Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CIPP/US Oct 2023 > Chapter 1: Introduction to Privacy > Flashcards

Chapter 1: Introduction to Privacy Flashcards

You may prefer our related Brainscape-certified flashcards:
U.S. Geography flashcards
1
Q

Definition of Privacy

A

The desire of people to freely choose the circumstance and the degree to which individuals will expose their attitudes and behavior to others

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the 4 categories/classes of privacy?

A
  • Information
  • Bodily
  • Territorial
  • Communications
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Information Privacy?

A

Information Privacy is the collection and handling of personal information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Bodily Privacy?

A

Bodily Privacy is a person’s physical being and any invasion thereof.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Territorial Privacy?

A

Territorial Privacy is the placing of limits on the ability to intrude into another individual’s environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Communications Privacy?

A

Communications Privacy is the protection of the means of correspondence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What provisions of privacy protection are built into the US Constitution?

A
  • 3rd Amendment
    • banned soldiers from living in people’s homes
  • 4th Amendment
    • requires a search warrant before entering a home
  • 5th Amendment
    • prohibits people from being compelled to testify against themselves
  • 14th Amendment
    • requirement of due process under the law
    • protects against intrusions into a person’s bodily autonomy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What declaration formally announced that “no one shall be subjected to arbitrary interference with their privacy, family, home, or correspondence”?

A

The Universal Declaration of Human Rights by the United Nations (December 1948)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does Article 8 of the European Convention for the Protection of Human Rights & Fundamental Freedoms (1950) state?

A

“Everyone has the right to respect for his private and family life, his home and his correspondence”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the 4 models of privacy protection

A
  • Comprehensive
  • Sectoral
  • Self-regulatory
  • Technology
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the laws in the area of protecting information about individuals called?

A

Privacy law

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is “Privacy law” also known as?

A

Data privacy or information privacy law, and data protection law

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

FIPs stands for:

A

Fair Information Practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are FIPs also known as?

A

Fair Information Privacy Practices or Principles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are FIPs?

A

FIPs are guidelines for handling, storing, & managing data with privacy, security, and fairness in an information society that is rapidly evolving.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are some important codifications of FIPs?

A
  • 1973 US Department of Health, Education and Welfare Fair Information Practice Principles
  • 1980 Organisation for Economic Co-operation and Development (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (“OECD Guidelines”)
  • 1981 Council of Europe Convention for the Protection of Individuals with Regard to the Automatic Processing of Personal Data (“Convention 108”)
  • The Asia-Pacific Economic Cooperation (APEC, 2004)
  • The 2009 Madrid Resolution — International Standard on the Protection of Personal Data and Privacy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the 4 categories of FIPs?

A
  • Rights of Individuals
  • Controls on the Information
  • Information Life Cycle
  • Management
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What should organizations address with regards to the rights of individuals?

A
  • Notice
  • Choice & Consent
  • Data Subject Access
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

How should organizations address notice?

A

By providing notice about privacy policies and procedure and should identify the purpose for which personal information is collected, used, retained, & disclosed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

How should organizations address choice and consent?

A

Describing the choices available to individuals and should get implicit or explicit consent with respect to the collection, use, retention, and disclosure of personal information.

21
Q

How should organizations address data subject access?

A

Providing individuals with access to their personal information for review and update.

22
Q

How should organizations focus on the controls on the information?

A
  • Information Security
  • Information Quality
23
Q

How should organizations focus on information security?

A

Use reasonable administrative, technical, & physical safeguards to protect personal information against unauthorized access, use, disclosure, modification, & destruction.

24
Q

How should organizations focus on information quality?

A

Maintain accurate, complete, and relevant personal information for purposes identified in a notice.

25
Q

How should organizations address the life cycle of information?

A
  • Collection
  • Use & Retention
  • Disclosure
26
Q

How should organizations address collections?

A

Collect personal information only for the purposes identified in the notice.

27
Q

How should organizations address use & retention?

