Notes Flashcards

1
Q

Nissenbaum’s Contexual Integrity

Risk Framwork Model. Defining privacy harm is an important step, but there are many ways to do this.

A

Privacy risks may be identified based upon whether the use of personal information is in alignment with the norms of a particular context, norms are domain specific.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Calo’s Harm Dimensions

Risk Framwork Model. Defining privacy harm is an important step, but there are many ways to do this.

A

Privacy risks may be identified based upon whether they are:
- measurable and objective, or whether they are
- perceived and subjective;

perception of harm can be just as likely to cause negaive impact.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Solove’s Taxonomy of Privacy

Modeling privacy risk begins with an understanding of how privacy should be defined. A privacy professional must be able adaptable to a Privacy Pluralistic World—i.e., a world where privacy is defined in multiple unique ways based on the user’s individual perspective. In the academic field, several risk models have been developed to help better conceptualize privacy, each approaching from a different perspective or developed for the purpose of highlighting a specific component of privacy.

A

Privacy risk arising from four types of activity:
1) Information collection
2) Information processing
3) Information dissemeination
4) Invasions.

Solove’s Taxonomy of Privacy defines 16 potential harms based upon these activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Factors Analysis of Information Risk (FAIR Model)

Modeling privacy risk begins with an understanding of how privacy should be defined. A privacy professional must be able adaptable to a Privacy Pluralistic World—i.e., a world where privacy is defined in multiple unique ways based on the user’s individual perspective. In the academic field, several risk models have been developed to help better conceptualize privacy, each approaching from a different perspective or developed for the purpose of highlighting a specific component of privacy.

A

A quantitative method for providing a numerical risk estimate;
Decomposes risks into constituent parts to provide a sufficiently accurate risk score that is within an acceptable range.

The FAIR model looks at the component parts of risk in order to find factors that estimate the overall risk to an organization. It is a more granular approach to modeling harm to privacy interests.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Double opt-in consent

A

Double opt-in consent, also referred to as confirmed opt-in consent, is a technique whereby a consumer initially expresses interest and is then asked a second time to confirm their interest.

Confirmation emails that require consumers to click a link are typical examples.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which components play a role in enforcing the AI Act?

A

To police compliance, the AI Act put in place an enforcement system broadly similar to the GDPR. Compliance is supervised by member states, which are obligated to establish or designate as

National Competent Authorities

at least one

Notifying Authority and one Market Surveillance Authority.

Additionaly, a European Artificial Intelligence Board (EAIB) is established to ensure consistent application of the AI Act across the E.U.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Indirect Costs of a Data Breach

A
  • Loss in productivity
  • Large turnover in customer base
  • Liability from follow-on lawsuits
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Types of Trend Analysis

A

The term trend analysis is a generalized term, and there are many specific types of trend analysis that can be conducted.
Examples include a
- time series analysis,
- a cyclical component analysis and
- a irregular component analysis.

Privacy professionals can use trend analysis to spot tendencies over time (e.g. a degrease or increase in the number of privacy incidents), which can serve as useful privacy metrics.

Two other examples include analyses that incldue a cyclical component that measures patterns in data at regular fluctuations (e.g. a decrease in privacy incidents in the days following a formal employee privacy training session) or analysis that attempt to remove irregular occurrences, often called “noise” (e.g. measuring the absence of data breaches).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

To determine the effectiveness of its privacy training, Company X measures the rate of privacy incidents that occurs in the 30 days following a training event. What type of analysis is this?

A

Cyclical component trend analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You find that MBL Games already has some informal privacy practices in place, but almost none of these procedures have been put in writing and they are inconsistently applied. What stage of the Privacy Maturity Model does this best represent?

A

Ad-hoc

The “ad hoc” step is when procedures and processes exist that are informal, incomplete, and inconsistently applied.

Initially developed by the American Institute of Certified Public Accountants (“AICPA”) and the Canadian Institute of Chartered Accountants (“CICA”), the Privacy Maturity Model (“PMM”) had gained widespread acceptance as a means of measuring the sophistication of an organization’s privacy program. The PMM uses five levels of maturity to describe the robustness of an organization’s privacy program: Ad hoc, repeatable, defined, managed, and optimized.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are Appropriate Safeguards under the GDPR that permit the transfer of data between the U.S. and E.U.?

