CIPP Flashcards
Pass the fucking exam
4 Classes of Privacy
- Information Privacy
- Communications Privacy
- Bodily Privacy
- Territorial Privacy
Information Privacy
Rules that govern the collection and handling of personal info:
- Financial and medical info
- Government Records
- Internet activity
Communications Privacy
Establishes protection of the means of correspondence, such as:
- Postal Mail
- Telephone Conversations
Territorial Privacy
Establishes placing limits on the ability to intrude into another individual’s environment including:
- Home
- Workplace
- Public Space
Fair Information Practices - 4 Principals
Set of principles that consider: 1. rights of individuals 2. controls on the information 3. the info life-cycle 4. management. They are guidelines for handling, storing and managing personal info properly.
Data Protection Authority
Enforces privacy or data protection laws and regulations. US has no national data protection authority but several groups over see privacy matters (FTC, state attorneys general, federal financial regulators)
Data Controller
An organization or individual with the authority to decide how and why information about data subjects is to be processed
Data Subject
An individual about whom information is being processed. Ex. Consumer, employee, patient
Data Processor
An organization or individual, often a third-party outsourcing service that process data on behalf of the data controller
Personal Information
Information that make sit possible to identify and individual
Nonpersonal Information
Anonymizing personal information by removing identifying elements renders it nonpersonal
Sensitive personal information
A subset of personal information; usually requires additional safeguarding of its collection use and disclosure
Pseudonymized Information
A unique code or pseudonym is used as a temporary solution to protecting information. It is reversible
Examples of Public Records
Real estate records, birth and death records, licensing records, statistical data
Examples of Publicly available information
Telephone books, public media, newspapers, search engine results
Examples of Nonpublic information
Medical records, financial information, customer databases, adoption records
Federal Trade Commission (FTC)
Has general authority to enforce rules against unfair and deceptive trade practices.
- has power to bring enforcement actions where privacy promise is broken
- has statutory responsibility for issues such as children’s online privacy and commercial email marketing
Federal Communications Commission (FCC)
places significant compliance regulations on the marketplace. Governs the communications industry such as television, radio, telemarketing, and online marketing. FTC also enforces privacy law.
US Department of Commerce (DOC)
Plays a leading role in federal privacy policy development and administers the Privacy Shield Framework btwn the US and EU. DOC works with FTC on enforcement of privacy and security standards by organizations.
Department of Health and Human Services (HHS)
Created regulations to protect the privacy and security of healthcare information. It is responsible for the enforcement of HIPPA laws. The HHS shares rule-making and enforcement power with the FTC for data breaches related to medical records under the HITECH Act.
Federal Reserve Board
As a federal financial regulator the FRB enforces provisions by specific financial mandates such as the Gramm-Leach-Bliley Act (GLBA).
Office of the Comptroller of the Currency (OCC)
An independent bureau of the US Department of the Treasure. It regulates and supervises all national and federal banks and savings institutions, including agencies of foreign banks. Additionally, the OCC ensures fair access to financial services and compliance with financial privacy laws and regulations.
State Attorney General
The state attorney general is the chief legal advisory to the state government as well as the state’s chief law enforcement officer. They may take enforcement action on a state’s unfair and deceptive practice laws, HIPAA, GLBA, the Telemarketing Sales Rule and violations of breach notification laws.
Self-regulatory programs and trust marks
Refers to many approaches to privacy protection. Many industry groups create and monitor their own privacy guidelines and practices.