Introduction to Privacy

Question 1

In 1890, the American, Louis Brandeis and Samuel Warren published which publication?

Answer 1

The Right to Privacy

Question 2

The “Right to Privacy” publication defined privacy as _____________________?

Answer 2

The right to be left alone

Question 3

_______________ is defined as the desire of people to freely choose the circumstances and the degree to which individuals will expose their attitudes and behavior to others.

Answer 3

Privacy

Question 4

What are the four classes of privacy?

Answer 4

Information Privacy
Bodily Privacy
Territorial Privacy
Communications Privacy

Question 5

_______________ Privacy are rules that govern the collection and handling of personal information.

Answer 5

Information Privacy

Question 6

Personal information, financial information, medical information, government records and records of a person’s activities on the internet are examples of _________________ Privacy.

Answer 6

Information Privacy

Question 7

_______________ Privacy is focused on a person’s physical being and invasion thereof.

Answer 7

Bodily Privacy

Question 8

Drug Testing, genetic testing, body cavity searches, abortion and adoption are examples of _____________ Privacy.

Answer 8

Bodily Privacy

Question 9

________________ Privacy refers to limitations on intruding into another individual’s environment.

Answer 9

Territorial Privacy

Question 10

Invasion into ______________ Privacy typically takes the form of monitoring, such as video surveillance, ID checks, and use of similar technology.

Answer 10

Territorial Privacy

Question 11

True or False?

In Territorial Privacy, another individual’s “environment” is limited to the home.

Answer 11

False

Environment is not limited to the home but may include the workplace or public space.

Question 12

_______________ Privacy protects the means of correspondence.

Answer 12

Communication Privacy

Question 13

Phone conversations, postal mail, email and other forms of communication are examples of ___________________ Privacy.

Answer 13

Communication Privacy

Question 14

The industry standard in assessing risk is:

Risk = ________ X ________ X _________

Answer 14

Risk = Threat x Vulnerability x Expected Loss

Question 15

The ________ associated with a company’s information technology is directly related to threats, vulnerabilities and expected loss.

Answer 15

Risk

Question 16

_____________ are any circumstances that may cause an undesirable event.

Answer 16

Threats

Question 17

Data breach is an example of a ___________.

Answer 17

Threat

Question 18

____________ are weaknesses in an organization’s information systems policies or procedures.

Answer 18

Vulnerabilities

Question 19

When a threat exploits a vulnerability, a __________ causes risk to occur.

Answer 19

Security Event

Question 20

________ = Probability of an event occuring
X
Expected Loss associated with event

Answer 20

Risk for a particular security event

Question 21

_________ Act lays out the basic rules for agency enforcement actions.

Answer 21

Administrative Procedure Act

Question 22

Fair Information Practices (FIPs) are also known as ________________________.

Answer 22

Fair Information Practice Principles (FIPPs)

Question 23

___________ have been used since the 1970’s as a means for organizing individual’s privacy rights and organizing personal information (PI) responsibilities.

Answer 23

Fair Information Practices (FIPs)
also known as
Fair Information Practice Principles (FIPPs)

Question 24

___________ dates back to a 1973 report by the US Department of Health, Education and Welfare Advisory Committee on Automated Systems.

Answer 24

Fair Information Practices (FIPs)
also known as
Fair Information Practice Principles (FIPPs)

Question 25

Fair Information Practices (FIPs) have ______ categories.

Answer 25

Four

Question 26

What are the Fair Information Practices (FIPs) categories?

Answer 26

Rights of Individuals
Controls on Information
Information Life Cycle
Management

Question 27

Notice, choice/consent and data subject access refer to which FIPs category?

Answer 27

Rights of Individuals

Question 28

True or False

Organizations should provide notice about their privacy policies and procedures.

Answer 28

True

Question 29

___________ identifies the purpose personal information (PI) is collected, used, retained and disclosed.

Answer 29

Notice

Question 30

___________ can be implicit or explicit with respect to the collection, use, retention and disclosure of personal information (PI).

Answer 30

Consent

Question 31

In reference to the “Rights of Individuals” FIPs category, ___________ is important when disclosing personal information (PI) to other data controllers.

Answer 31

Consent

Question 32

In reference to the “Rights of Individuals” FIPs category, ___________ occurs when organizations provide access to an individual’s personal information (PI) for review and update.

Answer 32

Data Subject Access

Question 33

Information Security and Information Quality refer to which FIPs category?

Answer 33

Controls on the Information

Question 34

___________ refers to using reasonable administrative, technical and physical safeguards to protect personal information (PI) against unauthorized use, disclosure, modification and destruction.

Answer 34

Information Security

Question 35

__________ refers to maintaining accurate, complete and relevant personal information (PI) for the purposes identified in the notice.

Answer 35

Information Quality

Question 36

Collection, Use and Retention and Disclosure refer to which FIPs category?

Answer 36

Information Lifecycle

Question 37

In reference to the “Information Lifecycle” FIPs category, ___________ refers to gathering personal information only for the purposes identified in the notice.

Answer 37

Collection

Question 38

True or False

Organizations should limit the use of personal information (PI) to the purposes identified in the notice only.

Answer 38

False
Organizations should limit the use of personal information (PI) to the purposes identified in the notice and where the individual has provided implicit or explicit consent.

Question 39

True or False

Organizations should retain personal information (PI) for at least two (2) years.

Answer 39

False

Organizations should retain personal information (PI) for only as long as necessary to fulfill the stated purpose.

Question 40

True or False

Organizations should disclose personal information (PI) to third parties for the purposes identified in the notice only.

Answer 40

False
Organizations should disclose personal information (PI) to third parties for the purposes identified in the notice and where the individual has provided implicit or explicit consent.

Question 41

Management, administration, monitoring and enforcement refer to which FIPs category?

Answer 41

Management

Question 42

In reference to the “Management” FIPs category, ___________ and ___________ refers to when organizations define, document, communicate, and assign accountability for their privacy policies and procedures.

Answer 42

Management and Administration

Question 43

In reference to the “Management” FIPs category, ___________ and ___________ occurs when organizations monitor compliance with their privacy policies and procedures and have procedures to address privacy-related complaints and disputes.

Answer 43

Monitoring and Enforcement