Foundational Principles Flashcards
(35 cards)
Helen Nissenbaum’s Contextual Integrity
Norm based
norms are domain specific - IE: norms for governing banking information will differ from norms governing medical information.
Norms are context specific - IE: an individual can have their own reasons for controlling access to their information in specific situations based on their own expectations
Ryan Calo’s Harm Dimensions
Objective Harms - measurable and observable (IE: person’s privacy has been violated and direct harm exists)
Subjective Harms - expectation of harms. Subjective harms may have the same impact as objective harms because the individual has taken similar steps to protect themselves.
IE: the perception of harm is just as likely to have significantly negative impact as experienced objective harms
Security is traditionally defined as….
(1) Confidentiality - ensures that information is only accessible by unauthorized individuals
(2) Integrity - ensures that information has not been unintentionally modified
(3) Availability - ensures that information is readily available when needed
FIPs
Fair Information Practices - established by the Health, Education and Welfare Advisory Committed on Automated Data Systems in 1972
FIPPs
The Fair Information Practice Principles - US Federal Trade Commission (FTC) and used as guidance to businesses in the US
NIST
NISTIR 8062 - An Introduction to Privacy Engineering and Risk Management in Federal Systems - published by the US National Institute of Standards and Technology (NIST)
OECD
The Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980) - published by the Organization for Economic Cooperation and Development (OECD)
APEC
The Privacy Framework - published by the Asia-Pacific Economic Cooperation (APEC)
OECD Guidelines
(1) Collection Limitation - limitation of data, obtained lawfully and fair means, knowledge and consent of subject;
(2) Data Quality Principles - data should be relevant to purposes, extent necessary, accurate, complete, and up to date
(3) Purposes Specification Principle - use specified at time of collection, use is limited, specified on change of purpose
(4) Use Limitation Principle - data not disclosed, used, available for purposes outside of specific use without (1) consent or (2) authority of law
(5) Security Safeguards Principles - protected by reasonable security safeguards
(6) Openness Principle - open about development, policies and principles of data use and data controller
(7) Individual Participation Principle - individuals right to (1) obtain from data controller info about their data (2) communication re data at a reasonable time, manner and form (3) reasons if denied and challenge denial; (4) if successful, data erased
(8) Accountability Principle - data controller accountable for complying with measures
Data Life Cycle
Consent / Notice - Collection - Disclosure
Consent / Notice - Processing - Retention - Destruction
Data Collection Types
(1) First-party collection - data subject provides data directly to collector
(2) Surveillance - collector observes data streams without interfering with subject’s behavior
(3) Repurposing - data is assigned for a different use
(4) Third-party collection - data is transferred to third-party for new data collection
Explicit Consent of Data Collection
Individual is required to expressly act to communicate consent
EX: clicking a checkbox, clicking button of privacy notice, responding to automatically generated email
Passive or Complied Consent of Data Collection
IE: Inclusion of a conspicuous link on a privacy notified describing collection activities
Data Life Cycle: Maximize-Information-Utility
Views data as the basis for monetization and new revenue and seeks to collect and retain as much data as possible
Information broadly collected and shared, retention persists up to the physical limits of org’s storage devices
Data Life Cycle: Minimize-privacy-risk
Views data as potentially toxic with inherent risks that can result in significant, irreversible privacy harms
Defect, Fault, Error, Failure, and Harm
(1) Defect - a flaw in the requirements, designs or implementation that can lead to a fault (IE: a line of source code that does not correctly check that an access attempt is properly authorized)
(2) Fault - an incorrect step, process or data definition in a computer program (IE: execution of that source code that leads to error)
(3) Error - difference between a computed, observed or measured value or condition and the true, specified or theoretically correct value or condition (IE: unauthorized access as opposed to a notice that unauthorized access will occur)
(4) Failure - inability of a system or component to perform its required functions within specified performance requirements (IE: unauthorized third-party access)
(5) Harm - actual or potential danger to an individuals personal privacy
Solove’s Four Risks of Privacy Harms
(1) Information collection
(2) Information processing
(3) information dissemination
(4) invasion
Formulation of Risk
Risk is the potential adverse impact along with the likelihood that the impact will occur
Risk = probability of an adverse impact (x) impact of the event
Risk: Compliance Model
Risks are delineated as the failure to do what is required or avoid what is prohibited
IE: GDPR, HIPAA, etc.
Risk: FIPPs
Adopted by FTC and US Department of Homeland Security
Most FIPPs principles are relative to the purpose of the system
Risk: Calo’s Subjective/Objective Dichotomy
Falls into two categories - (1) Subjective and (2) Objective
Any privacy threat that is perceivable by individuals corresponds to a subjective privacy harm
Risk: Solove’s Taxonomy - Information Collection
(1) Surveillance - observation and capturing of individual’s activities (IE: Track users link clicks and pages visited)
(2) Interrogation - actively questioning an individual or probing for information (IE: requires an individual enter their phone number for registration)
Risk: Solove’s Taxomony - Information Processing
(1) Aggregation - combining pieces of information to produce a whole greater than its parts (IE: retail views purchases for large tote bags, unscented lotions, prenatal vitamins = individual is pregnant)
(2) Identification - links information to specific individuals (IE: cookies for browsing histories)
(3) Insecurity - failure to protect individual’s information (IE: website fails to encrypt communications)
(4) Secondary Use -using information without consent for purposes unrelated to original use (IE: retailer uses email for marketing purposes as opposed to purchase)
(5) Exclusion - denies an individual knowledge/participation in what is done with their information (IE: marketing firm uses purchase data to advertise under a different name)
Risk: Solove’s Taxonomy - Information Dissemination
(1) Breach of Confidentiality - release of PII
(2) Disclosure - revealing truthful information that negatively affects how others view the individual (IE: lifestyle member list)
(3) Distortion - spreading false and inaccurate information (IE: employment verification mistake)
(4) Exposure - information that is normally concealed, including private physical details about our bodies
(5) Increased accessibility - information more easily attainable (IE: child entertainment service allows adults to register and interact)
(6) Blackmail - threat to disclose information against their will
(7) Appropriation - using someone’s identity for another person’s purposes
