CIPP/C Flashcards
What is the Right to Be Let Alone?
-1890
-Two famous American scholars advocated that society need to recoginize a privacy right
-Defined that right as “the right to be let alone”
-Occurred with the advent of the modern press and the ability to publish news in mass-distributed newspapers
What are the 3 (Main) Classes of Privacy
Information privacy
Privacy of the person
Territorial privacy
What is Information privacy?
One of three classes of privacy
Defined as “the claim of individuals or groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.”
Information’s protection is predicated on the assumption that all information about a person fundamentally belongs to them, for them to communicate or retain as they see fit.
By law is concerned with establishing rules that govern the collection and handling of PI (can include FI, medical data or other records)
Definitions of privacy include
Privacy has been defined as the desire of individuals to choose freely the circumstances and degree to which they expose their attitudes and behaviours to others
Been connected to the human personality and considered a means to protect an individual’s independence.
The right of the individual to be protected against intrusion into his personal life or affairs or those of his family by direct physical means or by publication of information
What is privacy of the person?
Protects bodily integrity, and in particular the freedom from physical contact that would reveal objects or matters a person wishes to conceal.
Bodily privacy is focused exclusively on a person’s physical body; invasions to this class of privacy include genetic testing, drug testing and body cavity searches.
What is Territorial privacy?
Concerned with placing limitations on the ability
of an individual or organization to intrude into another individual’s physical environment.
Original notion was founded on the principle that “the house of everyone is to him as his castle and fortress.
Invasion of an individual’s territorial privacy typically comes in the form of physical search of premises, video or audio surveillance, ID checks and similar intrusions.
3 Canadian Perspectives on Privacy
Privacy of the individual vis-à-vis the state
Privacy of the individual vis-à-vis other individuals.
Privacy of the individual vis-à-vis organizations
Privacy of the individual vis-à-vis the state
One ponders the extent to which an individual is free to live their life without the state interfering or knowing what the individual is doing
Privacy of the individual vis-à-vis other individuals.
One examines to what extent an individual can live life free from intrusion from another individual, such as a neighbour, coworker, spouse, parent or child.
Privacy of the individual vis-à-vis organizations
One looks at the extent to which organizations can collect, use and disclose personal information about an individual, and once they have collected such information, what obligations they have.
What are the 5 World Models for Data Protection?
Comprehensive Laws (Canada, European Union)
Sectoral Laws (United States)
The Self-Regulatory Model (United States, Japan and
Singapore)
Seal Programs
The Technology-Based Model
Describe the Comprehensive Laws (Canada, European Union) Model
These laws govern the CUD of PI in the public and private sectors
Country that has comprehensive data protection laws has an official/agency responsible for overseeing enforcement - called a DPA, but in Canada a commissioner/ombudsperson - ensures compliance with law and investigate alleged breaches of the law
Official also bears responsibility for educating the public on data protection and acts as an international liaison for data protection issues
What are 2 critical issues with the Comprehensive Law Model?
Enforcement and funding are two critical issues in a
comprehensive data protection scheme.
What can the movement toward comprehensive privacy and data protection laws be attributed to?
The need to;
(1) remedy past injustices,
(2) promote electronic commerce, and
(3) ensure consistency with pan-European laws
Describe the Sectoral Laws (United States) Model
This framework protects PI through the enactment of laws that specifically address particular industry sectors
Often are used as a complement to comprehensive laws to provide more specific protection for particular data.
What are 2 major drawbacks with the Sectoral Laws Model?
Technological Relevance
- b/c this model requires new legislation to accompany the introduction of new technologies, legislation often lags the technology that needs to be regulated
Oversight
-model lacks a central agency and a federal privacy mandate to provide oversight
Describe the Self-Regulatory Model (United States, Japan and Singapore)
Requires companies to abide by codes of practice as set by a company or group of companies as well as by industry and/or independent bodies to protect data
What are two major issues with the Self-Regulatory Model (United States, Japan and Singapore)?
Adequacy of codes of practice set by
companies and industry bodies
Enforcement.
Under the Self-Regulatory Model (United States, Japan and Singapore), what has happened b/c industry-developed codes provide limited data protection and are
coupled with weak mechanisms for enforcement?
Several coalitions and independent organizations have established codes of practice and seal
programs.
What is the Online Privacy Alliance?
A coalition of numerous online companies and trade associations specifically established to encourage the self-regulation of online privacy.
What did the Online Privacy Alliance introduce?
Guidelines for Online Privacy Policies
Who created the Guidelines for Online Privacy Policies and what occurs under them?
Online Privacy Alliance
Under these guidelines, OPA members agree to post a privacy policy that informs users about how their information is collected and used.
Notably, the guidelines do not provide for enforcement and instead encourage members to establish enforcement mechanisms independently.
What are Seal Programs?
Certifications and attestations provided by third parties
Is a prominent form of self-regulation
A seal program requires its participants to abide by codes
of information practices and adhere to some variation of monitoring to ensure compliance.
Companies that abide by the terms of the seal program are then allowed to display the program’s privacy seal on their websites.
Examples of such programs are TrustArc (formerly TRUSTe), BBBOnline, WebTrust, and the Digital Advertising Alliance (DAA).
Describe the Technology-Based Model
Technological security measures can be undertaken to ensure the protection of individuals’ personal data.
Developments in commercially available hardware and
software have enabled consumers to establish privacy protections for their own online activity.
Examples: Digital Cash and Encryption