Term
Privacy is... (2 definitions) |
|
Definition
1) the appropriate use of personal information under the circumstances 2) An individual's right to control the collection, use and disclosure of personal information |
|
|
Term
Data protection refers to |
|
Definition
the management of personal information. |
|
|
Term
"appropriateness" in privacy depends on |
|
Definition
context, law, and individual's expectations |
|
|
Term
According to the GAPP privacy framework definition, privacy encompasses... |
|
Definition
the rights and obligations of individuals and organizations with respect to the collection, use, retention, disclosure and disposal of personal information |
|
|
Term
|
Definition
Information Bodily Territorial Communications |
|
|
Term
Personal information is any information relation to... |
|
Definition
an identified or identifiably individual |
|
|
Term
Personal data is any information relating to... |
|
Definition
an identified or identifiable natural person (data subject) |
|
|
Term
Data protection roles (4) |
|
Definition
Data Protection Authority - a supervisory entity chartered to enforce privacy or data protection laws and regulations Data Controller - individual w/ authority about how to process data subjects Data processor - processes info on behalf of data processor Data subject - an individual about whom information is being processed |
|
|
Term
Under data protection law, processing is thought of as... |
|
Definition
anything you do with personal information |
|
|
Term
|
Definition
Internal statements for users of personal information that define the handling practices of that personal information |
|
|
Term
|
Definition
Statement made to a data subject that describes how the organization collects, uses, retains, and discloses personal information |
|
|
Term
A privacy policy is ______, while a privacy notice is ________ |
|
Definition
|
|
Term
|
Definition
data has the option to op in or out. |
|
|
Term
|
Definition
personal information will be processed only if data subject agrees. ("Do you want to receive additional information"?) |
|
|
Term
|
Definition
data is used unless data subject objects |
|
|
Term
Information Lifecycle Principles - what should collection be? |
|
Definition
Collection should be limited, proportionate, and lawful |
|
|
Term
Information lifecycle principles - Use should be... |
|
Definition
limited, and based on consent |
|
|
Term
Information lifecycle principles - disclosure should occur |
|
Definition
|
|
Term
Information lifecycle principles - storage occurs |
|
Definition
only as long as necessary |
|
|
Term
Which 2 organizations provided for what is thought to be the foundation of the European Union Data Protection Directive penned in 1995? |
|
Definition
The Organisation for Economic Co-operation and Development (OECD) and Council of Europe (COE) |
|
|
Term
FIPS, OECD, and APEC all share what 3 principles? |
|
Definition
Rights of the individual, information lifecycle, and controls on information and management |
|
|
Term
EU Data Protection Direction - 2 exemptions for indirect collection of information |
|
Definition
1) notification would involve disproportionate efforts 2) disclosure is required by law |
|
|
Term
EU Data Protection Directive - legitimate processing requires _________ unless ___________ |
|
Definition
Unambiguous consent is required unless processing is necessary: 1) to protect vital interests of the data subject 2) to meet a legal obligation 3) to performa contract to which the data subject is a party or to take steps at the request of the data subject 4) for the legitimate interests of the data controller |
|
|
Term
EU Protection Directive - processing of sensitive data is prohibited, unless one of the following criteria is met: |
|
Definition
Explicit consent Protect vital interests of individual Necessary for legal claims Data subject makes information public Fulfill employment law obligations and rights of data controller |
|
|
Term
EU Data Protection Directive - special categories of data |
|
Definition
racial of ethnic origin, political opinions. religious or philosophical beliefs, trade-union membership, data concerning health / sex life, data relating to offenses or criminal convictions |
|
|
Term
EU Data Protection Directive - Adequacy is...? |
|
Definition
the EU or the European Commission's determination of whether another country has comparable information protection or privacy legislation in place that would afford the data going to that country the same protections that it's afforded in the EU |
|
|
Term
EU Data Protection Directive applies to which countries? |
|
Definition
European Economic Area countries, which include all EU countries + Iceland, Lichtenstein, and Norway. Also Israel. Note that Switzerland is NOT a member of the EEA |
|
|
Term
Which two South American countries have been deemed "adaquate" by the EU? |
|
Definition
|
|