CC6 - Chapter 5 Flashcards
(32 cards)
are concerned with how to procure, store, manage, interpret, analyze/apply and dispose of data in ways that are aligned with ethical principles including community responsibility.
Data handling ethics
This principle reflects the fundamental ethical requirement that people be treated in a way that respects their dignity and autonomy as human individuals. I
Respect for Persons
This principle has two elements: first, do not harm; second, maximize possible benefits and minimize possible harms.
Beneficence
This principle considers the fair and equitable treatment of people.
Justice
PIPEDA Principles
Accountability
An organization is responsible for personal information under its control and must designate an individual responsible for compliance.
Identifying Purposes
The organization must identify the purposes for which personal information is collected before or at the time of collection.
Consent
Consent must be obtained for the collection, use, or disclosure of personal information, except where inappropriate.
Limiting Collection, Use, Disclosure, and Retention
Collection should be limited to what is necessary, and personal information should not be used or disclosed for purposes other than those for which it was collected unless consent is given. Personal information should be retained only as long as necessary.
Accuracy
Personal information must be accurate, complete, and up-to-date.
Safeguards
Personal information must be protected by security safeguards appropriate to the sensitivity.
Openness
The organization must make policies and practices relating to personal information available.
Individual Access
Individuals have the right to access their personal information and challenge its accuracy and completeness.
Compliance Challenges
Organizations must be able to address compliance challenges related to these principles.
An organization is responsible for personal information under its control and must designate an individual responsible for compliance.
Accountability
The organization must identify the purposes for which personal information is collected before or at the time of collection.
Identifying Purposes
Consent must be obtained for the collection, use, or disclosure of personal information, except where inappropriate.
Consent
Collection should be limited to what is necessary, and personal information should not be used or disclosed for purposes other than those for which it was collected unless consent is given. Personal information should be retained only as long as necessary.
Limiting Collection, Use, Disclosure, and Retention
Personal information must be accurate, complete, and up-to-date.
Accuracy
Personal information must be protected by security safeguards appropriate to the sensitivity.
Safeguards
The organization must make policies and practices relating to personal information available.
Openness
Individuals have the right to access their personal information and challenge its accuracy and completeness.
Individual Access
Organizations must be able to address compliance challenges related to these principles.
Compliance Challenges
GDPR Principles
Fairness, Lawfulness, Transparency
Personal data shall be processed lawfully, fairly, and in a transparent manner in relation to the data subject.
Purpose Limitation
Personal data must be collected for specified, explicit, and legitimate purposes, and not processed in a manner that is incompatible with those purposes.
Data Minimization
Personal data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
Accuracy
Personal data must be accurate, and where necessary, kept up-to-date. Every reasonable step must be taken to ensure data accuracy, and inaccurate data should be erased or rectified without delay.
Storage Limitation
Data must be kept in a form that permits identification of data subjects only for no longer than necessary for the purposes for which the data are processed.
Integrity and Confidentiality
Data must be processed securely to ensure appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
Accountability
Data Controllers shall be responsible for and able to demonstrate compliance with these principles.
Personal data shall be processed lawfully, fairly, and in a transparent manner in relation to the data subject.
Fairness, Lawfulness, Transparency
Personal data must be collected for specified, explicit, and legitimate purposes, and not processed in a manner that is incompatible with those purposes.
Purpose Limitation
Personal data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
Data Minimization
Personal data must be accurate, and where necessary, kept up-to-date. Every reasonable step must be taken to ensure data accuracy, and inaccurate data should be erased or rectified without delay.
Accuracy
Data must be kept in a form that permits identification of data subjects only for no longer than necessary for the purposes for which the data are processed.
Storage Limitation
Data must be processed securely to ensure appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
Integrity and Confidentiality
Data Controllers shall be responsible for and able to demonstrate compliance with these principles.
Accountability
United States Privacy Program Criteria
Notice / Awareness
Data collectors must disclose their information practices before collecting personal data.
Choice / Consent
Consumers should be given options regarding how their data is used beyond the initial purpose.
Access / Participation
Consumers should be able to view and contest information about them.
Integrity / Security
Data collectors need to ensure data accuracy and security from unauthorized use.
Enforcement / Redress
Reliable mechanisms should be in place to enforce compliance and address violations.
Data collectors must disclose their information practices before collecting personal data.
Notice / Awareness
