VI - Privacy by Design Flashcards
Goal Setting
Balance org needs, manadate privacy requirements and the cultivation of customer trust/loyalty.
Document Requirements
Privacy technologists need to understand privacy requirements and be able to differentiate between:
Functional requirements - functions of the system
Nonfunctional requirements - What the system shouldn’t do.
identifying quality attributes
Nonfunctional requirements used to evaluate how a system is performing. Attributes include:
Identifiability Network centricity Confidentiality Integrity Mobility
Identifying information needs
Identify what is the least amount of personal info needed to accomplish the goal.
High-level design
How the larger parts of the system work together. Like macroeconomics. Surface-level information.
Low-level design
The details of the high-level design system. Like microeconomics. More nuanced and specific.
Imposing Controls
Reduces a threat actor’s access to PII and minimizes privacy risks when collecting and processing information.
Architecture (Imposing Controls)
Reduces the identifiability of information and decentralizes operations.
Supervision (Imposing Controls)
Enables an org to enforce privacy policies through processes, and by demonstrating that other actors (e.g. third parties) are also compliant with those polices/processes.
Security (Imposing Controls)
Data shared across domains can be secured through an “abstract and hide” strategy (e.g. encryption).
Balance (Imposing Controls)
Informs data subject and grants them control over data in order to reduce the imbalance of information and power.
Testing and Validation
Ensuring the system performs as intended (verification/testing) and satisfies the needs of the intended user base (validation).
