CH. 1 Flashcards
Define Privacy
“the right to be let alone,” HLR. The desire of people to freely choose the circumstances and the degree to which individuals will expose their attitudes and behavior to others.
Classes of Privacy
1) Information Privacy - PII
2) Bodily Privacy - intrusion on the physical being
3) Territorial Privacy - intrusion on the environmental or geographical
4) Communications Privacy - Intrusion on the means of correspondence
Fair Information Practices
(AKAs: FIP, Fair Information Privacy Practice, FIPP)
Means by which to organize rights and responsibilities as to personal information. Four Principles:
1) Individual’s rights
2) Controls on the Information
3) Information Lifecycle
4) Management
FIP/FIPP - Individual’s rights
- Notice about policy, procedure, and purpose of collection, use, and how its retained and disclosed
- Choice and consent as to above with either explicit or implicit consent
- Data subject access to personal information for review and update
FIP/FIPP - Controls on the Information
- Information security showing implemented safeguards
- Information quality standards having accurate, complete, and relevant information
FIP/FIPP - Information Lifecycle
- Collection limited to notice
- Use and retention limited to notice and consent “for as long as necessary”
- Disclosure limited to notice and consent
FIP/FIPP - Management
- Management and action to define, document, communicate, and assign accountability
- monitoring and enforcement of compliance and complaints
PII
Personally Identifiable Information
- as opposed to aggregate o statistical information
- information that makes it possible to identify
- ex. ssn, passport no., street add, telephone, and email
Sensitive PII
PII with higher scrutiny
- ex. ssn, fin info, driver license no., and health info
Non-Personal Information
De-identified or anonymized information
Pseudonymized data
Information on data subject retained under pseudonym
- often reversible
- useful in drug tests, if trial has adverse effects and individuals need to be contacted
Gray areas of data collection
ex. operaional data, intellectual proprty, informationabout products and services, IP address
Sources of Personal data
The source of data can alter its treatment.
- public records
- publicly available information
- non-public information
Processing Personal Information
the collection, recording, organization, storage, updating or modification, transmission, dissemination or making available in any other form, linking, alignment or combination, blocking, erasure, or destruction of personal information.
1) data subject - individual
2) data controller - organization with authority over data
3) data processor - processor on behalf of controller
Sources of Privacy Protection
- Markets - concerns of the consumer
- Technology - ability to encrypt
- Law - traditional source
- Self-regulation and co-regulation - where self-regulation is the legislation (who defines privacy rules), enforcement (who initiates action), and/or adjudication (who decides a violation occurred)