Module 1: Foundational Principles of Privacy in Technology Flashcards

1
Q

Data Lifecycle

A

Collection, Use, Disclosure, Retention, Destruction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Data Life Cycle for Privacy

A

Consent/notice before collection and disclosure and use and retention and ensuring destruction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

First Party Collection

A

Individual provides PII directly to data collector

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Surveillance

A

Individual’s data stream behavior observed though activities, including searches and websites engaged without interrupting activity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Repurposing

A

Previously collected data used for different purpose other than what it was initially collected for. Also called secondary use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Third Party Collection

A

Previously collected data is shared with a third party to enable new data collection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Active Collection vs. Passive Collection

A

Active: Customer has to do something to give data
Passive: Customer doesn’t do anything but data is still collected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Explicit vs Implied Consent

A

Explicit: have to actively give consent
Implied: noted in privacy link

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Retention

A

Business Continuity Planning must be taken into account but also respect privacy standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Destruction Methods

A

Overwriting, Degaussing, Incinerating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

PbD Principle 1

A

Proactive, not Reactive; Preventative, not Remedial

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

PbD Principle 2

A

Privacy as the Default Setting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Contextual Integrity (Nissenbaum)

A

The preservation of situational expectations where there is an understanding between participants on societal norms or past interactions

Actors: the senders and receivers of personal information
Attributes: the types of information being shared
Transmission principles: those that govern the flow of information

Steps:
Identify relevant, existing norms
Determine how a system may disrupt those norms
Interpret and design for vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

PbD Principle 3

A

Privacy Embedded into Design in online forms, logging systems, and encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

PbD: Principle 4

A

Full functionality - Positive Sum, Not Zero Sum; have desired performance and functionality and protecting information privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

PbD: Principle 5

A

End-to-End Security during full life cycle protection through collecting, processing, storing, sharing, destroying

17
Q

PbD: Principle 6

A

Visibility and Transparency - Keep it Open

18
Q

PbD: Principle 7

A

Respect for User Privacy; Keep it User Centric

19
Q

How to measure risk (programmatic and technical)

A

Potential threat or issue + Impact of threat or issue + Likelihood

20
Q

Privacy risk model management options

A

Accept, Transfer, Mitigate, Avoid

21
Q

Fair Information Practice Principles (FIPPS)

A

Work alongside compliance models to mandate:

  • notice, choice, and consent
  • access to information
  • controls on information
  • how information is managed
22
Q

Calo’s Harm Dimensions

A

Objective: privacy has been violated; direct harm known to exist; forced or unanticipated use of personal information (measurable, observable)
Loss of business opportunity; loss of consumer trust; social detriment

Subjective: expects or perceives harm; may not be observable or measurable; can cause fear, anxiety, embarrassment
Psychological, behavioral

23
Q

NIST Frameworks

A

Risk Management Framework
Cybersecurity Framework
Privacy Framework: voluntary risk management tool; assist organizations in communicating and organizing privacy risk; rationalize privacy to build or evaluate privacy governance programs

24
Q

National Initiative for Cybersecurity Education’s Cybersecurity Workforce Framework (NICE Framework)

A

Published by NIST; categorizes and describes cybersecurity work; establishes common terminology; intended to be applied in all sectors

25
Factors Analysis in Information Risk (FAIR) model
How often will a violation occur and over what time period? | What impact will that violation have?
26
Value-sensitive design
Design approach accounts for moral and ethical values: trust, fairness, informed consent, freedom from bias
27
Direct and indirect stakeholders
Direct stakeholders: Interact with system | Indirect stakeholders: Affected by system
28
Conceptual
Identifies direct and indirect stakeholders, attempts to establish what those stakeholders might value and determines how those stakeholders may be affected by design
29
Empirical Investigation
Focuses on how stakeholders configure, use, or are otherwise affected by the technology
30
Technical Investigation
Examines how existing technology supports or hinders human values and how the technology might be designed to support the values identified in the conceptual investigation
31
Value-Sensitive Design Methods
- Direct and indirect stakeholder analysis - Value source analysis - the co-evolution of technology and social structure - Value scenarios - Value sketches - Value-oriented semi-structured interviews - Scalable information dimensions - Value-oriented coding manuals - Value-oriented mock-ups, prototypes, or field deployments - Ethnographically-informed inquiries regarding values and technology - The model of informed consent online - Value dams and flows - The value sensitive action reflection model - Envisioning Cards
32
Strategies for skillful practice
Clarify project values Identify direct and indirect stakeholders Identify benefits and harms for stakeholders Identify and elicit potential values Develop working definitions of key values Identify potential value tensions
33
Design Thinking Process
Empathize, Define, Ideate, Prototype, Test | Value-sensitive design + Design thinking process