Developing a Privacy Program - Section I.A. - Overview of a Privacy Program

Question 1

The principle that data should be collected only for the purposses for which it is relevant is often referred to as what?

Answer 1

Collection Limitation Principle

Question 2

What is commonly considered the most important principle underlying privacy program management?

Answer 2

Accountability Prinicple

Question 3

What are technical security controls?

Answer 3

Technical controls refer to computer code or other electronic systems designed to limit access to authorized users and to maintain the integrity of data from outside attack.

Question 4

What are Fair Information Practices?

Answer 4

A set of principles and practices that describe how best to approach the collection, storage, and management of data to properly balance fairness, privacy, and security with respect to that data.

Question 5

What are the three main types of security controls?

Answer 5

(1) Physical controls;
(2) Technical controls; and
(3) Administrative controls.

Question 6

True or False: The FIP “notice” refers only to telling a consumer that his or her data will be collected.

Answer 6

False. Notice also refers to providing consumers additional information, such as
* how their data will be used,
* who their data will be disclosed to, and
* when their data will be destroyed.

Question 7

True or False: Implementation and management of a privacy program relies heavily upon general corporate management principles?

Answer 7

True

Question 8

Successful implementation and management of a privacy program requires what type of approach?

Answer 8

A holistic approach

Question 9

True or False: Implementation of a privacy program is intended to facilitate legal compliance, but the establishment of a privacy program is never mandated by law or regulation.

Answer 9

False. Although a privacy program facilitates legal compliance, it may also be necessary for legal compliance because applicable law may dictate that such a program be established.

Question 10

What is the term that the Gramm-Leach-Bliley Act uses to describe a “data processor”?

Answer 10

Service Provider

Question 11

True or False: There is one, universally-accepted set of FIPs.

Answer 11

False. FIPs change with particular circumstances and to accommodate competing concerns.

Question 12

What are the three main mechanisms or principles used to protect individual rights with respect to personal information?

Answer 12

• Consent
• Access
• Notice

Question 13

True of False: The FIP of access refers only to providing a consumer the ability to view the personal information collected about him or her.

Answer 13

False. Access also commonly refers to the ability of consumers to correct or update inaccurate information.

Question 14

How is a privacy program best defined?

Answer 14

The process through which organizations meet their legal compliance obligations, market expectations, and data security goals with respect to the handling of personal information.

Question 15

Employee training is an important part of what FIP principle?

Answer 15

The accountability principle

Question 16

What are the 8 principles included in the OECD’s Guidelines

Answer 16

(1) Collection limitation principle;
(2) Data quality principle;
(3) Purpose specification principle;
(4) Use limitation principle;
(5) Security safeguards principle;
(6) Openness principle;
(7) Individual participation principle; and
(8) Accountability principle

Question 17

What is the most mommonly cited motivation for organizations to develop a privacy program?

Answer 17

Regulatory Compliance

Question 18

What organization promulated the most widely followed interation of FIPs?

Answer 18

The Organization for Economic Co-operation and Development (OECD)

Question 19

Privacy Pluralistic World

Answer 19

Privacy can be defined in multiple unique ways baded on the user’s individual perspective

Question 20

What are the four main mechanisms or principles used to protect an organization’s use of personal information?

Answer 20

1) Security Controls
2) Data Quality Controls
3) Limitations on Processing
4) Accountability (e.g. proper administration and monitoring)

Question 21

Which organization adopted the Madrid Resolution in 2009?

Answer 21

The International Conference of Data Protection and Privacy Commissionioners

Question 22

What are physical security controls?

Answer 22

Protections over physical space and access, such as storing computer servers behind locked doors.