Privacy Operational Life Cycle: Chapter 5 Protect: Personal data

Question 1

Privacy by Design

Answer 1

1. Proactive
2. Privacy by default
3. Embedded in design
4. Full Functionality - positive sum
5. End to end security
6. visibility and transparency
7. Respect for user privacy

Question 2

Data protection GDPR principles

Answer 2

• lawfulness, fairness, transparency
• purpose limitations
• data minimization
• accuracy
• storage limitations
• integrity and confidentiality
• accountability

Question 3

CIA

Answer 3

Confidentiality Integrity Availability

Question 4

Controls

Answer 4

Categories:
- Preventative
- Detective
- Corrective

Types:
- Physical
- Admin or policy
- Technical

Question 5

Data Privacy and InfoSec

Answer 5

Integrity (InfoSec) and Accuracy (Privacy)
Availability (InfoSec) and Access (Privacy)
Accountability (Both)
Confidentiality (when personal and nonpublic)

Question 6

Data classifications

Answer 6

Privacy: personal, sensitive, nonpersonal
InfoSec: public, confidential, highly confidential, restricted

Question 7

Role-Based Access Controls (RBAC)

Answer 7

Segregation of duties
Least privilege
Need-to-know access

Question 8

Linkability in data

Answer 8

Identified: linkable

Pseudonymous: linkable with reasonable effort, or not linkable

Anonymous: unlinkable

Question 9

InfoSec + Privacy technologies

Answer 9

Teaming: work together to evaluate controls
Don’t Reinvent: use existing reviews/audits and existing review processes
Stay Aware: be aware of security and privacy risks
Rank and Prioritize

Question 10

GDPR Article 25

Answer 10

Privacy by design
Privacy by default