Developing a Privacy Program - Section I.A. - Overview of a Privacy Program Flashcards

1
Q

The principle that data should be collected only for the purposses for which it is relevant is often referred to as what?

A

Collection Limitation Principle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is commonly considered the most important principle underlying privacy program management?

A

Accountability Prinicple

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are technical security controls?

A

Technical controls refer to computer code or other electronic systems designed to limit access to authorized users and to maintain the integrity of data from outside attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are Fair Information Practices?

A

A set of principles and practices that describe how best to approach the collection, storage, and management of data to properly balance fairness, privacy, and security with respect to that data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the three main types of security controls?

A

(1) Physical controls;
(2) Technical controls; and
(3) Administrative controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

True or False: The FIP “notice” refers only to telling a consumer that his or her data will be collected.

A

False. Notice also refers to providing consumers additional information, such as
* how their data will be used,
* who their data will be disclosed to, and
* when their data will be destroyed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

True or False: Implementation and management of a privacy program relies heavily upon general corporate management principles?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Successful implementation and management of a privacy program requires what type of approach?

A

A holistic approach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

True or False: Implementation of a privacy program is intended to facilitate legal compliance, but the establishment of a privacy program is never mandated by law or regulation.

A

False. Although a privacy program facilitates legal compliance, it may also be necessary for legal compliance because applicable law may dictate that such a program be established.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the term that the Gramm-Leach-Bliley Act uses to describe a “data processor”?

A

Service Provider

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

True or False: There is one, universally-accepted set of FIPs.

A

False. FIPs change with particular circumstances and to accommodate competing concerns.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the three main mechanisms or principles used to protect individual rights with respect to personal information?

A
  • Consent
  • Access
  • Notice
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

True of False: The FIP of access refers only to providing a consumer the ability to view the personal information collected about him or her.

A

False. Access also commonly refers to the ability of consumers to correct or update inaccurate information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How is a privacy program best defined?

A

The process through which organizations meet their legal compliance obligations, market expectations, and data security goals with respect to the handling of personal information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Employee training is an important part of what FIP principle?

A

The accountability principle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the 8 principles included in the OECD’s Guidelines

A

(1) Collection limitation principle;
(2) Data quality principle;
(3) Purpose specification principle;
(4) Use limitation principle;
(5) Security safeguards principle;
(6) Openness principle;
(7) Individual participation principle; and
(8) Accountability principle

17
Q

What is the most mommonly cited motivation for organizations to develop a privacy program?

A

Regulatory Compliance

18
Q

What organization promulated the most widely followed interation of FIPs?

A

The Organization for Economic Co-operation and Development (OECD)

19
Q

Privacy Pluralistic World

A

Privacy can be defined in multiple unique ways baded on the user’s individual perspective

20
Q

What are the four main mechanisms or principles used to protect an organization’s use of personal information?

A

1) Security Controls
2) Data Quality Controls
3) Limitations on Processing
4) Accountability (e.g. proper administration and monitoring)

21
Q

Which organization adopted the Madrid Resolution in 2009?

A

The International Conference of Data Protection and Privacy Commissionioners

22
Q

What are physical security controls?

A

Protections over physical space and access, such as storing computer servers behind locked doors.