Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

IAPP US Privacy Certification > Chapter 1 > Flashcards

Chapter 1 Flashcards

You may prefer our related Brainscape-certified flashcards:
U.S. Geography flashcards
1
Q

FIPs: Rights of Individuals

A
  • Notice of privacy policies and procedures, and purpose for processing
  • Choice and Consent - especially to other data controllers
  • Access - for review and update
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

FIPs: Controls on the Information

A
  • Information Security

- Information Quality - accurate, complete and relevant

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

FIPs: Information Lifecycle

A
  • Collection: Only for purpose identified.
  • Use - Limited to identified purposes consented to.
  • Retention - Only for as long as necessary to fulfill purposes.
  • Disclosure - Only for identified purposes and with consent.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

FIPs: Management

A
  • Management and Administration - Define, document, communicate, and assign accountability for privacy policies/procedures.
  • Monitoring and enforcement - Monitor compliance and address complaints and disputes.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

US HEW FIPs, 1973

A

There must be no personal data record-keeping systems whose very existence is secret

There must be a way for a person to find out what information about the person is in a record and how it is used

There must be a way for a person to prevent information about the person that was obtained for one purpose from being used or made available for other purposes without the individual’s consent

There must be a way for a person to correct or amend a record of identifiable information about the person

Any organization creating, maintaining, using or disseminating records of identifiable personal data must assure the reliability of the data for its intended use and must take precautions to prevent misuse of the data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

OECD Guidelines, 1980

A
  • Most widely recognized FIPs framework.
  • Endorsed by FTC
  • Principles

Collection Limitation Principle. There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of
the data subject.

Data Quality Principle. Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.

Purpose Specification Principle. The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose.

Use Limitation Principle. Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with [the Purpose Specification Principle] except: (a) with the consent of the data subject or (b) by the authority of law.

Security Safeguards Principle. Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data.

Openness Principle. There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller.

Individual Participation Principle. An individual should have the right: (a) to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him; (b) to have communicated to him, data relating to him, within a reasonable time, at a charge, if any, that is not excessive, in a reasonable manner, and in a form that is readily intelligible to him; (c) to be given reasons if a request made under subparagraphs (a) and (b) is denied, and to be able to challenge such denial; and (d) to challenge data relating to him and, if the challenge is successful to have the data erased, rectified, completed or amended.

Accountability Principle. A data controller should be accountable for complying with measures which give effect to the principles stated above.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Convention 108, 1981

A
  • Broadly similar to OECD.
  • Important contributor to European data protection laws in 1980s and 1990s.
  • Added concepts like:

Special categories of data not to be automatically processed: race, politics, religion, health, sex life, health, criminal conviction.

Adapt security measures for particular function and risks.

Transborder data flows should not be inhibited by privacy laws except with respect to special categories of personal data.

Store data in form that permits identification for no longer than needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

APEC Framework, 2004

A
  • Generally mirror OECD, while being more explicit, especially regarding exceptions.
  • Key additions:

Preventing harm - take account of risk of harm and remedial measures should be proportional to that risk.

  • Notice - more specific and at time of collection- fact of collection, purpose, types or org disclosed to, identity of controller and who to contact, choices of data subject for limiting use/disclosure and for accessing/correcting.
- Use of PI limited to 
purpose collected for; 
compatible uses to that purpose;
with consent;
when necessary to provide product or service requested;
by authority of law.
  • Security safeguards proportional to likelihood and severity of harm, sensitivity of information, and context in which it is held. Also, safeguards should be periodically reviewed.
  • Access and Correction - Data subjects able to make requests for what is held on them, unless burden unreasonable, legal restriction, or violate others privacy.
  • Accountability for forward disclosure - either consent or flow down obligations.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Madrid Resolution, 2009

A
  • Purposes was to define a set of principles and rights guaranteeing (i) the effective and internationally uniform protection of privacy WRT personal data processing; (ii) facilitation of international flows of personal data needed in a globalized world.
  • Basic principles

Lawfulness and fairness of processing (non-discrim.)

Purpose specification: Limit processing to purpose and compatible, otherwise consent.

Proportionality: Processing proportional to purpose, minimum necessary.

Data quality - accurate, updated, complete. Retain only as long as necessary.

Openness: Transparency like APEC. Provided in clear and plain language, especially WRT minors.

Accountability - To data subjects and data authorities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

IAPP US Privacy Certification (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions