Term
| Privacy is... (2 definitions) |
|
Definition
1) the appropriate use of personal information under the circumstances
2) An individual's right to control the collection, use and disclosure of personal information |
|
|
Term
| Data protection refers to |
|
Definition
| the management of personal information. |
|
|
Term
| "appropriateness" in privacy depends on |
|
Definition
| context, law, and individual's expectations |
|
|
Term
| According to the GAPP privacy framework definition, privacy encompasses... |
|
Definition
| the rights and obligations of individuals and organizations with respect to the collection, use, retention, disclosure and disposal of personal information |
|
|
Term
|
Definition
Information
Bodily
Territorial
Communications |
|
|
Term
| Personal information is any information relation to... |
|
Definition
| an identified or identifiably individual |
|
|
Term
| Personal data is any information relating to... |
|
Definition
| an identified or identifiable natural person (data subject) |
|
|
Term
| Data protection roles (4) |
|
Definition
Data Protection Authority - a supervisory entity chartered to enforce privacy or data protection laws and regulations
Data Controller - individual w/ authority about how to process data subjects
Data processor - processes info on behalf of data processor
Data subject - an individual about whom information is being processed |
|
|
Term
| Under data protection law, processing is thought of as... |
|
Definition
| anything you do with personal information |
|
|
Term
|
Definition
| Internal statements for users of personal information that define the handling practices of that personal information |
|
|
Term
|
Definition
| Statement made to a data subject that describes how the organization collects, uses, retains, and discloses personal information |
|
|
Term
| A privacy policy is ______, while a privacy notice is ________ |
|
Definition
|
|
Term
|
Definition
| data has the option to op in or out. |
|
|
Term
|
Definition
| personal information will be processed only if data subject agrees. ("Do you want to receive additional information"?) |
|
|
Term
|
Definition
| data is used unless data subject objects |
|
|
Term
| Information Lifecycle Principles - what should collection be? |
|
Definition
| Collection should be limited, proportionate, and lawful |
|
|
Term
| Information lifecycle principles - Use should be... |
|
Definition
| limited, and based on consent |
|
|
Term
| Information lifecycle principles - disclosure should occur |
|
Definition
|
|
Term
| Information lifecycle principles - storage occurs |
|
Definition
| only as long as necessary |
|
|
Term
| Which 2 organizations provided for what is thought to be the foundation of the European Union Data Protection Directive penned in 1995? |
|
Definition
| The Organisation for Economic Co-operation and Development (OECD) and Council of Europe (COE) |
|
|
Term
| FIPS, OECD, and APEC all share what 3 principles? |
|
Definition
| Rights of the individual, information lifecycle, and controls on information and management |
|
|
Term
| EU Data Protection Direction - 2 exemptions for indirect collection of information |
|
Definition
1) notification would involve disproportionate efforts
2) disclosure is required by law |
|
|
Term
| EU Data Protection Directive - legitimate processing requires _________ unless ___________ |
|
Definition
Unambiguous consent is required unless processing is necessary:
1) to protect vital interests of the data subject
2) to meet a legal obligation
3) to performa contract to which the data subject is a party or to take steps at the request of the data subject
4) for the legitimate interests of the data controller |
|
|
Term
| EU Protection Directive - processing of sensitive data is prohibited, unless one of the following criteria is met: |
|
Definition
Explicit consent
Protect vital interests of individual
Necessary for legal claims
Data subject makes information public
Fulfill employment law obligations and rights of data controller |
|
|
Term
| EU Data Protection Directive - special categories of data |
|
Definition
| racial of ethnic origin, political opinions. religious or philosophical beliefs, trade-union membership, data concerning health / sex life, data relating to offenses or criminal convictions |
|
|
Term
| EU Data Protection Directive - Adequacy is...? |
|
Definition
| the EU or the European Commission's determination of whether another country has comparable information protection or privacy legislation in place that would afford the data going to that country the same protections that it's afforded in the EU |
|
|
Term
| EU Data Protection Directive applies to which countries? |
|
Definition
| European Economic Area countries, which include all EU countries + Iceland, Lichtenstein, and Norway. Also Israel. Note that Switzerland is NOT a member of the EEA |
|
|
Term
| Which two South American countries have been deemed "adaquate" by the EU? |
|
Definition
|
|
