Module 3: Privacy threats and violations

Question 1

Interrogation breaches social norms in these scenarios:

Answer 1

Asymmetric power relationship, existing relationship, and reverse flow of information

Question 2

Interrogation privacy mitigations:

Answer 2

Mark required fields, reword questions

Question 3

Covert vs. Overt Surveillance

Answer 3

Covert: web surfers, geo-locators, loyalty cards
Overt: CCTV cameras, transponders, voice activation

Question 4

Surveillance privacy mitigation

Answer 4

Allow users to opt-in/opt-out to providing information, blur faces, collect least data possible

Question 5

Data insecurity privacy mitigations

Answer 5

strong password resets, time-sensitive links, authentication codes, only share what is necessary

Question 6

Identification privacy mitigation methods include:

Answer 6

encryption, aggregation, de-identification

Question 7

Secondary uses of data

Answer 7

should be explained in external privacy notices and in internal privacy policies

Question 8

Exclusion of data

Answer 8

Enable individuals to unsubscribe, give consent to be excluded

Question 9

Disclosure

Answer 9

Intentionally revealing credible, private personal information that might affect a person; should conduct a risk analysis and place authorization controls

Question 10

Distortion

Answer 10

Spreading inaccurate, false information about someone which could result in harm reputation, and violating privacy right to access and correct information

Question 11

Exposure

Answer 11

Revelation of concealed, intensely personal information that could harm an individual; must set advance parameters between health care providers, financial advisors, and lawyers; conduct a risk analysis to mitigate these risks

Question 12

Breach of confidentiality

Answer 12

Privacy technologists should identify threats and vulnerabilities by reviewing collection, processing, and dissemination of data

Question 13

Increased accessibility

Answer 13

leads to increased exposure of personal information; rules of redaction, risk analysis, imposing controls, limiting data collection, anonymity, and legal mandates mitigate the increased risk of exposure.

Question 14

Black mail

Answer 14

Threat to disclose information; often associated with demand for money or action;
Privacy mitigation :should have privacy notice, fair practices, and use and destruction outlined clearly

Question 15

Appropriation

Answer 15

Using someone’s identity for your own use or own benefit; must be clear about purposes and obtain consent

Question 16

Interference

Answer 16

Any act that prevents or obstructs a process from continuing or being carried out properly: decisional, intrusion, and self-representation

Question 17

Decisional Interference

Answer 17

External party interferes with individual’s decision-making regarding personal affairs, like providing inaccurate data.
Privacy mitigations: include cross-checks for accuracy when information is transferred from a manual form into electronic form, ensuring backup storage allows for updating information and including individuals in review of their information

Question 18

Intrusion

Answer 18

disturb an individual’s solitude or tranquility; can be physical, psychological, or informational; often not including PII
Privacy mitigations: reduce by allowing individuals control over electronic forms of intrusion like opting out of notifications, using opt-out as the default and asking customers to opt in to receiving ads from other organizations with whom their information has been shared

Question 19

Self-representation

Answer 19

When another alters how an individual is represented or regarded in terms of marital status, race, sexual orientation, political affiliation, etc. Individual no longer has control over self-representation

Question 20

Behavioral profiling for advertising

Answer 20

Notify users of collection practices and offer choice over collection and sharing

Question 21

Cyberbullying

Answer 21

Mitigate by having cyberbullying policy and allowing users to block and report

Question 22

Social engineering includes

Answer 22

psychological manipulation; can be mitigated by examining business processes, implementing safeguards, and provide plan and protocol

Question 23

Intrusion reports

Answer 23

Detection and prevention of attacks require monitoring software for threats. Collecting too much data to report on intrusions leads to increase in privacy risks

Question 24

Vulnerability management

Answer 24

Determined by capability and probability; controls and incident response plan can increase difficulty of violating privacy and reduce vulnerability

Question 25

Patches

Answer 25

Changes to a program that aim to fix, update, or improve a system

Question 26

Upgrades

Answer 26

Privacy technologists need to consider whether updates are necessary or if a complete upgrade is needed to replace existing software or hardware.

Question 27

Open vs. closed-sourced software

Answer 27

Open-sourced: easily viewed, shared, modified

Close-sourced: only fixed by vendor not necessarily more resistant to attack