Module 3: Privacy threats and violations Flashcards

1
Q

Interrogation breaches social norms in these scenarios:

A

Asymmetric power relationship, existing relationship, and reverse flow of information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Interrogation privacy mitigations:

A

Mark required fields, reword questions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Covert vs. Overt Surveillance

A

Covert: web surfers, geo-locators, loyalty cards
Overt: CCTV cameras, transponders, voice activation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Surveillance privacy mitigation

A

Allow users to opt-in/opt-out to providing information, blur faces, collect least data possible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Data insecurity privacy mitigations

A

strong password resets, time-sensitive links, authentication codes, only share what is necessary

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Identification privacy mitigation methods include:

A

encryption, aggregation, de-identification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Secondary uses of data

A

should be explained in external privacy notices and in internal privacy policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Exclusion of data

A

Enable individuals to unsubscribe, give consent to be excluded

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Disclosure

A

Intentionally revealing credible, private personal information that might affect a person; should conduct a risk analysis and place authorization controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Distortion

A

Spreading inaccurate, false information about someone which could result in harm reputation, and violating privacy right to access and correct information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Exposure

A

Revelation of concealed, intensely personal information that could harm an individual; must set advance parameters between health care providers, financial advisors, and lawyers; conduct a risk analysis to mitigate these risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Breach of confidentiality

A

Privacy technologists should identify threats and vulnerabilities by reviewing collection, processing, and dissemination of data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Increased accessibility

A

leads to increased exposure of personal information; rules of redaction, risk analysis, imposing controls, limiting data collection, anonymity, and legal mandates mitigate the increased risk of exposure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Black mail

A

Threat to disclose information; often associated with demand for money or action;
Privacy mitigation :should have privacy notice, fair practices, and use and destruction outlined clearly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Appropriation

A

Using someone’s identity for your own use or own benefit; must be clear about purposes and obtain consent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Interference

A

Any act that prevents or obstructs a process from continuing or being carried out properly: decisional, intrusion, and self-representation

17
Q

Decisional Interference

A

External party interferes with individual’s decision-making regarding personal affairs, like providing inaccurate data.
Privacy mitigations: include cross-checks for accuracy when information is transferred from a manual form into electronic form, ensuring backup storage allows for updating information and including individuals in review of their information

18
Q

Intrusion

A

disturb an individual’s solitude or tranquility; can be physical, psychological, or informational; often not including PII
Privacy mitigations: reduce by allowing individuals control over electronic forms of intrusion like opting out of notifications, using opt-out as the default and asking customers to opt in to receiving ads from other organizations with whom their information has been shared

19
Q

Self-representation

A

When another alters how an individual is represented or regarded in terms of marital status, race, sexual orientation, political affiliation, etc. Individual no longer has control over self-representation

20
Q

Behavioral profiling for advertising

A

Notify users of collection practices and offer choice over collection and sharing

21
Q

Cyberbullying

A

Mitigate by having cyberbullying policy and allowing users to block and report

22
Q

Social engineering includes

A

psychological manipulation; can be mitigated by examining business processes, implementing safeguards, and provide plan and protocol

23
Q

Intrusion reports

A

Detection and prevention of attacks require monitoring software for threats. Collecting too much data to report on intrusions leads to increase in privacy risks

24
Q

Vulnerability management

A

Determined by capability and probability; controls and incident response plan can increase difficulty of violating privacy and reduce vulnerability

25
Q

Patches

A

Changes to a program that aim to fix, update, or improve a system

26
Q

Upgrades

A

Privacy technologists need to consider whether updates are necessary or if a complete upgrade is needed to replace existing software or hardware.

27
Q

Open vs. closed-sourced software

A

Open-sourced: easily viewed, shared, modified

Close-sourced: only fixed by vendor not necessarily more resistant to attack