CH. 1 Flashcards Preview

CIPP/US > CH. 1 > Flashcards

Flashcards in CH. 1 Deck (20)
Loading flashcards...

Define Privacy

"the right to be let alone," HLR. The desire of people to freely choose the circumstances and the degree to which individuals will expose their attitudes and behavior to others.


Classes of Privacy

1) Information Privacy - PII
2) Bodily Privacy - intrusion on the physical being
3) Territorial Privacy - intrusion on the environmental or geographical
4) Communications Privacy - Intrusion on the means of correspondence


Fair Information Practices

(AKAs: FIP, Fair Information Privacy Practice, FIPP)

Means by which to organize rights and responsibilities as to personal information. Four Principles:

1) Individual's rights
2) Controls on the Information
3) Information Lifecycle
4) Management


FIP/FIPP - Individual's rights

- Notice about policy, procedure, and purpose of collection, use, and how its retained and disclosed
- Choice and consent as to above with either explicit or implicit consent
- Data subject access to personal information for review and update


FIP/FIPP - Controls on the Information

- Information security showing implemented safeguards
- Information quality standards having accurate, complete, and relevant information


FIP/FIPP - Information Lifecycle

- Collection limited to notice
- Use and retention limited to notice and consent "for as long as necessary"
- Disclosure limited to notice and consent


FIP/FIPP - Management

- Management and action to define, document, communicate, and assign accountability
- monitoring and enforcement of compliance and complaints



Personally Identifiable Information
- as opposed to aggregate o statistical information
- information that makes it possible to identify
- ex. ssn, passport no., street add, telephone, and email


Sensitive PII

PII with higher scrutiny
- ex. ssn, fin info, driver license no., and health info


Non-Personal Information

De-identified or anonymized information


Pseudonymized data

Information on data subject retained under pseudonym
- often reversible
- useful in drug tests, if trial has adverse effects and individuals need to be contacted


Gray areas of data collection

ex. operaional data, intellectual proprty, informationabout products and services, IP address


Sources of Personal data

The source of data can alter its treatment.
- public records
- publicly available information
- non-public information


Processing Personal Information

the collection, recording, organization, storage, updating or modification, transmission, dissemination or making available in any other form, linking, alignment or combination, blocking, erasure, or destruction of personal information.
1) data subject - individual
2) data controller - organization with authority over data
3) data processor - processor on behalf of controller


Sources of Privacy Protection

- Markets - concerns of the consumer
- Technology - ability to encrypt
- Law - traditional source
- Self-regulation and co-regulation - where self-regulation is the legislation (who defines privacy rules), enforcement (who initiates action), and/or adjudication (who decides a violation occurred)


Data Protection Models

1) Comprehensive Model
2) Sectorial Model
3) Co-Regulatory and Self-Regulatoy Model


Data Protection Model - Comprehensive

- governs the collection, use, and dissemination of personal information
- formed as a reaction to remedy past injustices, ensure consistency, and promote e-commerce
- con: its a one size fits all; stifles innovation


Data Protection Model - Sectorial

- protection of PII by enacting laws addressing a particular industry standard
- con: no single data protection authority; overlap in laws


Data Protection Model - Co-regulatory

- emphasis on industry, development of enforceable codes or standards for privacy and data protection with legal regulations
- ex. U.S.'s Children's Online Privacy Protection Act


Data Protection Model - Self-regulatory

- emphasis on creation of codes of practice for the protection of PII by a corporation, industry, or independent body
- generally, no legal framework