CIPT
Components of front end
Web browser and web server
Type of asset: Servers, workstations, laptops, portable storage devices
Assets physical
Four techniques of deidentification
1. Tokens 2. Anonymization 3. Pseudonymization 4. K-anonymity, l-diversity, t-closeness
What type of interference occurs when false or inaccurate information on a credit application results in denial of credit? A. Decisional B. Intrusion C. Disclosure D. Appropriation
A. Decisional
Low-level design concerns the details of the overall design of the system and focuses on improving the quality of programming practices through each of the following mechanisms EXCEPT: A. Information holding B. Threat Modeling C. Reusing existing standard API libraries D. Loose coupling
B. Threat Modeling
In the event of an incident, what privacy attribute allows personal information to be accessed if an individual is not able to consent? A. Integrity B. Network centricity C. Availability D. Mobility
C. Availability
Which of the following is an objective for privacy engineering? A. Encryption B. Anonymization C. Manageability D. Audit
C. Manageability
What is NOT a data-based technique used to protect privacy? A. Encryption B. Aggregation C. Process Documentation D. Deidentification
C. Process Documentation
Three types of interference:
Decisional, Intrusion, Self-representation
Data Inventories, knowing where data is....
-Collected -Processed -Stored -Classified
Examples of values for value sensitive design:
-Context specific -user specific -Malleable -Difficult to define
The acronym PGP stands for:
Pretty Good Privacy
Internal practice to inform employees of best practices
Privacy policy
An incident response plan for a privacy breach includes notification of affected individuals, law enforcement, and other agencies. What is the first step an organization should take when approaching notification? A. Consult with your org's legal team B. Notify individuals affiliated with the org C. Alert local media that a breach has occurred D> Notify individuals affiliated with the breach
A. Consult with your org's legal team
Pseudonymization is a type of A. Label B. Anonymization C. Algorithm D. Deidentification
D. Deidentification
The small piece of data that controls an algorithm's execution is called a: A. Pseudo-identifier B. Label C. Token D. Key
D. Key
Statutory and regulatory mandates systems that handle personal information -Type of data collected -What the system does with that data -How the data is protected, stored, and disposed of
Legal compliance
Deidentification: Tokens
Uses random tokens as stand-ins for meaningful data
Components of back end
Web service
Deidentification: Pseudonymization
replacing individual identifiers (such as names) with numbers, symbols, or a combination of these, such that data points are not directly associated with a specific individual
truncated
to shorten
Under the EU's General Data Protection Regulation (GDPR), which of the following types of information would NOT require notification to a supervisory authority in the event of a personal data breach? A. Pseudonymized data B. Anonymized data C. Reidentified data D. Deidentified data
B. Anonymized data
Surveillance happens at what point in the data life cycle? A. Use B. Collection C. Destruction D. Retention
B. Collection
What term refers tot he overall organizational design of a system and recognizes the relationship between all elements of a system? A. Service-oriented architecture B. Enterprise architecture C. Client-based architecture D. Plug-in architecture
B. Enterprise architecture
What type of interference occurs when advertisers track a user's online behavior to design personalized ads that represents the user's interests? A. Decisional interference B. Intrusion C. Disclosure D. Self-representation
B. Intrusion
Deidentification: k-anonymity, l-diversity, t-closeness
Three techniques that have been developed to reduce the risk of anonymity of data being compromised by someone who might combine it with known information to make assumptions about individuals in a data set
True or False: Although hackers cannot readily access closed-source software, it should not be considered more resistant to attacks than open-source software
True
True or False: Dark patterns are schemes used in decisional interference
True
True or False: Natural language generation uses voice recognition to produce an executable command, such as voice to text, while natural language understanding extracts language that the computer can understand and transforms the command into an executable output
True
True or False: Privacy technologists can comply with privacy laws in their design and use those laws as a basis for implementing technological controls to align with the privacy goals of an organization
True
You are browsing the web and shopping for new furniture. You then open your favorite social media to scroll through the posts. While doing so, you start noticing ads for furniture. This is an example of what? A. Direct Marketing B. Individual advertising C. Behavioral advertising D. Indirect Marketing
C. Behavioral advertising
Vulnerability is determined by what two factors? A. Detection and prevention B. Governance and oversight C. Capability and probability D. Operation and maintenance
