International Association of Privacy Professionals - Chapter 1: Introduction to Privacy
Please list a few of the Fair Information Practice codifications:
-The 1973 U.S. Department of Health, Education and Welfare Fair Information Practice Principles -The 1980 Organisation for Economic Co-operation and Development (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data ("OECD Guidelines") -The 1981 Council of Europe Convention for the Protection of Individuals with Regard to the Automatic Processing of Personal Data ("Convention 108" -The Asia-Pacific Economic Cooperation (APEC), which in 2004 agreed to a Privacy Framework -The 2009 Madrid Resolution—International Standards on the Protection of Personal Data and Privacy
What is APEC?
Established in 1989, APAC is multination organization with 21 Pacific Coast members in Asia and the Americas. It operates under non-binding agreements. The APEC Privacy Framework was approved by the APEC ministers in November 2004.
What did the Council of Europe pass in 1981 and what did this new convention do?
The Council of Europe passed the Convention for the Protection of Individuals with Regard to the Automatic Processing of Personal Data ("Convention 108"). This convention required member states of the Council of Europe that signed the treaty to incorporate certain data protection provisions into their domestic law. Convention 108 provided for the following: quality of data, special categories of data, data security, and transborder data flows.
What is the Co-Regulatory model of data protection?
The co-regulatory model emphasizes industry development of enforceable codes or standards for privacy and data protection against the backdrop of legal requirements by the government. Co-regulation can exist under both comprehensive and sectoral models. One U.S. example is the Children's Online Privacy Protection Act (COPPA).
What is the Self-Regulatory model of data protection?
The self-regulatory model emphasizes creation of codes of practice for the protection of personal information by a company, industry or independent body.
What is the Sectoral model of Data protection?
This framework protects personal information by enacting laws that address a particular industry sector. For example, in the United States, different laws delineate conduct and specify the requisite level of data protection for video rental records, consumer financial transactions, credit records, law enforcement, and medical records.
What were the two purposes of the Madrid Resolution (2009)?
To define a set of principles and rights guaranteeing (1) the effective and internationally uniform protection of privacy with regard to the processing of personal data and (2) the facilitation of the international flows of personal data needed in a globalized world.
How are market forces a source of privacy protection?
When consumers raise concerns about their privacy, companies respond. Businesses that are brand sensitive are especially likely to adopt strict privacy practices to build up their reputations as trustworthy organizations.
What did the original Code of FIP provide?
-There must be no personal data record-keeping systems whose very existence is secret -There must be a way for a person to find out what information about the person is in a record and how it is used -There must be a way for a person to prevent information about the person that was obtained for one purpose from being used or made available for other purposes without the individual's consent -There must be a way for a person to correct or amend a record of identifiable information about the person -Any organization creating, maintaining, using or disseminating records of identifiable personal data must assure the reliability of the data for its intended use and must take precautions to prevent misuse of the data
List out the privacy principles spelled out in the APEC privacy framework approved in 2004.
1. Preventing Harm. Recognizing the interests of the individual to legitimate expectations of privacy, personal information protection should be designed to prevent the misuse of such information. Further, acknowledging the risk that harm may result from such misuse of personal information, specific obligations should take account of such risk and remedial measures should be proportionate to the likelihood and severity of the harm threatened by the collection, use and transfer of personal information. 2. Notice. Personal information controllers should provide clear and easily accessible statements about their practices and policies with respect to personal information that should include: -the fact that personal information is being collected;the purposes for which personal information is collected; -the types of persons or organizations to whom personal information might be disclosed; -the identity and location of the personal information controller, including information on how to contact it about its practices and handling of personal information; -the choices and means the personal information controller offers individuals for limiting the use and disclosure of personal information, and for accessing and correcting it. All reasonably practicable steps shall be taken to ensure that such information is provided either before or at the time of collection of personal information. Otherwise, such information should be provided as soon after as is practicable. It may not be appropriate for personal information controllers to provide notice regarding the collection and use of publicly available information. 3. Collection Limitation. The collection of personal information should be limited to information that is relevant to the purposes of collection and any such information should be obtained by lawful and fair means, and, where appropriate, with notice to, or consent of, the individual concerned. 4. Uses of Personal Information. Personal information collected should be used only to fulfill the purposes of collection and other compatible purposes except: -with the consent of the individual whose personal information is collected; -when necessary to provide a service or product requested by the individual; -or,by the authority of law and other legal instruments, proclamations and pronouncements of legal effect. 5. Choice. Where appropriate, individuals should be provided with clear, prominent, easily understandable, accessible and affordable mechanisms to exercise choice in relation to the collection, use and disclosure of their personal information. It may not be appropriate for personal information controllers to provide these mechanisms when collecting publicly available information. 6. Integrity of Personal Information. Personal information should be accurate, complete and kept up-to-date to the extent necessary for the purposes of use. 7. Security Safeguards. Personal information controllers should protect personal information that they hold with appropriate safeguards against risks, such as loss or unauthorized access to personal information, or unauthorized destruction, use, modification or disclosure of information or other misuses. Such safeguards should be proportional to the likelihood and severity of the harm threatened, the sensitivity of the information and the context in which it is held, and should be subject to periodic review and reassessment. 8.Access and Correction. Individuals should be able to:obtain from the personal information controller confirmation of whether or not the personal information controller holds personal information about them have communicated to them, after having provided sufficient proof of their identity, personal information about themwithin a reasonable time;at a charge, if any, that is not excessive; in a reasonable manner; in a form that is generally understandable; and,challenge the accuracy of information relating to them and, if possible and as appropriate, have the information rectified, completed, amended or deleted. such access and opportunity for correction should be provided except where:the burden or expense of doing so would be unreasonable or disproportionate to the risks to the individual's privacy in the case in question; the information should not be disclosed due to legal or security reasons or to protect confidential commercial information; or the information privacy of persons other than the individual would be violatedIf a request under (a) or (b) or a challenge under (c) is denied, the individual should be provided with reasons why and be able to challenge such denial.
Define "Sensitive personal information"
An important subset of personal information. The definition of what is considered sensitive varies depending on jurisdiction and particular regulations. In the United States, Social Security numbers and financial information are commonly treated as sensitive information, as are driver's license numbers and health information.
What is the Comprehensive model of data protection?
Comprehensive data protection laws govern the collection, use and dissemination of personal information in the public and private sectors. -Over time, countries have adopted comprehensive privacy and data protection laws for a combination of at least three reasons: 1. Remedy past injustices. A number of countries, particularly those previously subject to authoritarian regimes, have enacted comprehensive laws as a means to remedy past privacy violations. 2. Ensure consistency with European privacy laws. As discussed later in the book, the General Data Protection Regulation (GDPR) in the EU limits transfer of personal data to countries that lack "adequate" privacy protections. 3. Promote electronic commerce. Countries have developed privacy laws to provide assurance to potentially uneasy consumers engaged in electronic commerce.
What do critics of the Comprehensive model say about its data protection?
Critics of the comprehensive approach express concern that the costs of the regulations can outweigh the benefits. One-size-fits-all rules may not address risk well.
What do critics of the Sectoral model say about it's data protection?
Critics of the sectoral approach express concern about the lack of a single DPA to oversee personal information issues. They also point out the problems of gaps and overlaps in coverage.
Define "Personal identifiable information" (PII)
Generally used to define the information that is covered by privacy laws. These definitions include information that makes it possible to identify an individual. Examples include names, Social Security numbers or passport numbers.
What is Information privacy?
Information privacy is concerned with establishing rules that govern the collection and handling of personal information. Examples include financial information, medical information, government records and records of a person's activities on the internet.
How is the law a source of privacy protection?
Law is the traditional approach to privacy regulation.
Give a few examples of information privacy referenced in historical texts and cultures:
Laws of classical Greece, in the Bible, Jewish law, the Qur'an and in the sayings of Mohammed.
Define "Collection" as it relates to the information life cycle
Organizations should collect personal information only for the purposes identified in the notice.
Define "Management and administration" as it relates to privacy
Organizations should define, document, communicate and assign accountability for their privacy policies and procedures.
Define "Information quality" as it relates to privacy
Organizations should maintain accurate, complete and relevant personal information for the purposes identified in the notice.
List the basic principles of the Madrid Resolution (2009)
-Principle of lawfulness and fairness. Personal data must be fairly processed, respecting the applicable national legislation as well as the rights and freedoms of individuals. Any processing that gives rise to unlawful or arbitrary discrimination against the data subject shall be deemed unfair. -Purpose specification principle. Processing of personal data should be limited to the fulfillment of the specific, explicit and legitimate purposes of the responsible person; processing that is noncompatible with the purposes for which personal data was collected requires the unambiguous consent of the data subject. -Proportionality principle. Processing of personal data should be limited to such processing as is adequate, relevant and not excessive in relation to the purposes. Reasonable efforts should be made to limit processing to the minimum necessary. -Data quality. The responsible person should at all times ensure that personal data is accurate, sufficient and kept up to date in such a way as to fulfill the purposes for which it is processed. The period of retention of the personal data shall be limited to the minimum necessary. Personal data no longer necessary to fulfill the purposes that legitimized its processing must be deleted or rendered anonymous. -Openness principle. The responsible person shall provide to the data subjects, as a minimum, information about the responsible person's identity, the intended purpose of processing, the recipients to whom their personal data will be disclosed, and how data subjects may exercise their rights. When data is collected directly from the data subject, this information must be provided at the time of collection, unless it has already been provided. When data is not collected directly from the data subject, the responsible person must inform them about the source of personal data. This information must be provided in an intelligible form, using clear and plain language, in particular for any processing addressed specifically to minors. -Accountability. The responsible person shall take all the necessary measures to observe the principles and obligations set out in the resolution and in the applicable national legislation and have the necessary internal mechanisms in place for demonstrating such observance both to data subjects and to the supervisory authorities in the exercise of their powers.
Give a few examples of legal protection of privacy rights in history:
-The Justice of the Peace Act (1361) called for the arrest of "peeping Toms" and eavesdroppers. -In 1765, British Lord Camden protected the privacy of the home by striking down a warrant to enter the home and seize papers from it. -British tradition or privacy protection was built into the US Constitution and ratified in 1789 (3rd amendment: banning quartering of soldiers in home, 4th amendment: requiring a search warrant before police can enter a home or business, 5th amendment: prohibiting people from being compelled to testify against themselves, 14th amendment: due process of law required for intrusions into a person's bodily autonomy. -California Constitution: "All people are by nature free and independent and have inalienable rights. Among these are enjoying and defending life and liberty, acquiring, possessing, and protecting property, and pursuing and obtaining safety, happiness, and privacy." -In 1948, the General Assembly of the UN adopted and proclaimed the Universal Declaration of Human Rights: formally announced that "no one shall be subjected to arbitrary interference with his privacy, family, home or correspondence." In 1950, the Council of Europe set fourth the European Convention for the Protection of Human Rights and Fundamental Freedoms: "everyone has the right to respect for his private and family life, his home and his correspondence."
What is the "Accountability Principle" as defined by the OECD?
A data controller should be accountable for complying with measures which give effect to the principles stated above.
What is the "individual participation principle" as defined by the OECD?
An individual should have the right: (a) to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him; (b) to have communicated to him, data relating to him, within a reasonable time, at a charge, if any, that is not excessive, in a reasonable manner, and in a form that is readily intelligible to him; (c) to be given reasons if a request made under subparagraphs (a) and (b) is denied, and to be able to challenge such denial; and (d) to challenge data relating to him and, if the challenge is successful to have the data erased, rectified, completed or amended.
What is Bodily privacy?
Bodily privacy is focused on a person's physical being and any invasion thereof. Such an invasion can take the form of genetic testing, drug testing, or body cavity searches. It also encompasses issues such as birth control, abortion and adoption.
What is Communications privacy?
Communications privacy encompasses protection of the means of correspondence, including postal mail, telephone conversations, email, and other forms of communicative behavior and apparatus.
Define "Public Records" as a source of personal information
Consist of information collected and maintained by a government entity and available to the public.
What are fair information practices?
Fair information practices (FIPs), sometimes called fair information privacy practices or principles (FIPPs), have been a significant means for organizing the multiple individual rights and organizational responsibilities that exist with respect to personal information. FIPs are guidelines for handling, storing and managing data with privacy, security and fairness in an information society that is rapidly evolving. These principles can be conceived in four categories: rights of individuals, controls on the information, information life cycle and management.
