CIPP Flashcards

Pass the fucking exam

1
Q

4 Classes of Privacy

A
  1. Information Privacy
  2. Communications Privacy
  3. Bodily Privacy
  4. Territorial Privacy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Information Privacy

A

Rules that govern the collection and handling of personal info:

  • Financial and medical info
  • Government Records
  • Internet activity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Communications Privacy

A

Establishes protection of the means of correspondence, such as:

  • Postal Mail
  • Telephone Conversations
  • Email
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Territorial Privacy

A

Establishes placing limits on the ability to intrude into another individual’s environment including:

  • Home
  • Workplace
  • Public Space
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Fair Information Practices - 4 Principals

A
Set of principles that consider: 
1. rights of individuals
2. controls on the information
3. the info life-cycle 
4. management.  
They are guidelines for handling, storing and managing personal info properly.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Data Protection Authority

A

Enforces privacy or data protection laws and regulations. US has no national data protection authority but several groups over see privacy matters (FTC, state attorneys general, federal financial regulators)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Data Controller

A

An organization or individual with the authority to decide how and why information about data subjects is to be processed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Data Subject

A

An individual about whom information is being processed. Ex. Consumer, employee, patient

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Data Processor

A

An organization or individual, often a third-party outsourcing service that process data on behalf of the data controller

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Personal Information

A

Information that make sit possible to identify and individual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Nonpersonal Information

A

Anonymizing personal information by removing identifying elements renders it nonpersonal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Sensitive personal information

A

A subset of personal information; usually requires additional safeguarding of its collection use and disclosure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Pseudonymized Information

A

A unique code or pseudonym is used as a temporary solution to protecting information. It is reversible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Examples of Public Records

A

Real estate records, birth and death records, licensing records, statistical data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Examples of Publicly available information

A

Telephone books, public media, newspapers, search engine results

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Examples of Nonpublic information

A

Medical records, financial information, customer databases, adoption records

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Federal Trade Commission (FTC)

A

Has general authority to enforce rules against unfair and deceptive trade practices.

  • has power to bring enforcement actions where privacy promise is broken
  • has statutory responsibility for issues such as children’s online privacy and commercial email marketing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Federal Communications Commission (FCC)

A

places significant compliance regulations on the marketplace. Governs the communications industry such as television, radio, telemarketing, and online marketing. FTC also enforces privacy law.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

US Department of Commerce (DOC)

A

Plays a leading role in federal privacy policy development and administers the Privacy Shield Framework btwn the US and EU. DOC works with FTC on enforcement of privacy and security standards by organizations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Department of Health and Human Services (HHS)

A

Created regulations to protect the privacy and security of healthcare information. It is responsible for the enforcement of HIPPA laws. The HHS shares rule-making and enforcement power with the FTC for data breaches related to medical records under the HITECH Act.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Federal Reserve Board

A

As a federal financial regulator the FRB enforces provisions by specific financial mandates such as the Gramm-Leach-Bliley Act (GLBA).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Office of the Comptroller of the Currency (OCC)

A

An independent bureau of the US Department of the Treasure. It regulates and supervises all national and federal banks and savings institutions, including agencies of foreign banks. Additionally, the OCC ensures fair access to financial services and compliance with financial privacy laws and regulations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

State Attorney General

A

The state attorney general is the chief legal advisory to the state government as well as the state’s chief law enforcement officer. They may take enforcement action on a state’s unfair and deceptive practice laws, HIPAA, GLBA, the Telemarketing Sales Rule and violations of breach notification laws.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Self-regulatory programs and trust marks

A

Refers to many approaches to privacy protection. Many industry groups create and monitor their own privacy guidelines and practices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Consent Decree

A

An agreement or settlement that resolves a dispute between two parties without admission of guilt or liability.

26
Q

3 branches of government

A

Executive, Legislative, Judicial

27
Q

Executive Branch

A

Enforces Laws, made up of President, VP, cabinet and federal agencies

28
Q

Legislative Branch

A

Makes Laws, made up of Congress, House and Senate

29
Q

Judicial Laws

A

Interprets Laws, made up of federal courts

30
Q

Constitution

A

US Constitution is the supreme law in the US. while the word privacy is not mentioned in the Constitution, there are parts that directly affect it, such as the Fourth Amendment. State constitutions are also sources of law and can create stronger rights than those provided by the US Constitution.

31
Q

Legislation

A

Privacy and security laws have been passed by both federal and state legislatures. These regulations are implemented across numerous industries, from healthcare and education to finance and surveillance. State legislation may be stricter than national legislation, and in other cases, Federal law overrides state laws, as with HIPAA and CAN-SPAM.

32
Q

Regulations and Rules

A

Regulatory agencies, such as the Federal Trade Commission and Federal Communications Commission, issue regulations and rules that place compliance expectations on industries, such as marketing.

33
Q

Case Law

A

When final decisions are made by duges in court cases, this is knows as case law. Often judges will look to past decisions and decide how to rule in the new case in a manner that was consistent with a past decision. These precedents do change, however, as technological and societal changes in values and laws evolve over time.

34
Q

Common Law

A

These laws refer to legal principles that have developed over time through judicial decisions and contrast with statutory laws. Drawing from social customs and expectations, doctor-patient and attorney-client confidentiality are examples of common law.

35
Q

Consent Decree

A

Consent decrees are agreements or settlements that resolve a dispute between two parties without admission of guilt or liability. through a legal document approved by a judge the defendant may have to take specific action, such as agreeing to stop the alleged illegal activity or pay money to the government and agree to not violate the relevant law in the future.

