Developing a Privacy Program - Section I.A. - Overview of a Privacy Program Flashcards
The principle that data should be collected only for the purposses for which it is relevant is often referred to as what?
Collection Limitation Principle
What is commonly considered the most important principle underlying privacy program management?
Accountability Prinicple
What are technical security controls?
Technical controls refer to computer code or other electronic systems designed to limit access to authorized users and to maintain the integrity of data from outside attack.
What are Fair Information Practices?
A set of principles and practices that describe how best to approach the collection, storage, and management of data to properly balance fairness, privacy, and security with respect to that data.
What are the three main types of security controls?
(1) Physical controls;
(2) Technical controls; and
(3) Administrative controls.
True or False: The FIP “notice” refers only to telling a consumer that his or her data will be collected.
False. Notice also refers to providing consumers additional information, such as
* how their data will be used,
* who their data will be disclosed to, and
* when their data will be destroyed.
True or False: Implementation and management of a privacy program relies heavily upon general corporate management principles?
True
Successful implementation and management of a privacy program requires what type of approach?
A holistic approach
False. Although a privacy program facilitates legal compliance, it may also be necessary for legal compliance because applicable law may dictate that such a program be established.
What is the term that the Gramm-Leach-Bliley Act uses to describe a “data processor”?
Service Provider
True or False: There is one, universally-accepted set of FIPs.
False. FIPs change with particular circumstances and to accommodate competing concerns.
What are the three main mechanisms or principles used to protect individual rights with respect to personal information?
- Consent
- Access
- Notice
True of False: The FIP of access refers only to providing a consumer the ability to view the personal information collected about him or her.
False. Access also commonly refers to the ability of consumers to correct or update inaccurate information.
How is a privacy program best defined?
The process through which organizations meet their legal compliance obligations, market expectations, and data security goals with respect to the handling of personal information.
Employee training is an important part of what FIP principle?
The accountability principle
What are the 8 principles included in the OECD’s Guidelines
(1) Collection limitation principle;
(2) Data quality principle;
(3) Purpose specification principle;
(4) Use limitation principle;
(5) Security safeguards principle;
(6) Openness principle;
(7) Individual participation principle; and
(8) Accountability principle
What is the most mommonly cited motivation for organizations to develop a privacy program?
Regulatory Compliance
What organization promulated the most widely followed interation of FIPs?
The Organization for Economic Co-operation and Development (OECD)
Privacy Pluralistic World
Privacy can be defined in multiple unique ways baded on the user’s individual perspective
What are the four main mechanisms or principles used to protect an organization’s use of personal information?
1) Security Controls
2) Data Quality Controls
3) Limitations on Processing
4) Accountability (e.g. proper administration and monitoring)
Which organization adopted the Madrid Resolution in 2009?
The International Conference of Data Protection and Privacy Commissionioners
What are physical security controls?
Protections over physical space and access, such as storing computer servers behind locked doors.
