Basic Terms/Privacy Overview Flashcards

You may prefer our related Brainscape-certified flashcards:
1
Q

EU - U.S. Safe Harbor Agreement

A

An agreement between the EU and US, invalidated by the Court of Justice of the EU in 2015, that allowed for the legal transfer of PI between the EU and US in absence of a comprehensive adequacy decision for the US. It was replaced by the EU-US Privacy Shield

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Privacy Shield

A

Created in 2016 to replace the invalidated EU-US Safe Harbor agreement, the Privacy Shield is an adequacy agreement that allows for the transfer of personal data from the EU to the US for companies participating in the program. Only those companies that fall under the jurisdiction of the US FTC may certify to the Shield principles and participate, which notably excludes health care, financial services, and non-profit institutions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Binding Corporate Rules (BCRs)

A

An appropriate safe guard allowed by GDPR to facilitate cross-border transfers of PI between the various entities of a corporate group worldwide. They do so by ensuring that the same high-level of protection of personal data is complied with by all members of the organizational ground by means of a single set of binding, and enforcement rules.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Standard Contractual Clauses

A

Adopted either directly by the European Commission or by a supervisory authority. Contractual clauses or mechanisms by which organizations can commit to protect personal data to facilitate ongoing and systematic cross-border personal data transfers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Certification Mechanisms

A

Introduced by GDPR, a new valid adequacy mechanism for the transfer of personal information outside of the EU in the absence of an adequacy decision and instead of other mechanisms such as BCRs or contractual clauses. Certification Mechanisms must be developed by certifying bodies, approved by data protection authorities or the European Data Protection Board, and have a methodology for auditing compliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Electronic Discovery (e-Discovery)

A

Requires civil litigants to turn over large volumes of a company’s electronic records in litigation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

EU Data Protection Directive

A

Replaced by GDPR in 2018, the directive was adopted in 1995, effective in 1998 and was the first EU-wide legislation that protected individuals’ privacy and personal data use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

APEC Privacy Framework

A

A set of non-binding principles adopted by APEC that mirror the OECD Fair Information Privacy Practices. They seek to promote electronic commerce throughout the Asia-Pacific region by balancing information privacy with business needs
iii. Note: The details of GDPR and the APEC framework are outside the scope of CIPP/US. Just need to understand the high-level concept.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Right to Financial Privacy Act of 1978

A

Summary:
1. Request must reasonably identify the records
2. Requests must be justified by one of the following:
o Customer authorization
o Admin subpoena or summons
o Judicial subpoena or summons
o Written law enforcement request
3. Agencies must provide the customers written notice of the request and wait 10 days from service or 14 days from mailing to access records

Detail:
Governs the release of customer financial information to federal government authorities. The act defines both the circumstances under which a financial institution can volunteer information about a customers’ financial records to federal government authorities and the applicable procedures and requirements to follow when the federal government is requesting customers’ financial information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Bank Secrecy Act of 1970 (BSA)

A

Summary:

  1. Requires financial institutions to maintain records for customer activity for five years
  2. Currency Transaction Reports (CTR) – must report cash transactions totaling more than $10,000 in a single day
  3. Suspicious Activity Report (SAR) – institutions must report suspected money laundering, or a customer is deliberately taking actions to miss the CTR limits.

Detail:
A US federal law that requires US financial institutions and money services businesses (MSBs), which are entities that sell money orders or provide cash transfer services, to record, retain and report certain financial transactions to the federal government. This requirement is meant to assist the government in the investigation of money laundering, tax evasions, terrorist financing, and various other domestic and international criminal activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

First privacy text in us

A

1890 HBS the right to privacy by Samuel Warren and Louis Brandeis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

FCRA

A

Fair credit reporting act

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

FACTA

A

Fair and accurate credit transactions act

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

GLBA

A

Gramm-leach-bliley act

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

FERPA

A

Family educational rights and privacy act

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

PPRA

A

Protection of pupil rights amendment

17
Q

COPPA

A

Children’s online privacy protection act

18
Q

When did UN take privacy into account?

A

Art. 12 of Universal Declaration of Human rights in 1948

19
Q

When was the FCRA?

A

1970

20
Q

When US DoH FIPS?

A

1973

21
Q

What is personal data?

A

Identified or identifiable individual

22
Q

What is a privacy policy?

A

It is an internal statement governing privacy practices in a company.

23
Q

What are the four classes of privacy?

A

Information
Bodily
Territorial
Communication

24
Q

In the US and other countries, laws about the protection of information about individuals is known as what?

A
  • Privacy law
  • Data privacy law
  • Information privacy law
25
Q

In the EU and other countries, laws about the protection of information about individuals is known as what?

A

Data protection law

26
Q

How did Samuel Warren and Louis Brandeis define privacy in their 1890 Harvard Law Review article, “The Right to Privacy”?

A

The right to be let alone

27
Q

What is information privacy concerned with?

A

Establishing rules that govern the collection and handling of personal information

28
Q

What is bodily privacy concerned with?

A

A person’s physical being and any invasion thereof

29
Q

What is territorial privacy concerned with?

A

Placing limits on the ability to intrude into another individual’s environment

30
Q

What is communications privacy concerned with?

A

Protection of the means of correspondence

31
Q

In what year did the California add an explicit “right to privacy” guarantee to the California Constitution?

A

1974

32
Q

In what year did the General Assembly of the United Nations adopt and proclaim the Universal Declaration of Human Rights, which formally announced that “no one shall be subjected to arbitrary interference with his privacy, family, home or correspondence”?

A

1948

33
Q

What type of practices have been a significant means for organizing the multiple individual rights and organizational responsibilities that exist with respect to personal information?

A
  • Fair Information Practices (FIPs)

* Sometimes called fair information privacy practices or principles (FIPPs)

34
Q

What are 5 examples of codifications of Fair Information Practices (FIPs)?

A
  • The 1973 U.S. Department of Health, Education and Welfare Fair Information Practice Principles
  • The 1980 Organisation for Economic Co-operation and Development (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (“OECD Guidelines”)
  • The 1981 Council of Europe Convention for the Protection of Individuals with Regard to the Automatic Processing of Personal Data (“Convention 108”)
  • The Asia-Pacific Economic Cooperation (APEC), which in 2004 agreed to a Privacy Framework
  • The 2009 Madrid Resolution—International Standards on the Protection of Personal Data and Privacy
35
Q

What is a Fair Information Practices (FIP)?

A

FIPs are guidelines for handling, storing and managing data with privacy, security and fairness in an information society that is rapidly evolving.