Terms and Concepts

Question 1

A basic tenet as a privacy principle as they apply to organizations handling PI. An organization must implement procedures that protect personal information, establish procedures to receive and respond to complaints or questions, train staff, and be transparent about all procedures and practices, is an example of which key privacy concept?

Answer 1

Accountability

Question 2

This Act is a Québéquois privacy law that, other than different terminology, is similar to PIPEDA, though at a province level and came into force in 1994.

Answer 2

Act Respecting the Protection of Personal Information in the Private Sector

Question 3

What are the 3 principles of Quebec’s Act Respecting the Protection of Personal Information in the Private Sector?

Answer 3

three principles: (1) Every person who establishes a file on another person must have a serious and legitimate reason for doing so; (2) The person establishing the file may not deny the individual concerned access to the information contained in the file; (3) The person must also respect certain rules that are applicable to the collection, storage, use and communication of this information.

Question 4

What is the use of personal information about an individual in Canada in a decision-making process that directly affects that individual, called?

Answer 4

Administrative Purpose

Question 5

Under the Fair Credit Reporting Act, this term is defined very broadly to include all business, credit and employment actions affecting consumers that can be considered to have a negative impact, such as denying or canceling credit or insurance, or denying employment or promotion.

Answer 5

Adverse Action

Question 6

What is the name and year this Act came into force of a privacy law in the Canadian province of Alberta, similar to PIPEDA and Unlike PIPEDA, these acts clearly apply to employee information.

Answer 6

Alberta PIPA PIPA (Personal Information Protection Act) came into force in 2004.

Question 7

What is a U.S. professional organization of certified public accountants and co-creator of the WebTrust seal program?

Answer 7

American Institute of Certified Public Accountants

Question 8

What is the process by which an entity (such as a person or computer system) determines whether another entity is who it claims to be called?

Answer 8

Authentication

Question 9

This Act is a privacy law in the Canadian province of British Columbia, similar to PIPEDA. Unlike PIPEDA, these acts clearly apply to employee information. What is the name and year this act came into force?

Answer 9

BC PIPA (Personal Information Protection Act) came into force in 2004.

Question 10

What do you call advertising that is targeted at individuals based on the observation of their behaviour over time?

Answer 10

Behavioral Advertising

Question 11

This term is one of the 4 classes of Privacy and Focused exclusively on a person’s physical body.
Includes genetic testing, drug testing, biometrics, body cavity searches.

Answer 11

Privacy of the person aka Bodily Privacy

Question 12

What are the four classes of Privacy?

Answer 12

Privacy of the person, Information Privacy, Territorial Privacy and Communications Privacy.

Question 13

This term is the requirement that an organization notify regulators and/or victims of incidents affecting the confidentiality and security of personal data.

Answer 13

Breach Disclosure

Question 14

This legislation applying to all forms of electronic messaging. It requires that when a commercial electronic message (CEM) is sent, consent, identification and unsubscribing requirements must be complied with. Typically, consent from the recipient must be obtained before a CEM is sent.

Answer 14

Canada’s Anti-Spam Legislation

Question 15

This organization is a Canadian health informatics association whose mission is to promote health technology systems and the effective use of health information.

Answer 15

Canadian Organization for the Advancement of Computers in Health

Question 16

This organization is a non-profit standards organization that developed its own set of privacy principles and broke the OECD’s code into ten principles

Answer 16

Canadian Standards Association

Question 17

What are the Organization for Economic Co-Operation and Development (OECD) ten privacy principles and when where they established?

Answer 17

Established in 1981, the principles are (1) Accountability; (2) Identifying purposes; (3) Consent; (4) Limiting Collection; (5) Limiting Use, Disclosure, and Retention; (6) Accuracy; (7) Safeguards; (8) Openness; (9) Individual Access; (10) Challenging Compliance.

Question 18

What is CCTV?

Answer 18

Originally an acronym for “closed circuit television,” CCTV has come to be shorthand for any video surveillance system.

Question 19

What is one issue with CCTV?

Answer 19

Originally, such systems relied on coaxial cable and was truly only accessible on premise. Today, most surveillance systems are hosted via TCP/IP networks and can be accessed remotely, and the footage much more easily shared, eliciting new and different privacy concerns.

Question 20

Describe Charter Rights and what year where they established?

Answer 20

Established in 1982, Charter Rights are created by the Canadian Charter of Rights and Freedoms. They are constitutional rights and thus are considered to be the most valued rights in Canada.

Question 21

Which fair information practices principle is the principle stating there should be limits to the collection of personal data, that any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject?

Answer 21

Collection Limitation

Question 22

What does Commercial Activity under Canada’s PIPEDA mean?

Answer 22

Any particular transaction, act or conduct, or any regular course of conduct, that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fundraising lists. Non-profit associations, unions and private schools are likely to be found to exist outside of this definition.

Question 23

What is a Commercial Electronic Message?