A

Limit the use of personal information to the purposes identified in the notice and for which the individual has provided implicit or explicit consent. Retain personal information for only as long as necessary to fulfill the stated purpose.

28
Q

How should organizations address disclosures?

A

Disclose personal information to third parties only for the purposes identified in the notice and with implicit or explicit consent of the individual.

29
Q

How should organizations ensure that they regard management?

A
  • Management & Administration
  • Monitoring & Enforcement
30
Q

How should organizations ensure that they address management and administration?

A

Define, document, communicate, & assign accountability for their privacy policies and procedures.

31
Q

How should organizations ensure that they address monitoring and enforcement?

A

Monitor compliance with their privacy policies and procedures and have procedures to address privacy-related complaints and disputes.

32
Q

What is OECD?

A

OECD is an international organization that originally included the US and European countries but has expanded

33
Q

What is the set of privacy principles that OECD published in 1980 and later updated in 2013?

A

“Guidelines on the Protection of Privacy and Transborder Flows of Personal Data”

34
Q

What is the Collection Limitation Principle?

A

There should be limits to the collection of personal data & any such data should be obtained by lawful & fair means and, where appropriate, with the knowledge of consent of the data subject

35
Q

What is the Data Quality Principle?

A

Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete, & kept up to date

36
Q

What is the Purpose Specification Principle?

A

The purpose for which personal data are collected should be specified not later than at the time of data collection & the subsequent use limited to fulfillment of those purposes or such others as aren’t incompatible with those purposes & as are specified on each occasion of change of purpose

37
Q

What is the Use Limitation Principle?

A

Personal data shouldn’t be disclosed, made available, or otherwise used for purposes other than those specified in accordance with [the Purpose Specification Principle] except with the consent of a data subject or by the authority of the law

38
Q

What is the Security Safeguards Principle?

A

Personal data should be protected by reasonable security safeguards against risks

39
Q

What is the Openness Principle?

A

There should be a general policy of openness about developments, practices, & policies with respect to personal data

40
Q

What is the Individual Participation Principle?

A

An individual should have the right to:
- obtain from a data controller confirmation of whether or not they have data relating to the individual
- have communicated to the individual, data relating to them within a reasonable time, at a charge, if any, that is not excessive, in a reasonable manner, & in a form that is readily intelligible to him
- be given reasons if a request is denied & to be able to challenge such denial
- challenge data relating to the individual and, if the challenge is successful to have the data erased, rectified, completed, or amended

41
Q

What is the Accountability Principle?

A

A data controller should be accountable for complying with measures which give effect to the principles stated above

42
Q

Convention 108

A

Council of Europe passed this convention in 1981 for the Protection of Individuals with Regard to the Automatic Processing of Personal Data. It required member states of the council that signed the treaty to incorporate certain data protection provisions into their domestic law. It is similar to OECD Guidelines

43
Q

What did Convention 108 provided?

A
  • Quality of data
  • Special categories of data
  • Data security
  • Transborder data flows
44
Q

Convention 108: Quality of Data

A

Data of personal nature that is automatically processed should be obtained & stored only for specified and legit purposes. The data should be stored in a form that permits identification of the data subject no longer than is needed for the required purpose.

45
Q

Convention 108: Special categories of data

A

There are data categories that can’t be automatically processed, unless domestic law provides the appropriate safeguards. These categories are racial origin, political opinions, religious beliefs, health, sex life, & criminal convictions

46
Q

Convention 108: Data Security

A

Appropriate security measures should be taken for files containing personal data. It must be adapted for the particular function of the file and the risks involved

47
Q

Convention 108: Transborder Data Flows

A

During the transfer of data from one party of the Convention to another, privacy concerns shouldn’t prohibit the transborder flow of data. There are exceptions regarding special regulations covering certain categories of personal data

48
Q

APEC

A

A multinational organization established in 1989 with 21 Pacific Coast members in Asia and the Americas to enhance economic growth for the region and operates under a nonbinding agreement.

49
Q
A

CIPP/US Oct 2023 (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions