Shared Flashcard Set

Details

CIPP Foundations of Privacy Exam
Foundations of Privacy Exam Flashcards
28
Law
Graduate
03/30/2013

Additional Law Flashcards

 


 

Cards

Term
Privacy is... (2 definitions)
Definition
1) the appropriate use of personal information under the circumstances
2) An individual's right to control the collection, use and disclosure of personal information
Term
Data protection refers to
Definition
the management of personal information.
Term
"appropriateness" in privacy depends on
Definition
context, law, and individual's expectations
Term
According to the GAPP privacy framework definition, privacy encompasses...
Definition
the rights and obligations of individuals and organizations with respect to the collection, use, retention, disclosure and disposal of personal information
Term
Classes of privacy
Definition
Information
Bodily
Territorial
Communications
Term
Personal information is any information relation to...
Definition
an identified or identifiably individual
Term
Personal data is any information relating to...
Definition
an identified or identifiable natural person (data subject)
Term
Data protection roles (4)
Definition
Data Protection Authority - a supervisory entity chartered to enforce privacy or data protection laws and regulations
Data Controller - individual w/ authority about how to process data subjects
Data processor - processes info on behalf of data processor
Data subject - an individual about whom information is being processed
Term
Under data protection law, processing is thought of as...
Definition
anything you do with personal information
Term
Privacy policy is...
Definition
Internal statements for users of personal information that define the handling practices of that personal information
Term
Privacy notice is...
Definition
Statement made to a data subject that describes how the organization collects, uses, retains, and discloses personal information
Term
A privacy policy is ______, while a privacy notice is ________
Definition
inbound, outbound
Term
Choice is where...
Definition
data has the option to op in or out.
Term
Opt in means
Definition
personal information will be processed only if data subject agrees. ("Do you want to receive additional information"?)
Term
Opt out means...
Definition
data is used unless data subject objects
Term
Information Lifecycle Principles - what should collection be?
Definition
Collection should be limited, proportionate, and lawful
Term
Information lifecycle principles - Use should be...
Definition
limited, and based on consent
Term
Information lifecycle principles - disclosure should occur
Definition
as stated in a notice
Term
Information lifecycle principles - storage occurs
Definition
only as long as necessary
Term
Which 2 organizations provided for what is thought to be the foundation of the European Union Data Protection Directive penned in 1995?
Definition
The Organisation for Economic Co-operation and Development (OECD) and Council of Europe (COE)
Term
FIPS, OECD, and APEC all share what 3 principles?
Definition
Rights of the individual, information lifecycle, and controls on information and management
Term
EU Data Protection Direction - 2 exemptions for indirect collection of information
Definition
1) notification would involve disproportionate efforts
2) disclosure is required by law
Term
EU Data Protection Directive - legitimate processing requires _________ unless ___________
Definition
Unambiguous consent is required unless processing is necessary:
1) to protect vital interests of the data subject
2) to meet a legal obligation
3) to performa contract to which the data subject is a party or to take steps at the request of the data subject
4) for the legitimate interests of the data controller
Term
EU Protection Directive - processing of sensitive data is prohibited, unless one of the following criteria is met:
Definition
Explicit consent
Protect vital interests of individual
Necessary for legal claims
Data subject makes information public
Fulfill employment law obligations and rights of data controller
Term
EU Data Protection Directive - special categories of data
Definition
racial of ethnic origin, political opinions. religious or philosophical beliefs, trade-union membership, data concerning health / sex life, data relating to offenses or criminal convictions
Term
EU Data Protection Directive - Adequacy is...?
Definition
the EU or the European Commission's determination of whether another country has comparable information protection or privacy legislation in place that would afford the data going to that country the same protections that it's afforded in the EU
Term
EU Data Protection Directive applies to which countries?
Definition
European Economic Area countries, which include all EU countries + Iceland, Lichtenstein, and Norway. Also Israel. Note that Switzerland is NOT a member of the EEA
Term
Which two South American countries have been deemed "adaquate" by the EU?
Definition
Argentina and Uruguay
Supporting users have an ad free experience!