10 Core Principles of Privacy

Questions and Answers

Which of the following is a core principle of the General Data Protection Regulation (GDPR)?

Lack of user rights

Unlimited data collection

Transparency in data handling (correct)

Data retention without consent

What is the primary function of the Health Insurance Portability and Accountability Act (HIPAA)?

Regulates telemarketing practices

Protects health information (correct)

Protects financial data

Governs social media data sharing

Which law would apply specifically to the protection of children's online privacy?

Children's Online Privacy Protection Act (COPPA) (correct)

California Consumer Privacy Act (CCPA)

Health Insurance Portability and Accountability Act (HIPAA)

General Data Protection Regulation (GDPR)

The California Consumer Privacy Act (CCPA) is primarily focused on which aspect of privacy?

Data transparency and consumer rights

Which statement accurately describes a notable difference between EU and US privacy laws?

EU privacy laws, like GDPR, apply universally, while US laws lack a unified approach.

What does the term 'composable risk' refer to in the context of privacy?

The risk of combining non-PII to identify individuals

Which of the following privacy types ensures confidentiality of personal communications?

Communicational Privacy

What is a significant feature of informational privacy?

Handling of personal data and information

What is the main purpose of COPPA?

Protects children's online privacy

Which of the following is a right granted under the CCPA?

Right to opt-out of data sales

What key principle ensures organizations are answerable for protecting personal data?

Accountability

Which legislation is primarily focused on health data privacy in the U.S.?

HIPAA

What does GDPR primarily regulate?

Personal data protection in the EU

Which principle emphasizes that individuals should have access to their personal data?

Individual Access

Which of the following is a fundational right under the Canadian Charter?

Protection against unreasonable search and seizure

What does privacy law interpretation rely heavily on?

Understanding case law and legal precedents

Which of the following best describes the primary focus of HIPAA?

To ensure the confidentiality of Protected Health Information

What is a key requirement of COPPA?

Parental consent is required for collecting personal information of children.

How does the California Consumer Privacy Act (CCPA) empower users?

By granting users the right to know about their data usage

What characterizes the U.S. privacy framework compared to GDPR?

It lacks uniformity and prioritizes commercial interests.

Which of the following is true about GLBA?

It regulates financial institutions' information sharing practices.

What additional capability does the California Privacy Rights Act (CPRA) provide over CCPA?

It introduces stricter rules and a private enforcement agency.

What is a notable characteristic of China's privacy laws compared to the U.S. laws?

China's laws prioritize individual privacy rights similarly to U.S. laws.

Why do U.S. privacy laws tend to lack uniformity?

They are influenced by various state-level regulations.

Study Notes

10 Core Principles of Privacy

• Accountability: Organizations are responsible for any breaches or damage to information.
• Consent: Data owners must give consent to use their data.
• Purpose: Data is used only for the specified reason.
• Limitation: Only necessary data is collected.
• Limits, Breach, and Disclosure: Data is handled appropriately after use.
• Accuracy: Data must be correct and up-to-date.
• Safeguards: Data is protected against loss, theft, unauthorized access, and copying.
• Openness: Data handling practices must be transparent.
• Individual Access: Individuals have access to their data and can challenge its accuracy.
• Challenge Compliance: Questions and complaints about data handling are addressed.

Accountability and Compliance

• Accountability: The organization has responsibility if data is harmed.
• Consent: Obtaining agreement from owners before using or disclosing.
• Purpose: Collection and use of data aligned with intended objective.
• Limitation: Collected data is restricted to what's needed.
• Breach/Disclosure Limits: Handling data appropriately after intended use.
• Accuracy: Data must be accurate and updated.
• Safeguards: Processes ensure data security and protection.
• Transparency: Open communication about data handling.
• Individual Access: Data owners have access to their data information.
• Challenge Compliance: Mechanism to address complaints about data handling.

Types of Privacy

• Physical Privacy: Protecting physical space from intrusion.
• Informational Privacy (Personal): Protecting sensitive personal data.
• Informational Privacy (Government/Corporate): Protecting sensitive government and corporate data.
• Legal Privacy: Protecting information related to law, security and commercial activity.
• Digital Privacy: Protecting information collected digitally (data storage, cyberattacks, etc.)

PIPEDA (Canada)

• Personal Information Protection and Electronic Document Act: Law in Canada that regulates personal information management.
• Purpose: Regulate organizations handling personal information (digital or physical).
• Compliance Requirements: Obtain consent, collect only necessary data, keep accurate and up-to-date information, ensure security, and be transparent.

GDPR (Europe)

• General Data Protection Regulation: EU law regulating how organizations handle personal data.
• Purpose: Give individuals more control over their information, and make companies justify their data handling.
• Rights: Access, rectification, deletion, and objection on use of information.

US Privacy Approach

• Decentralized: Different privacy standards depending on sector and state.
• Federal Laws: Various laws cover specific areas (health, children's online activity).

GLBA (US)

• Gramm-Leach-Bliley Act: US law that regulates financial institutions information handling.
• Purpose: Regulate financial institutions' handling of customers financial information and practices.
• Requirement: Provide customers information about their info-sharing practices along with the ability to opt-out of certain data shares.

California Consumer Privacy Act (CCPA) (US)

• California consumer rights: User rights regarding personal data (right to know, right to delete, and to avoid sales).
• Expansion (CPRA): Stricter rules and a designated enforcement agency.

China's Privacy Approach

• Multifaceted: Multiple laws, not just one law.
• Priorities: Commercial innovation with individual privacy rights.
• Three Primary Pillars: Cybersecurity Law (CSL), Data Security Law (DSL), and Personal Information Protection Law (PIPL)

Privacy Principles (Canada's)

• Accountability: Organizations are responsible for their activities.
• Identifying Purposes: Purpose of data collection must be clear.
• Consent: Individuals consent to data collection, use, and disclosure.
• Collection Limitation: Necessary data is collected.
• Use Limitation: Info used for original, stated purpose.
• Disclosure Limitation: Minimized disclosure unless necessary.
• Accuracy: Data is accurate, up-to-date, and complete.
• Safeguards: Data protection measures according to sensitivity.
• Openness: Data handling practices transparently communicated.
• Individual Access: Individuals can view and correct their data.

Description

Test your knowledge on the 10 core principles of privacy that guide organizations in data protection and management. Understand concepts like accountability, consent, and individual access rights as you explore the significance of each principle in safeguarding personal information.