Developing a Privacy Program - Section I.A. - Overview of a Privacy Program Flashcards
The principle that data should be collected only for the purposses for which it is relevant is often referred to as what?
Collection Limitation Principle
What is commonly considered the most important principle underlying privacy program management?
Accountability Prinicple
What are technical security controls?
Technical controls refer to computer code or other electronic systems designed to limit access to authorized users and to maintain the integrity of data from outside attack.
What are Fair Information Practices?
A set of principles and practices that describe how best to approach the collection, storage, and management of data to properly balance fairness, privacy, and security with respect to that data.
What are the three main types of security controls?
(1) Physical controls;
(2) Technical controls; and
(3) Administrative controls.
True or False: The FIP “notice” refers only to telling a consumer that his or her data will be collected.
False. Notice also refers to providing consumers additional information, such as
* how their data will be used,
* who their data will be disclosed to, and
* when their data will be destroyed.
True or False: Implementation and management of a privacy program relies heavily upon general corporate management principles?
True
Successful implementation and management of a privacy program requires what type of approach?
A holistic approach
False. Although a privacy program facilitates legal compliance, it may also be necessary for legal compliance because applicable law may dictate that such a program be established.
What is the term that the Gramm-Leach-Bliley Act uses to describe a “data processor”?
Service Provider
True or False: There is one, universally-accepted set of FIPs.
False. FIPs change with particular circumstances and to accommodate competing concerns.
What are the three main mechanisms or principles used to protect individual rights with respect to personal information?
- Consent
- Access
- Notice
True of False: The FIP of access refers only to providing a consumer the ability to view the personal information collected about him or her.
False. Access also commonly refers to the ability of consumers to correct or update inaccurate information.
How is a privacy program best defined?
The process through which organizations meet their legal compliance obligations, market expectations, and data security goals with respect to the handling of personal information.
Employee training is an important part of what FIP principle?
The accountability principle