36
Q

Contract Law

A

A legally binding contract that must include an offer, such as terms of agreement, acceptance by the person to whom the offer was made, and consideration, which is bargained-for exchange, as in money, property or services. This contract is usually enforceable in a court of law or in arbitration by a neutral third party where agreed-upon by the parties. In regard to privacy, the contract may include provisions on data usage, security, and breach notification.

37
Q

Tort Law

A

Tor laws are civil wrong recognized by laws as having the grounds for lawsuits. The primary goal for lawsuit is to provide relief for damages incurred and deter others from committing the same wrongs. There are three general tort categories: Intentional, negligent, and strict liability.

38
Q

Private Right of Action

A

The ability of an individual harmed by a violation of a law to file a lawsuit against the violator

39
Q

Jurisdiction

A

The authority of a court to hear a particular case.

40
Q

Authority

A

Permission to regulate a field of activity or a singular activity, which is outlined by legislation.

41
Q

Preemption

A

A superior government’s ability to have its laws supersede those of an inferior government

42
Q

6 Tenants to Understanding Privacy Laws

A
  1. Who is covered by the Law? (identifies an organization or person)
  2. What types of info and what uses of info are covered? (Explains the scope, suggests good practices or trends)
  3. What exactly is required or prohibited? (How one must comply with the law)
  4. Who enforces the law?
  5. What happens if i don’t comply? (assesses the risk of failing to comply with the law)
  6. Why does this law exist? (Fosters understanding and improvement of the law)
43
Q

Federal Trade Commission (FTC)

A

Has general authority to enforce rules against unfair and deceptive trade practices. This also include the power to bring deception enforcement actions where an organization has broken a privacy promise. Additionally, the FTC has statutory responsibility for issues such as children’s online privacy and commercial email marketing and have been instrumental in developing US privacy standards.

44
Q

Federal Communications Commission

A

Places significant compliance regulations on the marketplace. It governs the communications industry, such as television, radio and telemarketing, and more recently, with online marketing developing such as laws a the Telemarketing Sales Rule and controlling the Assault of Non-Solicited Pornography and Marketing Act (know as the CAN-SPAM Act). Along with the FTC the FCC also enforces privacy law.

45
Q

US Department of Commerce

A

The Department of Commerce plays a leading role in federal privacy policy development and administers the Privacy Shield Framework between the US and the EU. The Department of Commerce works along with the FTC on the enforcement of privacy and security standards set by organizations, particularly with those having privacy self-regulatory programs.

46
Q

Department of Health and Human Services

A

Created regulation to protect the privacy and security of healthcare information. It is responsible for the enforcement of HIPAA laws. The HHS shares rule-making and enforcement power with the FTC for data breaches related to medical records under the Health Information Technology for Economic and Clinical Health (HITECH) Act.

47
Q

Federal Reserve Board

A

Enforces provisions by specific financial mandates, such as the Gramm-Leach-Bliley Act (GLBA). The consumer Financial Protection Bureau is an independent bureau under the Federal Reserve, has rule-making authority for laws related to financial privacy and oversees the relationship between consumers and financial product and service providers.

48
Q

Office of the Comptroller of the Currency

A

An independent bureau of the US Department of Treasury. It regulates and supervises all national and federal banks and savings institutions, including agencies of foreign banks. Additionally, the OCC ensures fair access to financial services and compliance with financial privacy laws and regulations.

49
Q

State Attorney General

A

Chief legal advisor to the state government, as well as the state’s chief law enforcement officer. They may take enforcement action on a state’s unfair and deceptive practice laws, HIPAA, GLBA, the Telemarketing Sales Rule and violations of breach of notification laws.

50
Q

Self-Regulatory Programs

A

refers to many approaches to privacy protection. Many industry groups create and monitor their own privacy guidelines and practices. Governmetn agencies, such as the FTC, may be involved in enforcement and adjudication. Organizations may also adopt th guidelines of a third party and have that third party motor and enforce compliance, as in third-party seal and certification programs, such a s TrustArc, the Better Business Bureau and the EU-US Privacy Shield.

51
Q

EEC

A

European Economic Community

52
Q

Universal Declaration of Human Rights

A

(1948) Followed WWII, established right to private life and associated freedoms (Article 12) right to freedom of expression (Article 19)

53
Q

ECHR

A

European Convention on Human Rights

54
Q

Collection Limitation Principle

A

Personal information must be collected fairly and lawfully and where appropriate with the knowledge and consent of the individual concerned

55
Q

Data Quality Principle

A

Personal information must be relevant, complete, accurate and up to date

56
Q

Purpose Specification Principle

A

The purpose for which the personal information is to be used must be specified not later than at the time of collection and any use must be compatible with that purpose

57
Q

Use Limitation Principle

A

Any disclosure of personal information must be consistent with the purposes specified unless the individual has given consent or the data controller has lawful authority to do so

58
Q

Security Safeguards Principle

A

Reasonable security safeguards must be taken against risk such as a loss or unauthorized access, destruction, use, modification or disclosure of personal information.

59
Q

Openness Principle

A

There should be a general policy of openness with respect to the uses of personal information, as well as the identity and location of the data controller

60
Q

Individual Participation Principle

A

This sets out what an individual is entitled to receive from a data controller pursuant to a request for his or her personal information. This has become one of the most important aspects of subsequent data protection legislation

61
Q

Accountability Principle

A

A data controller should be accountable for complying with measures that ensure the principles state above