A

There are three types of means by which an orgainzation may transfer data between the EU and non EU under GDPR:
1) Adequacy Decision
2) Derogations
3) Implementation of “appropriate sageguards”
a) Binding Corporate Rules
b) Standard Contractual Clauses
c) Ad hoc contract clauses
d) Codes of Conduct or Certification Mechanism

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Data Life Cycle Management

A

Data Life Cycle Management is a policy-based appraoch to managing the flow of information through a life cycle from creation to final disposition. DLM provides a holistic approach to the processes, roles, controls and measures necessary to organize and maintain data.

There are several elements typically associated with DLM:
1) Enterprise Objectives
2) Minimalism
3) Simplicity
4) Adequacy of infrastructure
5) Information Security
6) Authenticity
7) Retrievability
8) Distribution Controls
9) Auditability
10) Consistancy
11) Enforcement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Building a Privacy Program steps:

A
  • Creating the organizational privacy vision and mission statement
  • Defining the scope of the privacy program
  • Selecting an appropriate privacy framework
  • Developing the organizational privacy strategy
  • Structuring the privacy team
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Current Privacy Program Frameworks

A

Principles and Standards:
* FIPs
* OECD Guidelines
* GAPP
* CSA Privacy Code
* APEC Fremwork
* ETSI standards
* ISO Standards

Laws, regulations, and programs
* PIPEDA
* APPs
* GDPR
* LGPD
* PIPL
* HIPAA
* Juristictional and sectoral laws and guidance

Privacy program management
* PdD
* COBIT 2019
* NIST
* WebTrust
* Vendor Solutions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Audience Types

A

Primary Audience: Those that directly deal with the privacy function (Board/CISO etc.)
Secondary Audience: Those interested in the ancillary aspects of a privacy program (CFO)
Tertiary Audience: Those interested in the broader functioning of the organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Privacy Program Maturity Model

A

1) Ad hoc Procedures or processes are generally informal, incomplete, and inconsistently applied
2) Repeatable Procedures or processes exist, however, they are not fully documented and do not cover all relevant aspects
3) Defined Procedures and processes are fully documented and implemented and cover all relevant aspects
4) Managed Reviews are conducted to assess the effectiveness of the controls in place
5) Optimized Regular review and feedback are used to ensure continuous improvement towards optimization of the given process

Developed by AICPA and CICA and therefore directly tied to the General Acceptable Privacy Practices (GAPP)
Does not need to be highest level to be an acceptable level

17
Q

GAPP (General Accepted Privacy Principles)

A

Management. The entity defines, documents, communicates and assigns accountability for its privacy policies and procedures.

Notice. The entity provides notice about its privacy policies and procedures and identifies the purposes for which personal information is collected, used, retained and disclosed.

Choice and Consent. The entity describes the choices available to the individual and obtains implicit or explicit consent with respect to the collection, use and disclosure of personal information.

Collection. The entity collects personal information only for the purposes identified in the notice.

Use, Retention and Disposal. The entity limits the use of personal information to the purposes identified in the notice and for which the individual has provided implicit or explicit consent. The entity retains personal information for only as long as necessary to fulfill the stated purposes or as required by law or regulations and thereafter appropriately disposes of such information.

Access. The entity provides individuals with access to their personal information for review and update.

Disclosure to Third Parties. The entity discloses personal information to third parties only for the purposes identified in the notice and with the implicit or explicit consent of the individual.

Security for Privacy. The entity protects personal information against unauthorized access (both physical and logical).

Quality. The entity maintains accurate, complete and relevant personal information for the purposes identified in the notice.

Monitoring and Enforcement. The entity monitors compliance with its privacy policies and procedures and has procedures to address privacy-related complaints and disputes.

18
Q

Foundational A.I. Model

A

Are trained on broad data sets with a wide scope and scale; they provide more generalized output and can be used for a wide range of different, more specific tasks.

Referred to in the AI Act as “General-Purpose AI Models” (GPAI)

These are defined as “any AI model that displays significant generality and is capable of competently performing a wide range of distinct tasks regardless of the way the model is placed on the market and that can be integrated into a variety of downstream systems or applications. GPAI models have a number of additional requirements placed upon them under the AI Act.

19
Q

Generative A.I. Systems

A

Based on foundational models and trained to generate content.

20
Q

How to identify the data source for a privacy metric?

A

When defining a privacy metric, the data source - i.e. the collection point - for the metric should be identified.

When identifying a collection point, details should include
* The database on which the information is held,
* The tracking tools that process that information,
* What part of the organization has ownership of the information, and
* The specific roles within the org that can provide required information.

