Ch. 1 - Intro into US Privacy Environment Quiz

Question 1

People with a “privacy fundamentalist” attitude towards privacy exhibit:

a. A strong desire to protect privacy
b. Low worries about privacy
c. Varying concern about privacy depending on context
d. None of the above

Answer 1

a. A strong desire to protect privacy

Question 2

People with a “privacy unconcerned” attitude towards privacy exhibit:

a. A strong desire to protect privacy
b. Varying concern about privacy depending on context
c. Low worries about privacy
d. None of the above

Answer 2

c. Low worries about privacy

Question 3

Which of the following is an attribute of a “privacy pragmatist”?

a. Level of concern is dependent on context
b. Willing to give up some privacy in exchange for benefits
c. Strong desire to protect privacy at any cost
d. Only a and b

Answer 3

d. Only a and b

Question 4

Which of the following is a privacy regulating body in the US?

A. FTC (Federal Trade Commission)
B. FCC (Federal Communications Commission)
C. HHS (Department of Health and Human Services)
D. all of the above

Answer 4

D. all of the above

The FCC has regulatory programs in place to protect your privacy.
Your telephone calling records, Broadband Consumer Privacy, Protecting your caller ID privacy

How does the FTC regulate privacy?
The FTC has brought enforcement actions addressing a wide range of privacy issues, including spam, social networking, behavioral advertising, pretexting, spyware, peer-to-peer file sharing, and mobile. These matters include over 130 spam and spyware cases and 75 general privacy lawsuits.

HHS’ Office for Civil Rights is responsible for enforcing the Privacy and Security Rules.

Question 5

Which of the following bodies represents an expert resource for other Federal agencies in terms of privacy issues?

A. Federal Communications Commission
B. Department of Commerce
C. Federal Reserve
D. Federal Trade Commission

Answer 5

D. Federal Trade Commission

The FTC has been the chief federal agency on privacy policy and enforcement since the1970s, when it began enforcing one of the first federal privacy laws – the Fair Credit Reporting Act.

Question 6

TRUSTe, BBB and CARU are all examples of:

A. Federal regulations
B. privacy legislation
C. industry self-regulation
D. both a and b

Answer 6

C. industry self-regulation

The Children’s Advertising Review Unit (CARU) is a U.S. self-regulatory organization that was established in 1974 and is administered by BBB National Programs.

TRUSTe started as a non-profit association to foster online commerce by helping organizations self-regulate privacy concerns. It wanted online businesses to work together to address the rising privacy fears of consumers.

Question 7

What are the three main sources of personal information?

A. Public and private sector financial records, medical records and military service records.
B. Public records, publicly available information and non-public information.
C. National insurance information, employment records and law enforcement records.
D. Birth records, national and foreign government records and state/provincial government information.

Answer 7

B. Public records, publicly available information and nonpublic information are the three main sources of personal information.

Depending on the source of the personal information, there are different ways that it should be treated.

Organizations should be alert to the possibility that the same information may be public record, publicly available and nonpublic. For example, if a person’s name is in the phone book and on medical records, the name in the phone book could be treated as publicly available information whereas the name on the medical records should be treated as nonpublic information. Foundations of Information Privacy and Data Protection and Data Protection, p. 8

Question 8

The use of personal information should follow what primary principle?

A. Personal information usage should be determined by third-party contracts.
B. Personal information should be limited to the purposes identified in the notice.
C. Personal information usage should only be limited by the data controller that collected the personal information.
D. Organizations should use personal information for any and all business practices.

Answer 8

B. Personal information should be limited to the purposes identified in the notice.

The use of personal information should be limited to the purposes identified in the privacy notice.

A privacy notice is a statement made to a data subject that describes how the organization collects, uses, retains and discloses personal information. Foundations of Information Privacy and Data Protection, p.11.

Question 9

What are two of the four main categories of data protection and privacy law and practices?

A. Information privacy and territorial privacy.
B. Territorial privacy and health privacy.
C. Communications privacy and health privacy.
D. Bodily privacy and spatial privacy.

Answer 9

A. Information privacy and territorial privacy.

Information privacy and territorial privacy are of particular interest with regard to data protection and privacy laws and practices. Information privacy is concerned with establishing rules that govern the collection and handling of personal information. Territorial privacy is concerned with placing limits on the ability to intrude into another individual’s environment. Foundations of Information Privacy and Data Protection, p. 2

Question 10

Which scenario describes a breach of the fourth data protection principle?

A. The data controller processes personal data outside of the purposes for which it was collected.
B. The personal data is disclosed to a third party without lawful authority.
C. The data controller processes personal data that is inaccurate and causes harm to the data subject as a result.
D. The data controller claims legitimate interest for processing and this is objected to by the data subject.

Answer 10

C. The data controller processes personal data that is inaccurate and causes harm to the data subject as a result.

1. Lawfulness, fairness and transparency.
2. Purpose limitation.
3. Data minimisation.
4. Accuracy.
5. Storage limitation.
6. Integrity and confidentiality (security)
7. Accountability.

Lisa played Drums aggressively Sam informed Alan.

Question 11

Many references to privacy can be found all throughout recorded history. When looking at laws regarding Personal Information, which class of privacy does law concerning Personal Information pertain to?

A. bodily privacy
B. territorial privacy
C. communications privacy
D. information privacy

Answer 11

D. information privacy

Question 12

Which of the following is not (yet) part of the Fair Information Practices?

A. notice
B. choice and consent
C. disclosure
D. legal basis

Answer 12

D. legal basis

Question 13

All over the world, different models of privacy protection are adopted. Which of the following is true regarding models of privacy protection?

A. in the US there is a sectoral model, and in the EU there is a comprehensive model
B. the US only uses the co-regulatory model
C. Europe has a strong focus on the self-regulatory model
D. the laws in the US fall under the comprehensive model

Answer 13

A. in the US there is a sectoral model, and in the EU there is a comprehensive model

Question 14

How can Personal Information best be described?

A. any information relating to a natural person
B. this depends on the field and even state law
C. directory information
D. information of value

Answer 14

B. this depends on the field and even state law

Question 15

Which comprehensive privacy laws there in the US?

A. the Children’s Online Privacy Protection Act
B. HIPAA
C. None, there are no comprehensive privacy laws in the US
D. GDPR

Answer 15

C. None, there are no comprehensive privacy laws in the US