Privacy Program Framework - Section II.B. - Implementing a Privacy Program Framework Flashcards
The notion that individuals should not be surprised by having their information processed in a particular way prohibited by local law is sometimes referred to as what?
Surprise Minimization Rule
What type of international transfer mechanism is best described as a form of co-regulation?
Transfers made pursuant to codes of conduct of third-party certification authorities.
What did the European Court of Justice hold in the case Schrems v. Data Protection Comm’r?
The Safe Harbor program that most companies utilized to transfer data between the U.S. and E.U. was not compliant with the GDPR.
A determination that the information being transferred will be subject to an equivalent or greater level of protection in the transferee country is referred to as what?
Adequacy Decision
What are the two most prominent examples of self-regulatory authorities in the marketing industry?
(1) The Digital Advertising Alliance; and
(2) The Network Advertising Initiative.
Who is responsible for enforcing the self-regulatory principles developed by the Digital Advertising Alliance?
Both the Council of Better Business Bureaus and the Data & Marketing Association.
What is the primary reason that organizations attempt to funnel privacy-related media inquiries through a single point of contact?
To maintain a consistent message regarding an organization’s privacy practices.
What is the California Privacy Protection Agency (CPPA)?
The CPPA is an administrative agency created by the California Privacy Rights Act (CPRA), responsible for administering and enforcing the California Consumer Privacy Act (CCPA).
What made the California Consumer Privacy Act unique when compared with state and federal laws throughout the United States?
It was the first attempt in the United States to regulate information privacy with a comprehensive approach that applies to all market segments.
What types of conduct can result in a higher-level violation of the GDPR?
Higher level violations include violations of data subject rights and non-compliant cross-border transfers.
What are the ways in which information about an E.U. resident may be transferred outside of the E.U.?
(1) Adequacy decisions;
(2) Binding corporate rules;
(3) Standard contract clauses;
(4) Ad hoc contract clauses;
(5) Codes of conduct; and
(6) Derogations (or exceptions).
What countries has the E.U. determined have adequate data protection laws?
Andorra,
Argentina,
Canada,
Faroe Islands,
Guernsey,
Israel,
Ilse of Man,
Japan,
Jersey,
New Zealand,
Switzerland,
South Korea,
Uruguay, and the
United Kingdom.
In what situation(s) does the GDPR apply to data controllers and processors that operate within the E.U.?
The GDPR applies to all processing activities of data controllers and processors operating in the E.U. regardless of whether the processing occurs in the E.U.
What law requires organizations to include a “Do Not Sell My Personal Information” button on its website?
California Consumer Privacy Act (CCPA)
A well thought out and comprehensive privacy framework will be rendered useless if what happens?
There is a failure to effectively communicate that policy to internal and external stakeholders.