Chapter 1: Foundational Principles Flashcards
Secondary use is also referred to what when collecting data?
repurposing
What is required when collecting data
consent
What are the two methods of data collection
active and passive data collection
what are the four types of data collection
first party
surveillance
repurposing
third party
What is first party data collection
occurs when individuals provides their personal information directly to the data collectors
What is surveillance data collection
- individuals data stream behaviour is overed through their activities, including online searches, or websites they engage with, while the individual activity is not interrupted
what is repurposing data collection
previously collected data may be used for a different purpose other than that for which was intality collected such as mailing address collected for shipping purposes later be used for sending marketing materials
o repurposing is also sometimes referred to as secondary
what is third party data collection
previously collected information is transferred to a third party to enable a new data collection
what are the two forms of consent
implicit and explicit
What is implied consent
Implied consent does not require the user to take an action. An example might be presenting the user with terms of service that state the individual’s use of the service means they agree with those terms
What is explicit
Explicit consent requires the user to take an action, such as selecting an option to allow the collection of information that the application provider wants to use to improve services and functionality
What is privacy notice?
statement made to data subjects that describes how an organization collects, uses, retains and discloses personal information. Notices should also indicate what information will be collected.
What does organization need when collecting personal information ?
privacy notice
What are the requirements developing business continuity planning?
sufficiently timely, relevant, accurate and complete for their purposes
What are the three potential issues that impact data destruction?
o digital content - Disks should be appropriately formatted before use to ensure that all data placed on them eventually can be deleted.
o Portable media- Portable media, such as CDs, DVDs and flash drives, have unique challenges precisely because they are portable and therefore harder to regulate, monitor and track.
o Hard copy-the primary challenge with “hard copy” documents, such as paper records, lies in determining what documents need to be destroyed and when.
What are the 7 privacy design?
Principle 1: Proactive, Not Reactive Preventative, Not Remedial Privacy
Principle 2: Privacy as the Default Setting
Principle 3: Privacy Embedded into Design
Principle 4: Full Functionality
Principle 5: End to End security
Principle 6: Visibility and Transparency
Principle 7: Respect for User Privacy; Keep it User Centric
What is risk?
is defined as a potential threat or issue, along with the impact the threat or issue could cause, and the likelihood that it will occur
What is contextual integrity?
as maintaining personal information in alignment with the informational norms that apply to a particular context.
What are they key components of contextual integrity
- actors: the senders and receivers of personal
- information attributes: the types of information being shared
- transmission principles: those that govern the flow of information
What is the difference between subject and objective harm
Objective harm occurs when privacy has been violated and direct harm is known to exist. It involves the forced or unanticipated use of personal information and is generally measurable and observable while Subjective harm exists when an individual expects or perceives harm, even if the harm is not observable or measurable.
subjective privacy harms amount to discomfort and other negative feelings, while objective privacy harms involve actual adverse consequences
What are the two dimensions of harm?
subjective and objective harm
What does the value sensitive design account for?
morals, ethical
What is value- sensitive design?
• Value-sensitive design is a design approach that accounts for moral and ethical values and should be considered when assessing the overall “value” of a design these values might include things such as trust, fairness, informed consent, courtesy or freedom from bias.
What are the three investigations of value sensitive design? Explain
o Conceptual
identifies the direct and indirect stakeholders, attempts to establish what those stakeholders might value, and determines how those stakeholders may be affected by the design.
o Empirical
focuses on how stakeholders configure, use, or are otherwise affected by the technology.
o Technical
examines how the existing technology supports or hinders human values and how the technology might be designed to support the values identified in the conceptual investigation