C. Capability and probability
This form of automated decision-making acts as a subset of machine learning in that it learns by performing a task repeatedly, adjusting along the way to deepen and improve the outcome A. Chatbots B. Context-aware computing C. Deep learning
C. Deep learning
Data life cycle:
Collection -> Use -> Disclosure -> Retention -> Destruction
What is value-sensitive design? A. An investigative process intended to establish the ROI for each potential design option B. An iterative design process in which designers focus on the users and their needs in each phase of the design process C. A design process with a focus on the potential return on investment (monetary value) of each design feature D. An iterative investigative approach to design that takes human values into account during the design process
D. An iterative investigative approach to design that takes human values into account during the design process
Which of the following circumstances would best be addressed by utilizing radio frequency identification (RFID) technology? A. An org has a high error rate for entering credit card data into POS system B. An org requires two-way communication between its discoverable devices C. An org needs to develop an encryption-supported network D. An org's inventory process is taking too long
D. An org's inventory process is taking too long
What type of encryption uses one key for encryption and another key for decryption? A. Application B. Field C. Symmetric D. Asymmetric
D. Asymmetric
Vulnerability is determined by what two factors? A. Probability and confidentiality B. Capability and portability C. Confidentiality and integrity D. Capability and probability
D. Capability and probability
Which of the following explains why it is difficult to regulate what individually identifiable data is? A. Many people mistakenly expose personal information online B. Personal information means different things to different people C. Most legislative bodies are hesitant to enact laws about identifiable data D. Data that is not overly identifiable can be combined to identify individuals
D. Data that is not overly identifiable can be combined to identify individuals
Which of the following privacy-related principles would be the main concern during the data usage stage of the data life cycle? A. Transparency B. Data Minimization C. Storage Limitation D. Purpose Limitation
D. Purpose Limitation
Ubiquitous computing can raise significant concerns about the sheer volume of data that can be collected by a system. Each of the following are necessary considerations when utilizing a data collection process that falls into this category EXCEPT which? A. The system should provide end-users with both feedback and control B. The system should have obvious value C. The retention of data by the system should be limited D. The data collected by system should be aggregated and made available to all users
D. The data collected by system should be aggregated and made available to all users
What is the primary purpose of a privacy by design framework? A. To outline the legal and ethical expectation of a robust privacy program B. To provide a framework of steps that should be incorporated into the creation of any new design C. To specify the technology and procedures that should be used to ensure personal information is protected D. To provide guidance for proactively incorporating privacy from the beginning to the end of the design process
D. To provide guidance for proactively incorporating privacy from the beginning to the end of the design process
Used to separate customer information. It formulates all the constraints to be applied on the data and defines its entities and the relationships among them
Data schema
Action by an external party, such as govt entity, that interferes w/ an individual's decision making regarding their personal affairs. Inaccurate data can lead to decisional interference
Decisional interference
Setting parameters that limits the confidence that any particular individual has contributed to an aggregated value.
Differential identifiability
The management of access to and use of digital content and devices after sale. DRM is often associated with the set of access control (denial) technologies. These technologies are utilized under the premise of defending copyrights and intellectual property but are considered controversial because they may often restrict users from utilizing digital content or devices in a manner allowable by law
Digital rights management
-Discovery -Containment -Analyze and notify -Repercussions -Prevention -Third parties
Incident Response Plan
Disturb an individual's solitude or tranquility. Can be physical, psychological, or informational. Does not need personal information for this interference type, as you do not need someone's name to knock on their door to try to sell them something
Intrusion interference
Julie needs to securely transfer a file containing personal data to Katelyn. They decide to use asymmetric encryption. What are the correct steps they should follow?
Julie encrypts the file using Katelyn's public key, Katelyn decrypts using her private key
Disclosure of specific information practices posted, usually accompanied by a consent request, at the point of information collection.
