Information Privacy Concepts (Prelims) Flashcards
Information privacy generally pertains to what is known as?
Personally Identifiable Information (PII)
This information can be used to distinguish an individual’s identity such as: birth race, religion, weight, activities, photographic images, x-rays, IP, or MAC address.
PII
The goal of this is to take privacy requirements into account through the system development process, from the concept of a new IT system through detailed system design, implementation, and operation.
Privacy by Design
These are system requirements that have privacy relevance. It defines the protection capabilities provided by the system, the performance, and behavioral characteristics exhibited by the system, and the evidence used to determine that the system privacy requirements have been satisfied.
Privacy Requirements
These principles were later widely adopted as a resolution by other prominent policymakers at the 32nd Annual International Conference of Data Protection and Privacy Commissioners meeting.
Privacy by Design Principles
PbD is an approach that anticipates privacy issues and seeks to prevent problems before they arise.
Proactive, not reactive; preventive, not remedial
This principle requires an organization to ensure that it only processed the data that is necessary to achieve its specific purpose and that PII is protected during collection, storage, use, and transmission.
Privacy as default
Privacy protections should be core, organic functions, not added on after a design is complete. Privacy should be integral both to the design and architecture of IT systems and to business practices.
Privacy embedded into the design
This principle encompasses two concepts. The terms end-to-end and life cycle refer to the protection of PII from the time of collection through retention and destruction.
End-to-end security—life cycle protection
PbD seek to assure users and other stakeholders that privacy-related business practices and technical controls are operating according to state commitments and objectives.
Visibility and transparency
Designers should seek solutions that avoid requiring a trade-off between privacy and system functionality or between privacy and security.
Full functionality: positive-sum, not zero-sum
Its objective is to enable organization executives to determine an appropriate budget for privacy and, within that budget, implement the privacy controls that optimize the level of protection.
Privacy Risk Assessment
Are the technical, physical, and administrative (or management) measures employed within an organization to satisfy privacy requirements.
Privacy Controls
Includes a disciplined, structured, and flexible process or organizational asset valuation; security and privacy control selection, implementation, and assessment; system and control authorizations; and continuous monitoring.
Risk management
Are safeguards or countermeasures prescribed for an information system or an organization that are designed to protect the confidentiality, integrity, and availability of its information and to meet a set of defined security requirements.
Security Controls