As with other aspects of privacy program development, tools such as a data inventory and data maps are invaluable for this task.

21
Q

GDPR Consent must be:

A

1) Freely Given
2) Specific to the processing at issue
3) Informed
4) Unambiguous

Art. 9 - Special Categories of Personal Data requires
5) Explicit

22
Q

Audit Types

A

First-Party - Internal
Second-Party - Data controllers on data processor (Supplier Audit)
Third-Party - Provides the greatest confidence in the outcome of the audit.

23
Q

AI Act Fines

A

€35 million or 7% of total worldwide turnover (revenue) - For operating an AI system with unaccaptable risk in violation of Art. 5

€7.5 million or 1% of worldwide turnover - Supplying incorrect, incomplete or misleading information to notified bodies or national competent authorities

€15 million or 3% of worldwide turnove - other violations

whichever is higher

24
Q

Privacy by Design vs Privacy by Default

A

The GDPR treats Pb Design and Pb Default as separate concepts but requires the implementation of both.

25
Q

Privacy by Design Principles

A

(1) Proactive, not Reactive; Preventative, not Remedial
(2) Privacy by Default
(3) Privacy Embedded into Design
(4) Full Functionality; Positive Sum, Not Zero Sum
(5) End-to-End Security; Life Cycle Protection
(6) Visibility and Transparency
(7) Respect for User Privacy

Applies only to controllers (of any size), not processors, but applies indirectly to processors to the extent it enables controllers to fulfill obligations

26
Q

No-option consent

A

According to the 2012 FTC Report, a no option form of consent may be used for most first-party marketing.

As set forth in this report, there are four additional principles that should be followed when sharing information for these purposes:
(1) companies should provide consumers with a choice whether to be tracked across other parties’ websites;
(2) affiliates should be treated as third parties unless that affiliate relationship is clear to consumers;
(3) cross-channel marketing is generally permitted without offering a choice of consent because it is consistent with the context of a consumer’s interaction with a company; and
(4) companies should implement measures to improve the transparency of data enhancement.

27
Q

Privacy Impact Assessment

A

Analyzes discrete products, services, processes, or events to determine the risks associated with processing data in a particular way
- Should be conducted before a new type of processing data is implemented
- Sometimes required by law (Canada Privacy Act, U.S. E-Government Act of 2002, Virginia’s VCDPA; Brazil’s LGPD)

27
Q

Privacy Assessment

A

A holistic review of an organization’s entire privacy risk profile.
Analyzes an organization’s compliance with the entirety of its porgram; both objective (e.g. system logs) and subjective (e.g. employee interview) analysis.

It includes the review of both applicable laws and internal policies

28
Q

Privacy Theshold Analysis

A

A short analysis looking at risk of processing data in a particular way to determine whether a full PIA is necessary.

29
Q

Data Protection Impact Assessment (DPIA)

A

An analysis similar to a PIA that is subject to specific rules set forth in the GDPR
- Two goals: 1) helps lower risk and 2) shows GDPR compliance
- Supervisory authority may need to be consulted if a DPIA shows a hirh risk to individuals
- Must be performed when the contemplated processing “is likely to result in a high risk to the rights and freedoms of natural persons,” including: (1) systemic automated processing that results in legal or similar effects; (2) large-scale processing of “special” categories of information; and (3) systemic monitoring of publicly accessible area
- If a decision is made not to conduct a DPIA, the reasons why should be documented
- Must include: (1) description of processing and legitimate interest pursued; (2) an assessment of necessity and proportionality; (3) an assessment of the risks to individual freedoms of data subjects; and (4) identification of measures to address any risks

30
Q

Article 29 Working Party: Processing is likely to present a high risk to the rights and freedoms of data subject. (Triggers a DPIA)

A

(1) processing involves evaluation or scoring;
(2) automated decision-making results in legal or similar consequences;
(3) there is systemic monitoring;
(4) sensitive or highly-personal data is processed;
(5) data is processed on a large scale;
(6) different data sets about a subject are matched or combined;
(7) data about vulnerable data subjects is processed;
(8) new technologies or innovative techniques are used; and
(9) processing prevents data subjects from exercising rights or using a product or service.

31
Q

ISOs recommended steps to conduct a PIA (Privacy Impact Assessment)

A

1) Conducting an analysis of whether a PIA is needed
2) Preparing to conduct the PIA
3) Performing a PIA
4) Following up on the PIA