How does data become non-personal information?
If the data elements used to identify the individual are removed. Similar terms used include de-identified or anonymized information.
Define "publicly available information" as a source of personal information
Information that is generally available to a wide range of persons. Some traditional examples are names and addresses in telephone books and information published in newspapers or other public media.
What are the 4 categories or classes of privacy?
Information, Bodily, Territorial, Communications
Define "Data Processor"
Is an individual or organization, often a third-party outsourcing service, that processes data on behalf of the data controller.
Define "Data Controller"
Is an organization that has the authority to decide how and why personal information is to be processed. This entity is the focus of most obligations under privacy and data protection laws—it controls the use of personal information by determining the purposes for its use and the manner in which the information will be processed.
Define "Data Subject"
Is the individual about whom information is being processed, such as the patient at a medical facility, the employee of a company, or the customer of a retail store.
Define "Nonpublic information" as a source of personal information
Not generally available or easily accessed due to law or custom. Examples of this type of data are medical records, financial information, and adoption records.
What does "OECD" stand for and what did they do?
OECD stands for Organisation for Economic Co-operation and Development Guidelines. In 1980, it was an international organization that originally included the US and European countries but has since expanded, published a set of privacy principles entitled "Guidelines on the Protection of Privacy and Transborder Flows of Personal Data." The OECD Guidelines, updated in 2013, are perhaps the most widely recognized framework for FIPs and have been endorsed by the U.S. Federal Trade Commission (FTC) and many other government organizations.
Define "Choice and consent" as it relates to privacy
Organizations should describe the choices available to individuals and should get implicit or explicit consent with respect to the collection, use, retention and disclosure of personal information. Consent is often considered especially important for disclosures of personal information to other data controllers.
Define "Disclosure" as it relates to the information life cycle
Organizations should disclose personal information to third parties only for the purposes identified in the notice and with the implicit or explicit consent of the individual.
Define "Use and retention" as it relates to the information life cycle
Organizations should limit the use of personal information to the purposes identified in the notice and for which the individual has provided implicit or explicit consent. Organizations should also retain personal information for only as long as necessary to fulfill the stated purpose.
Define "Monitoring and enforcement" as it relates to privacy
Organizations should monitor compliance with their privacy policies and procedures and have procedures to address privacy-related complaints and disputes.
Define "Data subject access" as it relates to privacy
Organizations should provide individuals with access to their personal information for review and update.
Define "Notice" as it relates to privacy
Organizations should provide notice about their privacy policies and procedures and should identify the purpose for which personal information is collected, used, retained and disclosed.
Define "Information security" as it relates to privacy
Organizations should use reasonable administrative, technical and physical safeguards to protect personal information against unauthorized access, use, disclosure, modification and destruction.
What is the "Security Safeguards Principle" as defined by the OECD?
Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data.
What is the "Data Quality principle" as defined by the OECD?
Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up to date.
What is the "Use limitation principle" as defined by the OECD?
Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with [the Purpose Specification Principle] except: (a) with the consent of the data subject or (b) by the authority of law.
How is privacy defined?
Privacy has been defined as the desire of people to freely choose the circumstances and the degree to which individuals will expose their attitudes and behavior to others.
How is self-regulation and co-regulation a source of privacy protection?
Self-regulation (and the closely related concept of co-regulation) is a complement to law that comes from the government. The term self-regulation can refer to any or all of three components: legislation, enforcement and adjudication.
How is technology a source of privacy protection?
Technology also can provide robust privacy protection. The rapid advancement of technology such as encryption provides people with new and advanced means of protecting themselves.
What is Territorial privacy?
Territorial privacy is concerned with placing limits on the ability to intrude into another individual's environment. "Environment" is not limited to the home; it may be defined as the workplace or public space. Invasion into an individual's territorial privacy typically takes the form of monitoring such as video surveillance, ID checks, and use of similar technology and procedures.
What is the "Purpose Specification Principle" as defined by the OECD?
The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose.
What is the "Openness principle" as defined by the OECD?
There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller.
What is the "Collection Limitation Principle" as defined by OECD?
There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.
