Privacy Law

Question 1

Name given to laws in this subject in the USA.

Answer 1

privacy law

Question 2

Name given to laws in the subject in the EU.

Answer 2

data protection law

Question 3

What is included in the class of privacy known as information privacy?

Answer 3

Concerned with establishing rules that govern the collection and handling of personal information (ex. financial information, government records, internet history)

Question 4

Define “sensitive personal information.”

“special categories of data”

Answer 4

Personal data revealing racial of ethnic origins, political opinions, religious or philosophical beliefs, trade union memberships, or data concerning health or sex life

Question 5

The line between personal and nonpersonal information depends on what?

Answer 5

Depends on what is “identifiable” and is often unclear

Question 6

What are the 3 sources of personal information?

Answer 6

1. public records
2. publicly available information
3. nonpublic information

Question 7

Define “processing.”

Answer 7

The collection, recording, organization, storage, updating or modification, retrieval, consultation, and use of personal information. Also includes dissemination of information.

Question 8

Define “data subject.”

Answer 8

Is the individual about whom information is being processed.

Question 9

Define “data controller.”

Answer 9

Is an organization that has the authority to decide how and why personal information is to be processed.

Question 10

Define “data processor.”

Answer 10

Is an individaul/organization (often a third-party) that processes data on behalf of the data controller.

Question 11

Typical elements of personal information:

Answer 11

Name, gender, contact information, age & dob, marital status, income, education, languages spoken

Question 12

Typical elements of human resources information:

Answer 12

Salary, job title, productivity and performance statistics, medical and pension benefits, employee evaluations, disabled veteran status, location information (GPS), nationality

Question 13

Typical elements of customer information:

Answer 13

Contact information, purchase history, history of interactions, info about leads or prospects, former customers, market research participants, recording of telephone calls, citizens that receive benefits from government, tax records

Question 14

Privacy notice

Answer 14

A statement made to a data subject that describes how an org collects, uses, retains, and discloses personal info (contracts, applications, icons, terms of use, etc.)

Serves two important services:

1. consumer education
2. organizational accountability

Question 15

3 categories of safeguards

Answer 15

1. administrative safeguards - company policies
2. technical safeguards - passwords
3. physical safeguards - a lock

Question 16

Information lifecycle principles

Answer 16

1. Collection
2. Use
3. Disclosure
4. Storage & destruction

Question 17

What is a Privacy Impact Assessment (PIAs)?

Answer 17

Checklists or tools to ensure personal information system is evaluated for privacy risks and designed with life cycle principles in mind.

Question 18

What is a Privacy Assessment/Audit?

Answer 18

Reviews of an orgs compliance with its privacy policies and procedures, applicable laws, regulations, service-level agreements, standards adopted by the entity, and other contracts.

Question 19

Define “Privacy by Design”.

Answer 19

The concept that orgs should build privacy directly into technology, systems, and practices at the design phase to ensure privacy from the outset. (7 principles)