Module 1: Foundational Principles of Privacy in Technology Flashcards
Data Lifecycle
Collection, Use, Disclosure, Retention, Destruction
Data Life Cycle for Privacy
Consent/notice before collection and disclosure and use and retention and ensuring destruction
First Party Collection
Individual provides PII directly to data collector
Surveillance
Individual’s data stream behavior observed though activities, including searches and websites engaged without interrupting activity.
Repurposing
Previously collected data used for different purpose other than what it was initially collected for. Also called secondary use
Third Party Collection
Previously collected data is shared with a third party to enable new data collection
Active Collection vs. Passive Collection
Active: Customer has to do something to give data
Passive: Customer doesn’t do anything but data is still collected
Explicit vs Implied Consent
Explicit: have to actively give consent
Implied: noted in privacy link
Retention
Business Continuity Planning must be taken into account but also respect privacy standards
Destruction Methods
Overwriting, Degaussing, Incinerating
PbD Principle 1
Proactive, not Reactive; Preventative, not Remedial
PbD Principle 2
Privacy as the Default Setting
Contextual Integrity (Nissenbaum)
The preservation of situational expectations where there is an understanding between participants on societal norms or past interactions
Actors: the senders and receivers of personal information
Attributes: the types of information being shared
Transmission principles: those that govern the flow of information
Steps:
Identify relevant, existing norms
Determine how a system may disrupt those norms
Interpret and design for vulnerabilities
PbD Principle 3
Privacy Embedded into Design in online forms, logging systems, and encryption
PbD: Principle 4
Full functionality - Positive Sum, Not Zero Sum; have desired performance and functionality and protecting information privacy
PbD: Principle 5
End-to-End Security during full life cycle protection through collecting, processing, storing, sharing, destroying
PbD: Principle 6
Visibility and Transparency - Keep it Open
PbD: Principle 7
Respect for User Privacy; Keep it User Centric
How to measure risk (programmatic and technical)
Potential threat or issue + Impact of threat or issue + Likelihood
Privacy risk model management options
Accept, Transfer, Mitigate, Avoid
Fair Information Practice Principles (FIPPS)
Work alongside compliance models to mandate:
- notice, choice, and consent
- access to information
- controls on information
- how information is managed
Calo’s Harm Dimensions
Objective: privacy has been violated; direct harm known to exist; forced or unanticipated use of personal information (measurable, observable)
Loss of business opportunity; loss of consumer trust; social detriment
Subjective: expects or perceives harm; may not be observable or measurable; can cause fear, anxiety, embarrassment
Psychological, behavioral
NIST Frameworks
Risk Management Framework
Cybersecurity Framework
Privacy Framework: voluntary risk management tool; assist organizations in communicating and organizing privacy risk; rationalize privacy to build or evaluate privacy governance programs
National Initiative for Cybersecurity Education’s Cybersecurity Workforce Framework (NICE Framework)
Published by NIST; categorizes and describes cybersecurity work; establishes common terminology; intended to be applied in all sectors
Factors Analysis in Information Risk (FAIR) model
How often will a violation occur and over what time period?
What impact will that violation have?
Value-sensitive design
Design approach accounts for moral and ethical values: trust, fairness, informed consent, freedom from bias
Direct and indirect stakeholders
Direct stakeholders: Interact with system
Indirect stakeholders: Affected by system
Conceptual
Identifies direct and indirect stakeholders, attempts to establish what those stakeholders might value and determines how those stakeholders may be affected by design
Empirical Investigation
Focuses on how stakeholders configure, use, or are otherwise affected by the technology
Technical Investigation
Examines how existing technology supports or hinders human values and how the technology might be designed to support the values identified in the conceptual investigation
Value-Sensitive Design Methods
- Direct and indirect stakeholder analysis
- Value source analysis
- the co-evolution of technology and social structure
- Value scenarios
- Value sketches
- Value-oriented semi-structured interviews
- Scalable information dimensions
- Value-oriented coding manuals
- Value-oriented mock-ups, prototypes, or field deployments
- Ethnographically-informed inquiries regarding values and technology
- The model of informed consent online
- Value dams and flows
- The value sensitive action reflection model
- Envisioning Cards
Strategies for skillful practice
Clarify project values
Identify direct and indirect stakeholders
Identify benefits and harms for stakeholders
Identify and elicit potential values
Develop working definitions of key values
Identify potential value tensions
Design Thinking Process
Empathize, Define, Ideate, Prototype, Test
Value-sensitive design + Design thinking process