Foundational principles of Privacy in Technology Flashcards
Data Lifecycle Components (5)
Collection Use Disclosure Retention Destruction
The data lifecycle is shaped by…
privacy objectives and business practices
First-party data
Individual provides their PI directly to collector
Individual’s data stream behavior is observed through their activities (searches, web visits, etc.)
Surveillance data collection
Repurposing/Secondary Use
Data used for purpose other than that for which it was previously collected
Third-party collection
Previously collected information is transferred to a third party
Active collection
Data subject is aware of collection and takes action to enable collection
Passive collection
Occurs without action of the participant and isn’t always obvious
Explicit consent
Requires user to take an action
Implied consent
Does not require a user to take an action
True or False: Implied consent is valid
Mostly true: It is valid in some territories
Is implied consent valid in the EU?
No
Explicit or Implied Consent: Clicking a button that acknowledges a privacy notice has been received.
Explicit consent
Explicit or Implied Consent: Users must choose to opt in or out of collection of information before using a website
Explicit
Privacy notice (aka privacy statement)
Statement made to data subjects that describes how PI is collected, used, retained, and disclosed.
Repurposing or disclosing data in unstated ways causes…
Harms and may be illegal
What should happen before data is repurposed or disclosed in new contexts?
It should be assessed for risks.
Update notices
Request consent
What determines how long data can be retained?
Legal and regulatory requirements
Applicable standards
What should be assessed before data is moved offsite?
Risks and benefits
Security of transfer mechanism
Quality requirements that should be associated with data (4)
Quality
Relevance
Accuracy
Completeness
What must DR and BCP plans highlight?
Business sensitive data that must be retained
What is a retention period attribute used for?
System reads attribute and deletes file when period has passed.
A data lifecycle describes…
How data flows through an organization
PbD
Privacy by Design
PbD is based on…
Proactively into privacy into all levels of operations.
What is not a tradeoff or something to add after it has been built?
Privacy by Design
What integrates the promition of privacy in system design?
Privacy by Design
Who conceptualized Privacy by Design?
Anne Cavoukian