Module #1: Introduction to Privacy Flashcards
What are the 4 classes of Privacy?
1) Information Privacy
2) Communications Privacy
3) Bodily Privacy
4) Territorial Privacy
What is covered by information Privacy
Establishes the rules that govern the collection and handling of personal information.
What is covered by Communications Privacy
Establishes protections of the means of correspondence such as:
- Postal Mail
- Telephone conversations
- Emails
What are examples of personal info?
- Financial and Medical
- Government records
- Internet activity
What are examples of communications privacy?
- Postal Mail
- Telephone conversations
- Emails
What is covered by Bodily Privacy?
Establishes protections of a person’s physical being and any invasion thereof:
- genetic and drug testing
- body cavity searches
- birth control, abortions, and adoption
What are examples of bodily privacy?
- genetic and drug testing
- body cavity searches
- birth control, abortions, and adoption
What is covered by Territorial Privacy?
Establishes placing limits on the ability to intrude into another individual’s environment, including:
- Home
- Workspace
- Public Space
What are the 4 principles of Fair Information Practices?
- Rights of individuals
- Controls on the information
- Information lifecycle
- Management
Fair Information Practices:
What is covered by the Rights of Individuals principle?
- Notice
- Choice and Consent
- data subject access
Fair Information Practices:
What is covered by Controls on the information principle?
- Information security
- integrity
- quality
Fair Information Practices lifecycle:
What is covered by the Information lifecycle principle?
collection, use and retention, disclosure, and destruction
Fair Information Practices lifecycle:
What is covered by Management principle?
Management and administration;
monitoring and enforcement;
demonstrating compliance
What is data protection?
the ways in which privacy is
protected through laws, rules and regulations.
What is Fair Information Practices?
They are guidelines for
handling, storing and managing personal information properly.
Data controller
An organization or individual with the authority to decide how and why
information about data subjects is to be processed
Data subject
An individual about whom information is being processed. Example: Consumer,
employee, patient
Data processor
An organization or individual, often a third-party outsourcing service that
processes data on behalf of the data controller
Data protection authority
Enforces privacy or data protection laws and regulations. U.S. has no national data protection authority per se, but
several groups oversee privacy matters
(FTC, state attorneys general, federal financial regulators)
Is privacy in the Constitution?
Zero. You can infer that the founding fathers did think about this. When you look at
the amendments.
Third Amendment: I can’t come in and quarter soldiers in your home.
Fourth Amendment: Right to protection against undue seizure.
Fifth Amendment: Can’t
incriminate myself.
Thirteenth Amendment: Due process.
1970s in privacy?
privacy concerns about the collection of personal information began
The Privacy Act of 1974
What happened in 1973?
Fair information practices (FIPs) were developed in 1973 and provided guidelines for handling, storing and managing data with privacy, security and fairness that are still in use today.
What happened in 1974?
The Privacy Act of 1974 mandates how information will be adequately processed and safeguarded
What decade?
direct marketing and telemarketing tactics
1980s in privacy?
OECD Guidelines?
the Organisation for Economic Co-operation and Development issued Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data (OECD Guidelines) that
aimed to facilitate data flows and protect personal data in a global economy.
first data protection instrument for several Council of Europe member states.
Council of Europe Convention, known as Convention 108?
privacy enforcement cases related to unfair and deceptive practices in healthcare, education, and finance
1990s in privacy
identity theft and privacy programs
2000s in privacy
The Fair Credit Reporting Act
1970s
privacy concerns about the collection of personal information began
Fair information practices (FIPs)
1970s
privacy concerns about the collection of personal information began
The Cable Communications Policy Act
1980s
direct marketing and telemarketing tactics
The Electronic Communications Privacy Act
1980s
direct marketing and telemarketing tactics
The Video Privacy Protection Act
1980s
direct marketing and telemarketing tactics
Americans with Disabilities Act
1990s
privacy enforcement cases related to unfair and deceptive practices in healthcare, education, and finance
The Telephone Consumer Protection Act
1990s
privacy enforcement cases related to unfair and deceptive practices in healthcare, education, and finance
The Communications Assistance to Law Enforcement Act
1990s
privacy enforcement cases related to unfair and deceptive practices in healthcare, education, and finance
The Telemarketing Sales Rules
1990s
privacy enforcement cases related to unfair and deceptive practices in healthcare, education, and finance
The Telecommunications Act
1990s
privacy enforcement cases related to unfair and deceptive practices in healthcare, education, and finance
The Health Insurance Portability and Accountability Act (or HIPPA)
1990s
privacy enforcement cases related to unfair and deceptive practices in healthcare, education, and finance
The Children’s Online Privacy Protection Act
1990s
privacy enforcement cases related to unfair and deceptive practices in healthcare, education, and finance
Gramm-Leach-Bliley Act
1990s
privacy enforcement cases related to unfair and deceptive practices in healthcare, education, and finance
No Child left behind Act
2000s
identity theft and privacy programs
USA PATRIOT Act
2000s
identity theft and privacy programs
Controlling the Assault of Non-Solicited Pornography and Marketing Act
2000s
identity theft and privacy programs
Asia Pacific Economic Cooperation, which agreed to a Privacy Framework
2000s
identity theft and privacy programs
Genetic Information Nondiscrimination Act
2000s
identity theft and privacy programs
Madrid Resolution which outlines International Standards on the Protection of Personal data and Privacy
2000s
identity theft and privacy programs
Healthcare Information Technology for Economic and Clinical Health Act
2000s
identity theft and privacy programs
2010s in privacy?
Privacy laws have evolved along with the evolution of social media, cloud computing, online ads and location-based services.
The White House report, “Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy”
2010s
Privacy laws have evolved along with the evolution of social media, cloud computing, online ads and location-based services
The FTC report principles, “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers”
2010s
Privacy laws have evolved along with the evolution of social media, cloud computing, online ads and location-based services
The Cybersecurity Information Sharing Act
2010s
Privacy laws have evolved along with the evolution of social media, cloud computing, online ads and location-based services
General Data Protection Regulation—more commonly referred to as
the GDPR—became law.
2010s
Privacy laws have evolved along with the evolution of social media, cloud computing, online ads and location-based services
Personal Info
Info that makes it possible to identify an individual
Nonpersonal Info
anonymizing personal info by removing identifying elements renders it nonpersonal
sensitive personal info
a subset of personal info; usually requires additional safeguarding of its collection, use, and disclosure
pseudonymized info
a unique code or pseudonym is used as a temporary solution to protecting info. it is reversible.
public records
- real estate records
- birth and death records
- licensing records
- statistical data
publicly available info
- telephone books
- public media
- newspapers
- search engine results
nonpublic info
- medical records
- financial info
- customer databases
- adoption recordsPrivacy laws have evolved along with the evolution of social media, cloud computing, online ads and location-based services
which authorities oversee privacy-related issues in the US
- state attorney generals
- federal financial regulators
- FTC (federal trade commission)
Which types of personal info may qualify as sensitive personal info?
- Medical history
- drivers license #
- social security #
- bank account #
