Module 3: Privacy threats and violations Flashcards
Interrogation breaches social norms in these scenarios:
Asymmetric power relationship, existing relationship, and reverse flow of information
Interrogation privacy mitigations:
Mark required fields, reword questions
Covert vs. Overt Surveillance
Covert: web surfers, geo-locators, loyalty cards
Overt: CCTV cameras, transponders, voice activation
Surveillance privacy mitigation
Allow users to opt-in/opt-out to providing information, blur faces, collect least data possible
Data insecurity privacy mitigations
strong password resets, time-sensitive links, authentication codes, only share what is necessary
Identification privacy mitigation methods include:
encryption, aggregation, de-identification
Secondary uses of data
should be explained in external privacy notices and in internal privacy policies
Exclusion of data
Enable individuals to unsubscribe, give consent to be excluded
Disclosure
Intentionally revealing credible, private personal information that might affect a person; should conduct a risk analysis and place authorization controls
Distortion
Spreading inaccurate, false information about someone which could result in harm reputation, and violating privacy right to access and correct information
Exposure
Revelation of concealed, intensely personal information that could harm an individual; must set advance parameters between health care providers, financial advisors, and lawyers; conduct a risk analysis to mitigate these risks
Breach of confidentiality
Privacy technologists should identify threats and vulnerabilities by reviewing collection, processing, and dissemination of data
Increased accessibility
leads to increased exposure of personal information; rules of redaction, risk analysis, imposing controls, limiting data collection, anonymity, and legal mandates mitigate the increased risk of exposure.
Black mail
Threat to disclose information; often associated with demand for money or action;
Privacy mitigation :should have privacy notice, fair practices, and use and destruction outlined clearly
Appropriation
Using someone’s identity for your own use or own benefit; must be clear about purposes and obtain consent