Module 1: Foundational Principles of Privacy in Technology Flashcards
Data Lifecycle
Collection, Use, Disclosure, Retention, Destruction
Data Life Cycle for Privacy
Consent/notice before collection and disclosure and use and retention and ensuring destruction
First Party Collection
Individual provides PII directly to data collector
Surveillance
Individual’s data stream behavior observed though activities, including searches and websites engaged without interrupting activity.
Repurposing
Previously collected data used for different purpose other than what it was initially collected for. Also called secondary use
Third Party Collection
Previously collected data is shared with a third party to enable new data collection
Active Collection vs. Passive Collection
Active: Customer has to do something to give data
Passive: Customer doesn’t do anything but data is still collected
Explicit vs Implied Consent
Explicit: have to actively give consent
Implied: noted in privacy link
Retention
Business Continuity Planning must be taken into account but also respect privacy standards
Destruction Methods
Overwriting, Degaussing, Incinerating
PbD Principle 1
Proactive, not Reactive; Preventative, not Remedial
PbD Principle 2
Privacy as the Default Setting
Contextual Integrity (Nissenbaum)
The preservation of situational expectations where there is an understanding between participants on societal norms or past interactions
Actors: the senders and receivers of personal information
Attributes: the types of information being shared
Transmission principles: those that govern the flow of information
Steps:
Identify relevant, existing norms
Determine how a system may disrupt those norms
Interpret and design for vulnerabilities
PbD Principle 3
Privacy Embedded into Design in online forms, logging systems, and encryption
PbD: Principle 4
Full functionality - Positive Sum, Not Zero Sum; have desired performance and functionality and protecting information privacy