Module 1: Foundational Principles of Privacy in Technology Flashcards

1
Q

Data Lifecycle

A

Collection, Use, Disclosure, Retention, Destruction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Data Life Cycle for Privacy

A

Consent/notice before collection and disclosure and use and retention and ensuring destruction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

First Party Collection

A

Individual provides PII directly to data collector

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Surveillance

A

Individual’s data stream behavior observed though activities, including searches and websites engaged without interrupting activity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Repurposing

A

Previously collected data used for different purpose other than what it was initially collected for. Also called secondary use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Third Party Collection

A

Previously collected data is shared with a third party to enable new data collection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Active Collection vs. Passive Collection

A

Active: Customer has to do something to give data
Passive: Customer doesn’t do anything but data is still collected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Explicit vs Implied Consent

A

Explicit: have to actively give consent
Implied: noted in privacy link

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Retention

A

Business Continuity Planning must be taken into account but also respect privacy standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Destruction Methods

A

Overwriting, Degaussing, Incinerating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

PbD Principle 1

A

Proactive, not Reactive; Preventative, not Remedial

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

PbD Principle 2

A

Privacy as the Default Setting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Contextual Integrity (Nissenbaum)

A

The preservation of situational expectations where there is an understanding between participants on societal norms or past interactions

Actors: the senders and receivers of personal information
Attributes: the types of information being shared
Transmission principles: those that govern the flow of information

Steps:
Identify relevant, existing norms
Determine how a system may disrupt those norms
Interpret and design for vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

PbD Principle 3

A

Privacy Embedded into Design in online forms, logging systems, and encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

PbD: Principle 4

A

Full functionality - Positive Sum, Not Zero Sum; have desired performance and functionality and protecting information privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

PbD: Principle 5

A

End-to-End Security during full life cycle protection through collecting, processing, storing, sharing, destroying

17
Q

PbD: Principle 6

A

Visibility and Transparency - Keep it Open

18
Q

PbD: Principle 7

A

Respect for User Privacy; Keep it User Centric

19
Q

How to measure risk (programmatic and technical)

A

Potential threat or issue + Impact of threat or issue + Likelihood

20
Q

Privacy risk model management options

A

Accept, Transfer, Mitigate, Avoid

21
Q

Fair Information Practice Principles (FIPPS)

A

Work alongside compliance models to mandate:

  • notice, choice, and consent
  • access to information
  • controls on information
  • how information is managed
22
Q

Calo’s Harm Dimensions

A

Objective: privacy has been violated; direct harm known to exist; forced or unanticipated use of personal information (measurable, observable)
Loss of business opportunity; loss of consumer trust; social detriment

Subjective: expects or perceives harm; may not be observable or measurable; can cause fear, anxiety, embarrassment
Psychological, behavioral

23
Q

NIST Frameworks

A

Risk Management Framework
Cybersecurity Framework
Privacy Framework: voluntary risk management tool; assist organizations in communicating and organizing privacy risk; rationalize privacy to build or evaluate privacy governance programs

24
Q

National Initiative for Cybersecurity Education’s Cybersecurity Workforce Framework (NICE Framework)

A

Published by NIST; categorizes and describes cybersecurity work; establishes common terminology; intended to be applied in all sectors

25
Q

Factors Analysis in Information Risk (FAIR) model

A

How often will a violation occur and over what time period?

What impact will that violation have?

26
Q

Value-sensitive design

A

Design approach accounts for moral and ethical values: trust, fairness, informed consent, freedom from bias

27
Q

Direct and indirect stakeholders

A

Direct stakeholders: Interact with system

Indirect stakeholders: Affected by system

28
Q

Conceptual

A

Identifies direct and indirect stakeholders, attempts to establish what those stakeholders might value and determines how those stakeholders may be affected by design

29
Q

Empirical Investigation

A

Focuses on how stakeholders configure, use, or are otherwise affected by the technology

30
Q

Technical Investigation

A

Examines how existing technology supports or hinders human values and how the technology might be designed to support the values identified in the conceptual investigation

31
Q

Value-Sensitive Design Methods

A
  • Direct and indirect stakeholder analysis
  • Value source analysis
  • the co-evolution of technology and social structure
  • Value scenarios
  • Value sketches
  • Value-oriented semi-structured interviews
  • Scalable information dimensions
  • Value-oriented coding manuals
  • Value-oriented mock-ups, prototypes, or field deployments
  • Ethnographically-informed inquiries regarding values and technology
  • The model of informed consent online
  • Value dams and flows
  • The value sensitive action reflection model
  • Envisioning Cards
32
Q

Strategies for skillful practice

A

Clarify project values
Identify direct and indirect stakeholders
Identify benefits and harms for stakeholders
Identify and elicit potential values
Develop working definitions of key values
Identify potential value tensions

33
Q

Design Thinking Process

A

Empathize, Define, Ideate, Prototype, Test

Value-sensitive design + Design thinking process