Just-in-time-Notification
List objective harms
Loss of business opportunity, loss of consumer trust, social detriment
Maintaining personal information in alignment with the informational norms that apply to a particular context
Nissenbaum's Contextual Integrity
Informs consumers about practices, values, and commitments of privacy
Privacy Notice
Misdirected emails, denial of service, unauthorized disclosure, hacking attempts, lost devices are all examples of .......?
Privacy incidents
Occurs when another alters how an individual is represented or regarded.
Self representation
Recognizes that data has different value, and requires approaches, as it moves through an organization from collection to deletion. The stages are generally considered to be: Collection, processing, use, disclosure, retention, and destruction.
The information life cycle
A marketing lead has collected a large data set of personal information and stored it in a shared folder. The marketing lead controls who has access to the shared folder. The type of access control being used is: A. Discretionary B. Mandatory C. Attribute-based D. Rule-based
A. Discretionary
Privacy engineering addresses the challenges of translating privacy principles and harms into engineering requirements. What key concepts within an organization help realize this? Choose all that apply A. Engineering development life cycle B. Privacy design patterns C. Manageability D. Technological controls E. Data governance
A. Engineering development life cycle D. Technological controls E. Data governance
Contextual Integrity: Actors, Transmission principles, Attributes
Actors: The senders and receivers of personal information Transmission principles: Those that govern the flow of information Attributes: The types of information being shared
Type of asset: Customer and employee data, as well as backup copies of data-stored either onsite or offsite
Assets information
Type of asset: Software code, trade secrets
Assets intellectual
Which of the following may pose a "client side" privacy risk? A. An employee loading personal data on a company laptop B. Failure of a firewall that is protecting the company's network C. A distributed denial of service (DDoS) attack on the org D. A remote employee placing communication software on a company server
A. An employee loading personal data on a company laptop
What measures can be put in place to secure data? Choose all that apply A. Data classification Policies B. Surveillance cameras C. Log-in requirements for accessing sensitive personal information D. Opt-in controls E. Data retention policies
A. Data classification Policies B. Surveillance cameras C. Log-in requirements for accessing sensitive personal information E. Data retention policies
In creating a registration form for a mobile app directed at grade school children, what privacy engineering objective is addressed by asking for grade level instead of data of birth? A. Disassociability B. Manageability C. Security D. Predictability
A. Disassociability
Which of the following are risks inherent with internet-of-things (IoT) devices? A. Hackers may be able to alter devices, turning them into a means of surveillance B. Household members can monitor one another's comings and goings C. Collected data from wearable health devices is not covered under health information privacy laws D. Individuals feel a loss of control or the uneasy feeling that they are being surveilled by family members
A. Hackers may be able to alter devices, turning them into a means of surveillance B. Household members can monitor one another's comings and goings C. Collected data from wearable health devices is not covered under health information privacy laws D. Individuals feel a loss of control or the uneasy feeling that they are being surveilled by family members
In what ways can privacy technologists mitigate risk of interrogation? Choose all that apply A. Implement controls that allow users to opt in to providing information B. Limit the collection of data to only that which is necessary C. Implement controls that flag for explicit language D. Use encryption when collecting sensitive personal information
A. Implement controls that allow users to opt in to providing information B. Limit the collection of data to only that which is necessary
Low-level design focuses on improving the quality of programming practices through which of the following? Choose all that apply A. Loose coupling B. Integration testing C. Information hiding D. Reusing standard APIs E. Building frameworks that can be reused
A. Loose coupling C. Information hiding D. Reusing standard APIs E. Building frameworks that can be reused
Which privacy risk model or framework is described as maintaining personal information in alignment with the informational norms that apply to a particular context? A. Nissenbaum's Contextual Integrity B. Calo's harm dimensions C. Privacy by design D. Value-sensitive design
A. Nissenbaum's Contextual Integrity
What is the difference between objective harms and subjective harms? A. Objective harms are measurable and observable; subjective harms are only expected or perceived by the individual B. Only objective harms impact an individual's decision to use a software program C. Objective harms are the primary type of harm that should be considered when determining whether a privacy harm has occurred D. Objective harms impact individuals on a psychological and behavioral level while subjective harms can result in loss of business opportunities or consumer trust
A. Objective harms are measurable and observable; subjective harms are only expected or perceived by the individual