Answer 23

Any form of electronic messaging, including e-mail, SMS text messages and messages sent via social networking about which it would be reasonable to conclude its purpose is to encourage participation in a commercial activity.

Question 24

Which one of the four classes of privacy encompasses protection of the means of correspondence, including postal mail, telephone conversations, electronic e-mail and other forms of communicative behavior and apparatus?

Answer 24

Communications Privacy

Question 25

Describe Comprehensive Laws.

Answer 25

Laws that govern the collection, use and dissemination of personal information in the public and private sectors.

Question 26

Describe Computer Forensics

Answer 26

The discipline of assessing and examining an information system for relevant clues even after it has been compromised by an exploit.

Question 27

This privacy requirement is one of the fair information practices. With it, individuals must be able to prevent the collection of their personal data, unless the disclosure is required by law. If an individual has choice about the use or disclosure of his or her information, this is the individual’s way of giving permission for the use or disclosure?

Answer 27

Consent

Question 28

What are they two types of consent?

Answer 28

(1) Affirmative/Explicit Consent and (2) Implicit Consent.

Question 29

What is Affirmative/Explicit Consent?

Answer 29

A requirement that an individual “signifies” his or her agreement with a data controller by some active communication between the parties.

Question 30

What is Implied Consent?

Answer 30

Implied consent arises where consent may reasonably be inferred from the action or inaction of the individual.

Question 31

What is a cookie and what does it do?

Answer 31

A cookie is a small text file stored on a client machine that may later be retrieved by a web server from the machine. Cookies allow web servers to keep track of the end user’s browser activities, and connect individual web requests into a session. Cookies can also be used to prevent users from having to be authorized for every password protected page they access during a session by recording that they have successfully supplied their username and password already.

Question 32

What is a first-party cookie?

Answer 32

A cookie that is placed by the website that is visited.

Question 33

What is a third-party cookie?

Answer 33

A cookie that is placed by a party other than the visited website.

Question 34

What is the difference between session cookies and persistent cookies?

Answer 34

Session cookies are deleted when a session ends, and persistent cookies remain longer.

Question 35

What organization’s ten privacy principles are based on the OECD Guidelines and serve as the basis of Canada’s PIPEDA.

Answer 35

CSA (Canadian Standards Association) Privacy Principles

Question 36

The unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by a data collector, is called what?

Answer 36

Data Breach

Question 37

What do you call an organization or individual with the authority to decide how and why information about data subjects is to be processed?

Answer 37

Data Controller

Question 38

What do you call any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Answer 38

Data Processing.

Question 39

What do you call an organization or individual that processes data on behalf of the data controller?

Answer 39

Data Processor

Question 40

These supervisory authority chartered to enforce
privacy or data protection laws and regulations. In Canada, they are privacy commissioners or ombudspersons.

Answer 40

Data Protection Authority or Regulator

Question 41

What fair information practices principle, it is the principle that personal data should be relevant to the purposes for which it is to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.

Answer 41

Data Quality

Question 42

What four criteria is the quality of data judged by?

Answer 42

The quality of data is judged by four criteria: Does it meet the business needs?; Is it accurate?; Is it complete?, and is it recent? Data is of an appropriate quality if these criteria are satisfied for a particular application.

Question 43

What do you call an individual about whom information is being processed?

Answer 43

Data Subject

Question 44

A Latin expression meaning “from the beginning,” “anew” or “beginning again.” In a legal context, this type of hearing is one in which a higher authority can make a new decision, entirely ignoring the findings and conclusions of a lower authority.

Answer 44

De Novo

Question 45

What is the term called when the seller directly contacts an individual, in contrast to marketing through mass media such as television or radio.

Answer 45

Direct Marketing

Question 46

This Privacy class includes all information about a person fundamentally belongs to them, for them to communicate or retain as they see fit and includes financial information, medical data, or other records

Answer 46

Information privacy

Question 47

This class of privacy, limits the ability of an individual or organization to intrude onto another individual’s physical environment.
Includes the individual’s home and workplace, hotels, meeting places, and some public spaces;
physical search of premises, video or audio surveillance, ID checks, etc.

Answer 47

Territorial privacy

Question 48

This class of privacy is a subset of information privacy. Protection of the means of correspondence and includes items such as postal mail, telephone conversations, email, texts and other forms of communicative behaviour.

Answer 48

Communications privacy

Question 49

This perspective of privacy in Canada refers to the extent to which an individual is free to live their life without the state interfering or knowing what the individual is doing

Answer 49

Privacy of the individual vis-à-vis the state.

Question 50

This perspective of privacy in Canada refers to what extent an individual can live life free from intrusion from another individual, such as a neighbour, coworker, spouse,
parent or child

Answer 50

Privacy of the individual vis-à-vis other individuals

Question 51

This perspective of privacy in Canada refers to the extent to which organizations can collect, use and disclose personal information about an individual and, once they have collected such information, what obligations they have.

