Foundations I. Common Principles and Approaches to Privacy Flashcards
• Historical descriptions, definitions and classes of privacy • Types and elements of information • Privacy policies and notices and processing of personal data • Information risk management and information lifecycle principles • Modern privacy principles, including FIPs, OECD and APEC, and common themes
What was “The Right to Privacy”?
The Harvard Law Review article written by Samuel Warren and Louis Brandies in 1890 that defined privacy as the “right to be left alone.”
What are the 4 classes of privacy?
- Information
- Bodily
- Territorial
- Communications
What was one of the first privacy laws in the UK?
The Justices of the Peace Act enacted in 1361
What country enacted the Access to Public Records Act in 1776?
Sweden - The Swedish Parliament
What is the Universal Declaration of Human Rights?
Adopted by the General Assembly of the United Nations in 1948.
What does Article 12 of the Universal Declaration of Human Rights say?
It describes both the territorial and communications notions of privacy.
What document predated the Universal Declaration of Human Rights in 1948?
The American Declaration of the Rights and Duties of Man adopted by the Organization of American States. It predated the UDHR by 6 months.
What is the ECHR?
The European Convention for the Protection of Human Rights and Fundamental Freedoms set forth by the Council of Europe in 1950. It acknowledged the goals of the UDHR.
What does Article 8 of the ECHR state?
This treaty provision limits a public authority’s interference with an individual’s right to privacy, but acknowledges an exception for actions in accordance with the law that are necessary to preserve a democratic society.
How did the Council of Europe respond to concerns that privacy was not protected in light of emerging technology in the late 1960s?
Recommendation 509 on Human Rights and Modern and Scientific Technological Developments - establishes a framework of specific principles and standards to prevent unfair collection and processing of personal information. This was later built upon to protect personal data in data banks and set in motion national legislation.
What country enacted the first modern data protection law?
The German State of Hesse in 1970.
What was the first national privacy law enacted in the US?
The Fair Credit Reporting Act in 1970.
How does the EU define “personal data”?
“Any and all data that’s related to an identified or identifiable individual.”
What term is used in the US to cover information covered by privacy laws?
personally identifiable information (PII)
What is not included in the definition of “personal information” in Canada?
Certain business information is not covered in this country. NOTE: The types of data elements commonly found on a business card are excluded from coverage by the act.
How is “personal information” defined in Japan?
information that’s related to living individuals and that can be used to identify specific individuals by name, date of birth or other description.
What is Sensitive Personal Information?
A subset of personal information that may vary depending on jurisdiction and particular regulations.
What is Sensitive Personal Information called under the EU Data Protection Directive?
Special categories of data.
What are the categories of special categories of data?
Racial or ethic origin, political opinions, religious or philosophical beliefs, trade union membership, health data, sex life information.
What is important to note about sensitive categories of data?
Such data can be considered sensitive depending on jurisdiction and type and subject to strict rules (e.g. SSNs, biometric data in France, the context of data is important under PIPEDA, etc.).
Do privacy and data protection law apply to non-personal information?
Generally no.
How can data become non-personal?
Through removal of the elements used to identify an individual (i.e. de-identified, anonymized, pseudonymized).
What is the difference between personal and non-personal information?
It depends on what is “identifiable” - regulators and courts from jurisdiction to jurisdiction may differ on this.
What other information assets, though not personal information, need to be protected within an organization?
- Financial Data
- Operational Data
- Intellectual Property
- Information about the organizations products and services