Ch 1 - Intro to Privacy Flashcards Preview

CIPP-US > Ch 1 - Intro to Privacy > Flashcards

Flashcards in Ch 1 - Intro to Privacy Deck (119)
Loading flashcards...
1

The FIP Category ‘Management’ includes:
a. Choice and consent; data subject access; notice
b. Rights of individuals and controls on information
c. Management and administration; monitoring and enforcement
d. All of the above

c. Management and administration; monitoring and enforcement

2

The intrusion or collection and handling of information concerning a person's physical being is part of the _____________ ______________ class of privacy.

Bodily privacy

3

An organization or individual, sometimes a third-party outsourcing service, that processes data about a Data Subject, on behalf of a Data Controller is known as a __________ __________.

Data Processor

4

What are the 4 data protection roles?

1. Data protection authority
2. Data controller
3. Data subject
4. Data processor

5

A source of information that is confidential and not available to the public, such as medical records, financial records, customer databases, and adoption records is known as __________ __________.

Nonpublic information

6

What legal protection of privacy did the General Assembly of the United Nations adopt in 1948?

The Universal Declaration of Human Rights in 12/1948, which states "no one shall be subjected to arbitrary interference with his privacy, family, home, or correspondence."

7

What data roles are the FTC, Federal financial regulators, and state attorney generals examples of?

Data protection authorities

8

The four categories of FIPs are:
a. Rights of individuals, choice and consent, data subject access, and management
b. Rights of individuals, controls on the information, information lifecycle, and management
c. Controls on the information, security and data quality, information lifecycle, and management
d. Bodily privacy, information privacy, territorial privacy, and communications privacy

b. Rights of individuals, controls on the information, information lifecycle, and management

9

What is the definition of privacy according to the 1890 Harvard Law Review Article "The Right to Privacy"?

The 'right to be left alone'

10

___________ ____________ is the data that remains when the data elements used to identify an individual are removed.

Nonpersonal information

11

The FIP category ‘Rights of Individuals’ includes:
a. Notice, choice and consent, and data subject access
b. Notice, information security, and collection
c. Notice, choice and consent, and collection
d. None of the above

a. Notice, choice and consent, and data subject access

12

What is a subset of personal information that typically requires additional safeguarding of its collection, use, and disclosure?

Sensitive personal information, which includes information such as social security number, bank account number and information, driver's license number, and medical history.

13

Genetic testing, drug testing, body cavity searches, birth control, abortion, and adoption are examples of the class of ______________ privacy.

bodily

14

____________ _____________ _____________ is a subset of personal information that generally requires added safeguards in its collection, use and disclosure.

Sensitive personal information

15

What is the class of privacy concerned with implementing rules concerning a person's correspondence with others?

Communications Privacy
Examples include mail, email, phone, and any other forms of communication.

16

Privacy is implied in which 4 amendments to the U. S. Constitution?

3rd: cannot be forced to quarter soldiers;
4th: undue seizure (authorities need a search warrant);
5th: cannot be forced to testify against or incriminate oneself;
14th: due process of law (also covered in the 5th amendment).

17

In the FIP category ‘Controls on the Information’ what information security measures should an organization take to protect personal information against unauthorized access, disclosure, use or destruction?
a. Organizations should maintain accurate, complete and relevant personal information for the purposes identified in the notice.
b. Organizations should collect personal information only for the purposes identified in the notice.
c. Organizations should use reasonable administrative, technical, and physical safeguards.
d. All of the above

c. Organizations should use reasonable administrative, technical, and physical safeguards.

18

Consumer, employee, and patient are examples of a __________ __________.

Data Subject

19

What is a subset of personal information that typically requires additional safeguarding of its collection, use, and disclosure?
a. Sensitive personal information
b. Nonpublic personal information
c. Confidential information
d. All of the above

a. Sensitive personal information

20

The intrusion into a person's environment, including residence, workplace, and public spaces is part of the ___________ __________ class of privacy.

Territorial privacy

21

What type of privacy governs the collection and handling of personal information that relates to an individual's residence?

Territorial privacy

22

A source of information that is part of public records is known as ___________ _______________ and includes sources such as real estate records, birth and death records, licensing records, and statistical records.

Public information

23

The FTC, State AGs, and financial regulators in the U.S.; and DPAs in the EU are all examples of the role __________ __________ __________.

Data Protection Authority

24

In the FIP category ‘Rights of Individuals’ what should an organization do to comply with the ‘data subject access’ standard?
a. Describe choices available to individuals and get explicit consent
b. Maintain accurate, complete and relevant personal information for purposes identified in the notice
c. Provide individuals with access to their personal information for review and update
d. None of the above

c. Provide individuals with access to their personal information for review and update

25

References in historical texts such as the Bible, Qur'an and Greek law about the importance of not engaging in gossip or intruding on others are examples of privacy as a ___________ __________.

social concept

26

What legal protection of privacy did the General Assembly of the United Nations adopt in 1948?
a. Fair Information Privacy Practices
b. Universal Declaration of Human Rights
c. Code of Fair Information Practices
d. None of the above

b. Universal Declaration of Human Rights

27

Video surveillance, ID checks, and similar technology/procedures are examples of the class of _____________ privacy.

territorial

28

What class of privacy is concerned with implementing rules for handling personal information?

Information Privacy
Examples include financial information, medical information, government records and Internet activity records

29

Financial information, medical information, government records, logs of a person's activities on the internet are examples of the class of __________ privacy.

information

30

The __________ of the __________ Act in England that addressed "peeping Toms" and "eavesdroppers" is evidence of legal protection of a person's privacy during the 1300s.

Justices of the Peace Act