Module 3: Privacy threats and violations Flashcards
Interrogation breaches social norms in these scenarios:
Asymmetric power relationship, existing relationship, and reverse flow of information
Interrogation privacy mitigations:
Mark required fields, reword questions
Covert vs. Overt Surveillance
Covert: web surfers, geo-locators, loyalty cards
Overt: CCTV cameras, transponders, voice activation
Surveillance privacy mitigation
Allow users to opt-in/opt-out to providing information, blur faces, collect least data possible
Data insecurity privacy mitigations
strong password resets, time-sensitive links, authentication codes, only share what is necessary
Identification privacy mitigation methods include:
encryption, aggregation, de-identification
Secondary uses of data
should be explained in external privacy notices and in internal privacy policies
Exclusion of data
Enable individuals to unsubscribe, give consent to be excluded
Disclosure
Intentionally revealing credible, private personal information that might affect a person; should conduct a risk analysis and place authorization controls
Distortion
Spreading inaccurate, false information about someone which could result in harm reputation, and violating privacy right to access and correct information
Exposure
Revelation of concealed, intensely personal information that could harm an individual; must set advance parameters between health care providers, financial advisors, and lawyers; conduct a risk analysis to mitigate these risks
Breach of confidentiality
Privacy technologists should identify threats and vulnerabilities by reviewing collection, processing, and dissemination of data
Increased accessibility
leads to increased exposure of personal information; rules of redaction, risk analysis, imposing controls, limiting data collection, anonymity, and legal mandates mitigate the increased risk of exposure.
Black mail
Threat to disclose information; often associated with demand for money or action;
Privacy mitigation :should have privacy notice, fair practices, and use and destruction outlined clearly
Appropriation
Using someone’s identity for your own use or own benefit; must be clear about purposes and obtain consent
Interference
Any act that prevents or obstructs a process from continuing or being carried out properly: decisional, intrusion, and self-representation
Decisional Interference
External party interferes with individual’s decision-making regarding personal affairs, like providing inaccurate data.
Privacy mitigations: include cross-checks for accuracy when information is transferred from a manual form into electronic form, ensuring backup storage allows for updating information and including individuals in review of their information
Intrusion
disturb an individual’s solitude or tranquility; can be physical, psychological, or informational; often not including PII
Privacy mitigations: reduce by allowing individuals control over electronic forms of intrusion like opting out of notifications, using opt-out as the default and asking customers to opt in to receiving ads from other organizations with whom their information has been shared
Self-representation
When another alters how an individual is represented or regarded in terms of marital status, race, sexual orientation, political affiliation, etc. Individual no longer has control over self-representation
Behavioral profiling for advertising
Notify users of collection practices and offer choice over collection and sharing
Cyberbullying
Mitigate by having cyberbullying policy and allowing users to block and report
Social engineering includes
psychological manipulation; can be mitigated by examining business processes, implementing safeguards, and provide plan and protocol
Intrusion reports
Detection and prevention of attacks require monitoring software for threats. Collecting too much data to report on intrusions leads to increase in privacy risks
Vulnerability management
Determined by capability and probability; controls and incident response plan can increase difficulty of violating privacy and reduce vulnerability
Patches
Changes to a program that aim to fix, update, or improve a system
Upgrades
Privacy technologists need to consider whether updates are necessary or if a complete upgrade is needed to replace existing software or hardware.
Open vs. closed-sourced software
Open-sourced: easily viewed, shared, modified
Close-sourced: only fixed by vendor not necessarily more resistant to attack