When purchasing a product from TripeType's website, a customer must enter basic information into a purchase form. A link to TripeType's privacy statement is provided on the purchase form. However, it does not disclose that it will use personal information for other purposes. The statement provides that TT will store the customer information in its database. A month later, TT's sales team wants to generate new leads and decides to use the information collected from customers. This is an example of what? A. Secondary Use B. Involuntary use C. Disapproved Use D. Selective Use
A. Secondary Use
Which of the following technologies allows individuals to participate in a salary survey without revealing the specific salary or personal information of any of the participants? A. Secure multiparty computation B. Digital rights management C. Ciphertext D. Homomorphic encryption
A. Secure multiparty computation
What elements of a design pattern describes the components of the design, their relationships, their roles, and how they interact? A. Solution B. Consequence C. Problem description D. Pattern name
A. Solution
What activity includes an evaluation of some aspect of the system or component? A. Testing B. Supervision C. Integration D. Obfuscation
A. Testing
Examine statements below and choose all those that are examples of appropriation A. Using a celebrity's image to endorse a product without their permission B. Revealing the security code to a home alarm system to a source outside the family without permission C. A politician distorting facts about their opponent to make them appear less credible D. Social media page using the names of friends to tempt users to follow a specific page
A. Using a celebrity's image to endorse a product without their permission D. Social media page using the names of friends to tempt users to follow a specific page
Four things to do with risk:
Accept, transfer, mitigate, and avoid
You have been tasked with developing an incident response process for your employer, BrandEnt Company, a media entertainment company. As the senior manager of information privacy, you have been creating privacy-related procedures for the company. There has been an uptick in the number of privacy-related questions being sent to customer service through the website's generic portal, and the customer service reps are unsure of what to do with the questions. This has led to the director of privacy asking that you work with the IT department to identify, track and resolve privacy-related incidents, as well as with the Information Security team to leverage their existing incident-management process. As you review the questions, you notice that many customers are asking what personal information BrandEnt has collected about them. You grow concerned as you notice that customer service representatives are not always respo
B. Review the information that was breached and determine what levels of notification are required.
What type of privacy violation occurs when the recipient of personal information shares it outside of the expectations of the individual who provided their information? A. Surveillance B. Secondary Use C. Distortion D. Exclusion
B. Secondary Use
What is an example of a federated identity? A. National ID number B. Single sign-on credentials C. Corporate ID number D. A token
B. Single sign-on credentials
An organization wants to enter into a contract with a third-party cloud provider for storage of client personal information. The business head is entering into this agreement to eliminate risk associated with a data breach by transferring the information to the third-party processor. She asks you if this a good way to eliminate breach risk. Please choose the BEST response from the choices below: A. Third party processors have sole liability for the data they process, because the data is in their possession. We can rely on the security program of the third party since they did not report a data breach in the previous 12 months B. Under most privacy and data protection laws, following a data breach, an organization retains liability for personal data that it has collected and transferred to third party processors. Third party processors may share liability for the breach as well. We should routinely validate data prot
B. Under most privacy and data protection laws, following a data breach, an organization retains liability for personal data that it has collected and transferred to third party processors. Third party processors may share liability for the breach as well. We should routinely validate data protection controls of third parties we are doing business with to make sure our client data is protected properly
How does employing the objective of predictability benefit an organization? Choose all that apply A. It assigns appropriate stakeholders to administer changes to an individual's information B. It increases the need for advances in techniques that disassociate individuals from their information C. It supports trusted relationships between stakeholders and individuals, thereby enabling operators to implement innovative changes to a system to provide better services D. It helps stakeholders adequately describe what is happening with the personal information in their possession from a value statement on transparency to a requirements-based program that explains how personal information is managed
C. It supports trusted relationships between stakeholders and individuals, thereby enabling operators to implement innovative changes to a system to provide better services D. It helps stakeholders adequately describe what is happening with the personal information in their possession from a value statement on transparency to a requirements-based program that explains how personal information is managed
