy-friendly way and ensuring that these commitments are honored.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Data oriented privacy design strategy

A

Focus on technical ways that data can be processed with the maximization of privacy in mind.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Privacy by Design

A

1) Integrates privacy protections into physical stems, technology products and business processes.
2) Ensures can be assured that privacy controls are in place from the outset of a project

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Privacy by Design Foundational Principles

A

1) Proactive not Reactive
2) Preventative not Remedial
3) Privacy as the Default Setting
4) Privacy Embedded into Design
5) Full Functionality- Positive-Sum, not Zero-Sum
6) End-to-End Security - Full Lifecycle Protection
7) Visibility and Transparency - Keep it Open
8) Respect for User Privacy - Keep it User-Centric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Instituting Privacy by Design

A

1) Commit to the Program
2) Create a Privacy Standard
3) Perform Privacy Reviews of Products and Services
4) Perform a data flow analysis
5) Inform consumers of your privacy practices
6) Provide privacy controls for users
7) Provide users with access to data
8) Apply data retention and destruction policies
9) Secure sensitive data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

goal setting

A

including privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

document requiremments

A

documenting what you will do and what you won’t do – useful for testing after building

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

quality attributes

A

1) identifiability
2) confidentiality
3) availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

information needs

A

what is the least amount of data needed to accomplish this goal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

high level design

A

comprises of:

1) quality attributes (identify, confident, available)
2) architectures: (usable front-end, compliant back-end)
3) design representation (design includes all nodes throughout system)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

low level design/implementation

A
  • reuses libraries, frameworks, APIs when possible from other parts of system for consistency’s sake
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

impose controls

A

1) architecture (decentralize operations)
2) secure (using abstraction/hiding)
3) supervise (enforcement of privacy policies)
4) balance (ensuring that solutions don’t incur further risks)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

testing and validation

A

validating the requirements. comprised of:

1) unit testing
2) system testing
3) integration testing
4) manual testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

ongoing vigilance practices against privacy and security risks

A

1) code reviews (peer to peer)
2) code audits (3rd party to organization)
3) runtime behavior monitoring (noting spikes and dips)
4) keeping software up to date with modern standards

17
Q

What are the three primary ways that data is anonymized?

A

1) Suppression
2) generalization, and
3) noise addition

18
Q

What is perturbation data privacy?

A

Data perturbation is a data security technique that adds ‘noise’ to databases allowing individual record confidentiality.

This technique allows users to ascertain key summary information about the data that is not distorted and does not lead to a security breach.

19
Q

How is data perturbation used in Healthcare?

A

Data perturbation is a form of privacy-preserving data mining for electronic health records (EHR).

There are two main types of data perturbation appropriate for EHR data protection. The first type is known as the probability distribution approach and the second type is called the value distortion approach.

20
Q

Is differential privacy a data perturbation technique?

A

Differential privacy is a data perturbation technique.

21
Q

How does differential privacy work?

A

Data perturbation is a privacy preservation technique that alters the values of data elements in a database to maintain individual record.

Differential privacy involves adding noise to hide the true value of data points.

22
Q

What is a common misconception when considering data anonymization solutions?

A

That encryption for data security is a form of data masking.

Data maskingand data encryptionare two technicallydistinct data privacy solutions. Data encryption, at the structured data field level, is a data masking function. However, both can be useful to address regulatory compliance, such as theGDPRandCCPAand other data privacy use cases, such as protecting bigdata analyticsto reduce data exposure risks.

23
Q

Example of Data protection by design


A

The use of pseudonymization (replacing personally identifiable material with artificial identifiers) and encryption (encoding messages so only those authorized can read them).

24
Q

Example of Data protection by default


A

A social media platform should be encouraged to set users’ profile settings in the most privacy-friendly setting by, for example, limiting from the start the accessibility of the users’ profile so that it isn’t accessible by default to an indefinite number of persons.

25
Q

What does data protection by default mean?

A

Data protection by default means you need to specify this data before the processing starts, appropriately inform individuals and only process the data you need for your purpose. It does not require you to adopt a ‘default to off’ solution.

When a female visitor fills in an online form in order to subscribe to a newsletter list, she is submitting her name and her email address or/and any additional personal information about herself. She can by default expect that the controller will process her personal data according to the GDPR, in the way and only for the purposes that she has given her consent for, before she clicks the ‘Submit’ button and submits her subscription to the newsletter list.

26
Q

Blurring

A

Data blurring uses an approximation of data values to render their meaning obsolete and/or render the identification of individuals impossible.