Chapter 1: Introduction to Privacy for the IT Professional Flashcards
Who invented the concept of Contextual Integrity
Helen Nissenbaum
What is Helen Nissenbaum’s Contextual Integrity
Privacy concerns are not absolute but largely depend on the context
Provide an example of privacy norms being domain and context specific
The norms governing banking information will differ from the norms governing medical information
List the 4 risk categories of privacy harm identified in Daniel Solove’s Taxonomy of Privacy
Information Collection
Information Processing
Information Dissemination
Invasion
List the 2 activities or mechanisms that can violate privacy related to Information Collection (Daniel Solove’s Taxonomy of Privacy)
Surveillance
Interrogation
List the 5 activities or mechanisms that can violate privacy related to Information Processing (Daniel Solove’s Taxonomy of Privacy)
Aggregation Insecurity Secondary Use Identification Exclusion
List the 7 activities or mechanisms that can violate privacy related to Information Dissemination (Daniel Solove’s Taxonomy of Privacy)
Breach of confidentiality Increased Accessibility Disclosure Exposure Blackmail Appropriation Distortion
List the 2 activities or mechanisms that can violate privacy related to Invasion (Daniel Solove’s Taxonomy of Privacy)
Intrusion
Decisional Interference
Describe Surveillance (Daniel Solove’s Taxonomy of Privacy)
Watching, listening to, or recording of an individual’s activities
Describe Interrogation (Daniel Solove’s Taxonomy of Privacy)
Questioning or probing for personal information
Describe Aggregation (Daniel Solove’s Taxonomy of Privacy)
Combining of various pieces of personal information
Describe Insecurity (Daniel Solove’s Taxonomy of Privacy)
Carelessness in protecting information from leaks or improper access
Describe Identification (Daniel Solove’s Taxonomy of Privacy)
Linking of information to a particular individual
Describe Secondary Use (Daniel Solove’s Taxonomy of Privacy)
Using personal information for a purpose other than the purpose for which it was collected
Describe Exclusion (Daniel Solove’s Taxonomy of Privacy)
Failing to let an individual know about the information that others have about them and participate in its handling or use
Describe Breach of Confidentiality (Daniel Solove’s Taxonomy of Privacy)
Breaking a promise to keep a person’s information confidential
Describe Disclosure (Daniel Solove’s Taxonomy of Privacy)
Revealing truthful personal information about a person that impacts the ways others judge their character or their security
Describe Exposure (Daniel Solove’s Taxonomy of Privacy)
Revealing an individual’s nudity, grief, or bodily functions
Describe Increased Accessibility (Daniel Solove’s Taxonomy of Privacy)
Amplifying the accessibility of personal information
Describe Blackmail (Daniel Solove’s Taxonomy of Privacy)
Threatening to disclose personal information
Describe Appropriation (Daniel Solove’s Taxonomy of Privacy)
Using an individual’s identity to serve the aims and interests of another
Describe Distortion (Daniel Solove’s Taxonomy of Privacy)
Disseminating false or misleading information about an individual
Describe Intrusion (Daniel Solove’s Taxonomy of Privacy)
Disturbing an individual’s tranquility or solitude
Describe Decisional Interference (Daniel Solove’s Taxonomy of Privacy)
Intruding into an individual’s decision regarding their private affairs
What are Ryan Calo’s 2 dimensions of privacy harm
Objective
Subjective
Describe an objective harm (Ryan Calo)
Measurable and observable harm, wherein a person’s privacy has been violated and a direct harm is known to exist
Describe a subjective harm (Ryan Calo)
Exists without an observable or measurable harm, but where an expectation or perception of harm exists
How are privacy risks measured?
Likelihood and impact
What are some common non-malicious insider threats?
Weak security policies Insufficient training Mistakes Ineffective controls Carelessness
List the 8 principles included in the OECD international standard for privacy
Collection Limitation Accountability Data Quality Individual Participation Security Safeguards Openness Use Limitation Purpose Specification
Describe the Collection Limitation principle (OECD international standard for privacy)
There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and where appropriate, with the knowledge or consent of the data subject
Describe the Data Quality principle (OECD international standard for privacy)
Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date
Describe the Purpose Specification principle (OECD international standard for privacy)
The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use should be limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose
Describe Use Limitation principle (OECD international standard for privacy)
Personal data should not be disclosed, made available or otherwise used for purposes other than those specified, except: (a) with the consent of the data subject; or (b) by the authority of law
Describe Security Safeguards principle (OECD international standard for privacy)
Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data
Describe Openness principle (OECD international standard for privacy)
There should be a general policy of openness about developments, practices and policies with respect to personal data - Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller
Describe Individual Participation principle (OECD international standard for privacy)
An individual should have the right:
(a) to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him;
(b) to have communicated to him, data relating to him within a reasonable time; at a charge, if any, that is not excessive; in a reasonable manner; and in a form that is readily intelligible to him;
(c) to be given reasons if a request made under subparagraphs (a) and (b) is denied, and to be able to challenge such denial; and
(d) to challenge data relating to him and, if the challenge is successful to have the data erased, rectified, completed or amended
Describe Accountability principle (OECD international standard for privacy)
A data controller should be accountable for complying with measures which give effect to the principles stated above
Describe first-party data collection
When the data subject provides data about themselves directly to the collector
Describe third-party data collection
When previously collected information is transferred to a third-party
What is the difference between active and passive data collection?
Active data collection occurs when a data subject is aware of the collection
Passive data collection occurs when a data subject is unaware
How is explicit consent obtained?
The individual is required to expressly act to communicate consent (checking a box, clicking a button, responding to an email, etc.)
How is passive or implied consent generally obtained?
By including a conspicuous link to a privacy notice that describes the collection activities - no actions are taken by the IT system to engage the individual with the notice
Use of the system is assumed to imply consent
What is bounded rationality?
The idea that rationality is limited when individuals make decisions
What type of privacy threat is behavioural advertising according to Daniel Solove?
Intrusion
Decisional interference
Self-representation
What type of privacy threat is cyberbullying according to Daniel Solove?
Intrusion
Decisional interference
Self-representation
What type of privacy threat is social engineering according to Daniel Solove?
Self-representation
