Foundational principles of Privacy in Technology Flashcards

1
Q

Data Lifecycle Components (5)

A
Collection
Use
Disclosure
Retention
Destruction
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The data lifecycle is shaped by…

A

privacy objectives and business practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

First-party data

A

Individual provides their PI directly to collector

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Individual’s data stream behavior is observed through their activities (searches, web visits, etc.)

A

Surveillance data collection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Repurposing/Secondary Use

A

Data used for purpose other than that for which it was previously collected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Third-party collection

A

Previously collected information is transferred to a third party

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Active collection

A

Data subject is aware of collection and takes action to enable collection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Passive collection

A

Occurs without action of the participant and isn’t always obvious

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Explicit consent

A

Requires user to take an action

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Implied consent

A

Does not require a user to take an action

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

True or False: Implied consent is valid

A

Mostly true: It is valid in some territories

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Is implied consent valid in the EU?

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Explicit or Implied Consent: Clicking a button that acknowledges a privacy notice has been received.

A

Explicit consent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Explicit or Implied Consent: Users must choose to opt in or out of collection of information before using a website

A

Explicit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Privacy notice (aka privacy statement)

A

Statement made to data subjects that describes how PI is collected, used, retained, and disclosed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Repurposing or disclosing data in unstated ways causes…

A

Harms and may be illegal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What should happen before data is repurposed or disclosed in new contexts?

A

It should be assessed for risks.
Update notices
Request consent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What determines how long data can be retained?

A

Legal and regulatory requirements

Applicable standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What should be assessed before data is moved offsite?

A

Risks and benefits

Security of transfer mechanism

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Quality requirements that should be associated with data (4)

A

Quality
Relevance
Accuracy
Completeness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What must DR and BCP plans highlight?

A

Business sensitive data that must be retained

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is a retention period attribute used for?

A

System reads attribute and deletes file when period has passed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A data lifecycle describes…

A

How data flows through an organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

PbD

A

Privacy by Design

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

PbD is based on…

A

Proactively into privacy into all levels of operations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is not a tradeoff or something to add after it has been built?

A

Privacy by Design

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What integrates the promition of privacy in system design?

A

Privacy by Design

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Who conceptualized Privacy by Design?

A

Anne Cavoukian

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Meaning: Proactive, not reactive; Preventative, not remedial

A

Make privacy a consideration in the design phase instead of reacting to harms.

30
Q

Meaning: Privacy as the Default Setting

A

The default of a system should preserve privacy.

31
Q

Privacy as the Default example

A

Opt-in instead of Opt-out

32
Q

Contextual integrity

A

Personal information handled based on norms (situational expectations)

33
Q

Meaning: Privacy Embedded into Design

A

Privacy is integral to design. System can’t be used without privacy features.

34
Q

Meaning: Full functionality - Positive sum, not zero sum

A

Getting full performance while protecting privacy.

Privacy is not a trade-off

35
Q

Meaning: End-to-end Security-Full lifecycle protection

A

Assess privacy risks in each stage of the information lifecycle.

36
Q

Meaning: Visibility and Transparency - Keep it open

A

Providing notice. Gives people a choice.

37
Q

Meaning: Respect for user privacy; keep it user centric

A

Designing for privacy and respecting Individuals needs and risks

38
Q

IAPP Risk calculation

A

Potential Threat + Impact of threat + Likelihood

39
Q

Risk management options (4)

A

Accept
Transfer
Mitigate
Avoid

40
Q

FIPPs

A

Privacy values that work alongside compliance models

High level compared to legal compliance

41
Q

Which privacy model is a high-level privacy strategy?

A

FIPPs

42
Q

Contextual integrity

A

Using PI in alignment with norms that apply to a particular context

43
Q

Actors

A

Senders and receivers of PI

44
Q

Nissenbaum’s term: “Attributes”

A

Type of information being shared

45
Q

Transmission principles

A

Govern the flow of information

46
Q

What happens when disruptions from informational norms occur?

A

Privacy problems

47
Q

What principle applies to identifying norms and designing for vulnerabilities?

A

Nissenbaum’s contextual privacy

48
Q

Ryan Calo

A

Law professor (Cyber law, privacy, and robotics)

49
Q

Calo’s harms dimensions (2)

A

Objective

Subjective

50
Q

Attributes of objective harms (4)

A

Privacy violation
Direct harm is known
Forced or unanticipated use of PI
Measurable and Observable

51
Q

Attributes of subjective harms

A

Expected or perceived harm

May not be observable or measurable

52
Q

Subjective harms can cause…(3)

A

Fear
Anxiety
Embarrassment

53
Q

Subjective vs. Objective harms

A

Subjective is threat. Objective is actual experience.

Feelings vs. consequences

54
Q

Why type of harm affects psychology and behavior?

A

Subjective

55
Q

Which harm leads to lost business, lost trust, social detriment?

A

Objective

56
Q

Freedom is impacted by…

A

privacy harms

57
Q

What can be used to build and retain trust?

A

Privacy notices and controls

58
Q

What does the NIST Privacy Framework do? (2)

A

Assist orgs in communicating and organizing privacy risk.

Guidance to build and evaluate privacy governance program

59
Q

NICE Framework

A

Categorizes and describes cybersecurity work using common terminology

60
Q

FAIR Model

A

Estimate risk
Build range of potential risk
Breaks down risk by its constituent parts

61
Q

FAIR risk parts

A

Frequency and magnitude, and impact

62
Q

What asks how often violation will occur and what time period?

A

FAIR model

63
Q

Value-sensitive design

A

Design approach that accounts for moral and ethical values

64
Q

Goal of value sensitive design

A

Stakeholders see their values reflected in the final design

65
Q

Direct stakeholders

A

Directly interact with the system

66
Q

Indirect stakeholders

A

Affected by the system but don’t interact with it.

67
Q

Value-sensitive design investigations (3)

A

Conceptual
Empirical
Technical

68
Q

Direct and indirect stakeholder analysis

A

Stakeholders and the benefits, harms, or tesions that affect them are identified

69
Q

Design thinking process (5)

A
Empathize
Define
Ideate
Prototype
Test
70
Q

Which design method accounts for ethical values?

A

Value-sensitive design

71
Q

What type of approach is the Design Thinking Process?

A

Iterative

72
Q

What is the result of combining value-sensitive design with Design thinking?

A

Integration of values with current system design methodologies.