Information Privacy Concepts Flashcards
Information privacy generally pertains to what is known as
personal identifiable information (PII)
… is information that can be used to distinguish or trace an individual’s identity
PII
Examples of Personal Identifiable Information (PII)
- Information about birth, race, religion, weight, activities, geographic indicators, employment information, education information, and financial information
- Personal characteristics, including photographic images, x-rays, fingerprints, or biometric image
- Asset information such as Internet Protocol (IP) or Media Access Control (MAC)
In dealing with the privacy of PII, two (2) new concepts have emerged: what are those?
- Privacy by Design (PbD)
- Privacy Engineering
The goal of privacy by design is to take privacy requirements into account throughout the system development process, from the conception of a new IT system through detailed system design, implementation, and operation
True
These are system requirements that have privacy relevance
Privacy requirements
define the protection capabilities provided by the system, the performance, and behavioral characteristics exhibited by the system, and the evidence used to determine that the system privacy requirements have been satisfied.
System privacy requirements
Privacy requirements are derived from various sources, including laws, regulations, standards, and stakeholder expectation
True
A useful guide to developing a PbD approach is the set of of foundational principles for PbD first proposed by ..
Ann Cavoukian
What are the principles by Ann Cavoukian on Privacy by Design?
- Proactive, not reactive; preventive, not remedial
- Privacy as the default
- Privacy embedded into the design
- Full functionality: positive-sum, not zero-sum
-End-to-end security-life cycle protection - Visibility and transparency
- Respect for user privacy
