Chapter 1: Introduction to Privacy

Question 1

Definition of Privacy

Answer 1

The desire of people to freely choose the circumstance and the degree to which individuals will expose their attitudes and behavior to others

Question 2

What are the 4 categories/classes of privacy?

Answer 2

• Information
• Bodily
• Territorial
• Communications

Question 3

What is Information Privacy?

Answer 3

Information Privacy is the collection and handling of personal information.

Question 4

What is Bodily Privacy?

Answer 4

Bodily Privacy is a person’s physical being and any invasion thereof.

Question 5

What is Territorial Privacy?

Answer 5

Territorial Privacy is the placing of limits on the ability to intrude into another individual’s environment.

Question 6

What is Communications Privacy?

Answer 6

Communications Privacy is the protection of the means of correspondence.

Question 7

What provisions of privacy protection are built into the US Constitution?

Answer 7

• 3rd Amendment
  
  • banned soldiers from living in people’s homes
• 4th Amendment
  
  • requires a search warrant before entering a home
• 5th Amendment
  
  • prohibits people from being compelled to testify against themselves
• 14th Amendment
  
  • requirement of due process under the law
  • protects against intrusions into a person’s bodily autonomy

Question 8

What declaration formally announced that “no one shall be subjected to arbitrary interference with their privacy, family, home, or correspondence”?

Answer 8

The Universal Declaration of Human Rights by the United Nations (December 1948)

Question 9

What does Article 8 of the European Convention for the Protection of Human Rights & Fundamental Freedoms (1950) state?

Answer 9

“Everyone has the right to respect for his private and family life, his home and his correspondence”

Question 10

What are the 4 models of privacy protection

Answer 10

• Comprehensive
• Sectoral
• Self-regulatory
• Technology

Question 11

What are the laws in the area of protecting information about individuals called?

Answer 11

Privacy law

Question 12

What is “Privacy law” also known as?

Answer 12

Data privacy or information privacy law, and data protection law

Question 13

FIPs stands for:

Answer 13

Fair Information Practices

Question 14

What are FIPs also known as?

Answer 14

Fair Information Privacy Practices or Principles

Question 15

What are FIPs?

Answer 15

FIPs are guidelines for handling, storing, & managing data with privacy, security, and fairness in an information society that is rapidly evolving.

Question 16

What are some important codifications of FIPs?

Answer 16

• 1973 US Department of Health, Education and Welfare Fair Information Practice Principles
• 1980 Organisation for Economic Co-operation and Development (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (“OECD Guidelines”)
• 1981 Council of Europe Convention for the Protection of Individuals with Regard to the Automatic Processing of Personal Data (“Convention 108”)
• The Asia-Pacific Economic Cooperation (APEC, 2004)
• The 2009 Madrid Resolution — International Standard on the Protection of Personal Data and Privacy

Question 17

What are the 4 categories of FIPs?

Answer 17

• Rights of Individuals
• Controls on the Information
• Information Life Cycle
• Management

Question 18

What should organizations address with regards to the rights of individuals?

Answer 18

• Notice
• Choice & Consent
• Data Subject Access

Question 19

How should organizations address notice?

Answer 19

By providing notice about privacy policies and procedure and should identify the purpose for which personal information is collected, used, retained, & disclosed.

Question 20

How should organizations address choice and consent?

Answer 20

Describing the choices available to individuals and should get implicit or explicit consent with respect to the collection, use, retention, and disclosure of personal information.

Question 21

How should organizations address data subject access?

Answer 21

Providing individuals with access to their personal information for review and update.

Question 22

How should organizations focus on the controls on the information?

Answer 22

• Information Security
• Information Quality

Question 23

How should organizations focus on information security?

Answer 23

Use reasonable administrative, technical, & physical safeguards to protect personal information against unauthorized access, use, disclosure, modification, & destruction.

Question 24

How should organizations focus on information quality?

Answer 24

Maintain accurate, complete, and relevant personal information for purposes identified in a notice.

Question 25

How should organizations address the life cycle of information?

Answer 25

• Collection
• Use & Retention
• Disclosure

Question 26

How should organizations address collections?

Answer 26

Collect personal information only for the purposes identified in the notice.

