Intro Privacy

Question 1

Name the important FIPS and the years

Answer 1

-The 1973 U.S. Department of Health, Education and Welfare Fair Information
Practice Principles
-The 1980 Organisation for Economic Co-operation and Development (OECD)
Guidelines on the Protection of Privacy and Transborder Flows of Personal
Data (“OECD Guidelines” )
-The 1981 Council of Europe Convention for the Protection of Individuals with Regard to the Automatic Processing of Personal Data (“Convention 108”)
-The Asia-Pacific Economic Cooperation (APEC), which in 2004 agreed to a
Privacy Framework
-The 2009 Madrid Resolution–International Standards on the Protection of Personal Data and Privacy

Question 2

FIPS HEW

Answer 2

-no personal record keeping that is secret
-a person to find out what is in the record and how it is used
-person can prevent info that was collected for one purpose for other purposes
-correct and amend
-Organization to prevent misuse.

Question 3

Personal

Answer 3

Personal names ssn passport- Identifiable - street address telephone number and email.
Sensitive personal information - Ssn financial drivers license.
Sensitive needs more protection.

Question 4

Non personal

Answer 4

Sim terms - deidentified or anonymized
Pseuadonymized

Question 5

Is IP address personal information?

Answer 5

Us fed agency’s under the privacy act say no! The FTC says Yes! When connected with breach of healthcare.

Question 6

HIPAA applies to

Answer 6

Covered Entities and for Personal health information only.

Question 7

Sources of Personal information

Answer 7

Public Records - govt info
Publicly Available - Telephone Book
Non public Information

Question 8

Can info be public record, publicly available or non public?

Answer 8

Yes. A name and address as an example. Restrictions may apply to a name and address in a healthcare file.

Question 9

Processing Personal Information

Answer 9

Collection, Recording, organization, storage, updating or modification, retrieval, consultation and use of personal information.
Data Subject
Data controller
Data processor

Question 10

Data Subject

Answer 10

About whom the data is being collected

Question 11

Data controller

Answer 11

Org that has authority how and why personal info is to be processed. Can be individual or organization (corporations or partnership). Focus

Question 12

Data Processor

Answer 12

Individual or Org. Hippa calls them Business associates. Third party’s expected to follow the same rules and can’t do extra.

Question 13

Sources of Privacy Protection

Answer 13

Markets
Technology
Law
Self regulation
Co regulation.

Question 14

Sources of Privacy Protection markets

Answer 14

Let the market dictate

Question 15

Sources of privacy protection technology

Answer 15

Encryption. Security best practice

Question 16

Sources of privacy protection law

Answer 16

Traditional approach - “laws may not be well drafted and may be poorly enforced”

Question 17

Sources of Privacy protection self regulation

Answer 17

Compliment the law.
Legislation - who defines privacy rules.
Enforcement - data protection authorities DPA, other government agencies, industry code enforcement or affected individuals.
Adjudication- who is guilty??industry association, government agency or judicial officer.

Question 18

World Models of Data Protection

Answer 18

Comprehensive
Sectoral
Co-Regulatory and Self-Regulatory Models