Answer 51

Privacy of the individual vis-à-vis other organizations

Question 52

This declaration formally advanced the notion that “[n]o one shall be subjected to arbitrary interference with his privacy, family, home or correspondence”

Answer 52

Universal Declaration of Human Rights, 1948

Question 53

This international treaty was enacted to protect fundamental rights and freedoms and applies only to member states in the EU. It echoes the Human Rights Declaration: “[E]veryone has the right to respect for his private and family life, his home and his correspondence” and Enforcement via the European Court of Human Rights

Answer 53

European Convention for the Protection of Human Rights and Fundamental Freedoms, 1950

Question 54

What is the political structure of the Canadian Government.

Answer 54

Canada is a federal state with three levels of government - Federal, Provincial & Territorial, Municipal

Question 55

What political system is used in Canada?

Answer 55

A parliamentary system is used throughout Canada at the federal and provincial levels.

Federally, Senate representatives are appointed by the governor in council on the recommendation of the prime minister.

Representatives in the House of Commons are elected in general elections that are normally held every four years, they represent a particular political party. The Party with most representatives forms the government and the leader of the majority party becomes prime minister. The PM selects ministers to form the executive branch and Ministers oversee the ministries that carry out laws and government policies.

Question 56

What are the sources of privacy law in Canada?

Answer 56

Legislation - federal = Privacy Act and Private Sector PIPEDA, Common Law - judge-made through decisions rendered by judges over time. Contracts - Private laws created by parties who agree to be bound by certain terms (especially with outsourcing). Constitution and Charter Section 7 (life, liberty and security of person) & 8 (secure against unreasonable search and seizure)

Question 57

What is the scope and application of privacy law?

Question 58

“The right to be forgotten” is a concept
of privacy that arose from what?

Answer 58

Associated with information privacy; specifically, a 2014 European court ruling (Google Spain v AEPD and Mario Costeja González) that a search engine should allow online users to be “forgotten” after a certain time by erasing links to web pages unless there are public interest reasons not to do so

Question 59

Which legal model of data protection
does Canada follow?

Answer 59

Comprehensive

Question 60

What is the difference between a
privacy policy and a privacy notice?

Answer 60

A privacy notice is typically delivered on an org website and includes a description of an organization’s information management practices. May also be called privacy statement. A privacy policy, while sometimes confused with Privacy Notice usually refers to an internal statement for employees, volunteers, contractors, etc or an organization.

Question 61

“The right to be let alone” is a concept of privacy that arose from what?

Answer 61

“The Right to Privacy,” Harvard Law Review, Samuel Warren and Louis Brandeis, 1890

Question 62

What are the three basic data subject rights?

Answer 62

Notice, Choice and Access.

Question 63

The ability to specify whether personal information will be collected and/or how it will be used or disclosed, is what data subject right?

Answer 63

Choice

Question 64

How can choice be given?

Answer 64

Choice can be express (given specifically) or implied (inferred from actions on the part of the individual). Examples of Opt-in: Individual actively gives consent. Examples of Opt-out: Consent assumed unless the affected individual specifically withdraws it

Question 65

Describe the Access data subject right.

Answer 65

The ability to view personal information held by an organization and may be supplemented by allowing updates or corrections to the information.

Question 66

What makes up the Executive Branch of the Canadian Government?

Answer 66

Prime minister (leader of majority party) and Cabinet

Question 67

What areas is Federal government responsible for under the Federalist jurisdiction/division of powers?

Answer 67

Criminal law, federally regulated matters (banking,
telecommunications, energy), national defense, and trade and commerce

Question 68

What areas are the Provicial government responsible for under the Federalist jurisdiction/division of powers?

Answer 68

Hospitals, education, provincial courts and
municipalities

Question 69

What makes up the Legislative branch and what does it do?

Answer 69

Legislative Branch is made up of the Senate, the House of Commons and Officers of Parliament and it introduces, debates, and passes bills and policies and plays a role in the oversight of the executive branch

Question 70

What makes up the Judiciary branch?

Answer 70

Made up of a network of federal and provincial courts. Headed by the Supreme Court of Canada.

Question 71

What is the role of the Courts in Canada?

Answer 71

Courts interpret laws, have constitutional authority to review laws and government actions to ensure they do not violate the Charter and have general authority to review most government decisions (judicial review).

Question 72

What is the role of Administrative Tribunals in Canada?

Answer 72

Administrative Tribunals interpret laws and (in some instances) can also enforce Charter rights. They may make decisions on behalf of federal or provincial governments.
Some federal administrative tribunals manage regulation of broadcasting and telecommunications, the immigration system, and labour relations involving federally regulated employers.

Question 73

What is the role of the federal privacy commissioner?

Answer 73

Officer of Parliament, who is accountable to the legislature. No order making power (currently).

Question 74

What are the types of law in Canada? Describe them.

Answer 74

They are common law and civil law. Common Law is a mix of statute law and precedent or “judge made law”. Its used everywhere except QC. Quebec uses Civil, where laws are codified into a civil code.