When creating a data inventory, it is important to include a range of detailed information on the company's data assets. This information should include how the data is accessed and by whom, how the data is managed, who owns it, where the data is stored, and the ____ that defines the individual data records and what they contain A. Structured data B. Schema C. Metadata D. Dictionary
C. Metadata
Which of the following privacy practices would be most useful to users who are not knowledgeable about protecting their personal information? A. Choice B. Control C. Notice D. Consent
C. Notice
What term is used when previously collected data is used for a purpose other than that for which it was initially collected? A. Retention B. Recycling C. Repurposing D. Reuse
C. Repurposing
Which of the following is NOT an example of automated decision making? A. Receiving an answer to a support question utilizing a chat bot B. Obtaining approval for insurance through an online application C. Requesting an emailed catalog from an online retailer D. Setting airfare based on browser history and date of purchase
C. Requesting an emailed catalog from an online retailer
You have been tasked with developing an incident response process for your employer, BrandEnt Company, a media entertainment company. As the senior manager of information privacy, you have been creating privacy-related procedures for the company. There has been an uptick in the number of privacy-related questions being sent to customer service through the website's generic portal, and the customer service reps are unsure of what to do with the questions. This has led to the director of privacy asking that you work with the IT department to identify, track and resolve privacy-related incidents, as well as with the Information Security team to leverage their existing incident-management process. As you review the questions, you notice that many customers are asking what personal information BrandEnt has collected about them. You grow concerned as you notice that customer service representatives are not always respo
C. Security safeguard.
Privacy technologists ensure that collected data is which of the following? (Choose all that apply) A. Repurposed and used in as many ways as possible B. Retained indefinitely C. Used only for the purposes for which it was collected D. Destroyed in accordance with organizational guidelines
C. Used only for the purposes for which it was collected D. Destroyed in accordance with organizational guidelines
Testing during software development generally consists of which two sets of activities? A. Implementation and deployment B. Alpha and beta testing C. Validation and verification D. Runtime monitoring and auditing
C. Validation and verification
Authentication can be accomplished by a variety of mechanisms. Which are the four main categories? A. What you know, when you know, where you are, what you are B. What you know, what you have, when you know, where you are C. What you know, what you have, where you are, what you are D. What you know, what you have, where you are, when you know
C. What you know, what you have, where you are, what you are
Destruction of portable media:
CDs, DVDs, flash drives need to physically destroyed, maybe professionally
Destruction of hard copy:
Challenge lies in what needs to be destroyed and when, should have established guidelines in place for document destruction
Deidentification: Anonymization
Direct and indirect identifiers have been removed, and mechanisms have been put in place to prevent reidentification
Direct versus Indirect design affecting users
Direct: Interact with system Indirect: How stakeholders configure, use, or are otherwise affected by the technology
Destruction for digital content:
Disks should be formatted. Hard drives, tapes, and other magnetic media will need to be degaussed
Works alongside compliance models to mandate notice choice and consent, access to information, controls on information, and how information is managed. High level abstractions of privacy, interpretation is necessary to determine application
FIPPS Fair Information Privacy Principles
What term is used when individuals share information such as location, emotions, opinions, and experiences via their mobile devices, which enables a better understanding of human behaviors and activities, meaningful patterns and detectable trends? A. Web tracking B. Geo tagging C. Geo social patterns D. Natural language generation
Geo social patterns
True or False: It is illegal across all 50 states for law enforcement to use drones for search or surveillance without obtaining a search warrant prior
False
True or False: To successfully identify an individual by piecing together information from different sources, one of the identifiers must be the individual's name
False
True or false: The most efficient and cost-effective way for orgs to address evolving privacy laws and advancing technology is to design for just the org's requirements within their jurisdiction
False
True or False: Manageability includes allowing individuals to have access to their information to make changes to inaccurate information
False, manageability assigns appropriate stakeholders to administer changes to an individual's information to ensure security and mitigate fraud
True or False: While monitoring and analyzing data during runtime leads to the risk of inadvertent collection of personal information, privacy technologists cannot reduce this issue
False, programmers can reduce the risk through analysis, defect-tracking, and API