Question 27

How should organizations address use & retention?

Answer 27

Limit the use of personal information to the purposes identified in the notice and for which the individual has provided implicit or explicit consent. Retain personal information for only as long as necessary to fulfill the stated purpose.

Question 28

How should organizations address disclosures?

Answer 28

Disclose personal information to third parties only for the purposes identified in the notice and with implicit or explicit consent of the individual.

Question 29

How should organizations ensure that they regard management?

Answer 29

• Management & Administration
• Monitoring & Enforcement

Question 30

How should organizations ensure that they address management and administration?

Answer 30

Define, document, communicate, & assign accountability for their privacy policies and procedures.

Question 31

How should organizations ensure that they address monitoring and enforcement?

Answer 31

Monitor compliance with their privacy policies and procedures and have procedures to address privacy-related complaints and disputes.

Question 32

What is OECD?

Answer 32

OECD is an international organization that originally included the US and European countries but has expanded

Question 33

What is the set of privacy principles that OECD published in 1980 and later updated in 2013?

Answer 33

“Guidelines on the Protection of Privacy and Transborder Flows of Personal Data”

Question 34

What is the Collection Limitation Principle?

Answer 34

There should be limits to the collection of personal data & any such data should be obtained by lawful & fair means and, where appropriate, with the knowledge of consent of the data subject

Question 35

What is the Data Quality Principle?

Answer 35

Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete, & kept up to date

Question 36

What is the Purpose Specification Principle?

Answer 36

The purpose for which personal data are collected should be specified not later than at the time of data collection & the subsequent use limited to fulfillment of those purposes or such others as aren’t incompatible with those purposes & as are specified on each occasion of change of purpose

Question 37

What is the Use Limitation Principle?

Answer 37

Personal data shouldn’t be disclosed, made available, or otherwise used for purposes other than those specified in accordance with [the Purpose Specification Principle] except with the consent of a data subject or by the authority of the law

Question 38

What is the Security Safeguards Principle?

Answer 38

Personal data should be protected by reasonable security safeguards against risks

Question 39

What is the Openness Principle?

Answer 39

There should be a general policy of openness about developments, practices, & policies with respect to personal data

Question 40

What is the Individual Participation Principle?

Answer 40

An individual should have the right to:
- obtain from a data controller confirmation of whether or not they have data relating to the individual
- have communicated to the individual, data relating to them within a reasonable time, at a charge, if any, that is not excessive, in a reasonable manner, & in a form that is readily intelligible to him
- be given reasons if a request is denied & to be able to challenge such denial
- challenge data relating to the individual and, if the challenge is successful to have the data erased, rectified, completed, or amended

Question 41

What is the Accountability Principle?

Answer 41

A data controller should be accountable for complying with measures which give effect to the principles stated above

Question 42

Convention 108

Answer 42

Council of Europe passed this convention in 1981 for the Protection of Individuals with Regard to the Automatic Processing of Personal Data. It required member states of the council that signed the treaty to incorporate certain data protection provisions into their domestic law. It is similar to OECD Guidelines

Question 43

What did Convention 108 provided?

Answer 43

• Quality of data
• Special categories of data
• Data security
• Transborder data flows

Question 44

Convention 108: Quality of Data

Answer 44

Data of personal nature that is automatically processed should be obtained & stored only for specified and legit purposes. The data should be stored in a form that permits identification of the data subject no longer than is needed for the required purpose.

Question 45

Convention 108: Special categories of data

Answer 45

There are data categories that can’t be automatically processed, unless domestic law provides the appropriate safeguards. These categories are racial origin, political opinions, religious beliefs, health, sex life, & criminal convictions

Question 46

Convention 108: Data Security

Answer 46

Appropriate security measures should be taken for files containing personal data. It must be adapted for the particular function of the file and the risks involved

Question 47

Convention 108: Transborder Data Flows

Answer 47

During the transfer of data from one party of the Convention to another, privacy concerns shouldn’t prohibit the transborder flow of data. There are exceptions regarding special regulations covering certain categories of personal data

Question 48

APEC

Answer 48

A multinational organization established in 1989 with 21 Pacific Coast members in Asia and the Americas to enhance economic growth for the region and operates under a nonbinding agreement.