Chapter 5: Role of Data

Questions and Answers

What is the primary function of browsers when a user performs a search?

• To immediately delete all search data after the user closes the browser.
• To redirect users to random websites unrelated to their search queries.
• To record and store user search data for assessing search result relevance and studying user behavior. (correct)
• To block all user search history to protect user privacy.

How do social media applications utilize user data?

• To customize advertisements and content based on user behavior, lifestyle, and preferences. (correct)
• To block all advertisements from being displayed to the user.
• To sell user data to the highest bidding third-party without consent.
• To limit user interactions to only pre-approved contacts.

What is the purpose of CCTV technology in public spaces?

• To monitor security and enforce traffic regulations. (correct)
• To provide free internet access to citizens.
• To broadcast public service announcements.
• To track advertisement effectiveness.

What capability defines Internet of Things (IoT) devices?

The ability to connect to the internet and transmit and receive data. (C)

In the context of data privacy, what does 'data privacy' entail?

How data is collected, accessed, used, and who has rights over it. (A)

Why is it important for collected data to be accurate and complete?

To ensure that data analysis and decisions based on the data are reliable and correct. (C)

What does it mean for data to be 'free from unauthorized access'?

Only authorized personnel can access the data, especially private data. (B)

What is the primary goal of the International Data Privacy Principles (IDPPs)?

To establish a global standard for data privacy and protection. (B)

What is the significance of applying standard security technologies to protect personal data?

To prevent unauthorized access, processing, deletion, or misuse of personal data. (B)

What should organizations do regarding their privacy policies?

Make them easily accessible, understandable, and include information about data handling practices. (D)

Under what condition can an organization disclose customer data to a third party?

If required by law or with the customer's explicit consent. (D)

What should an organization do if it experiences a data breach?

Notify affected customers as soon as possible. (C)

According to the principles discussed, when is it acceptable for an organization to collect customer data?

Only if the collection is necessary and not excessive for specified purposes. (D)

What is the recommended practice for retaining customer personal data?

Retain it only as long as necessary for its intended purpose. (A)

Under what condition is it generally acceptable to transfer personal data to countries with lower data protection standards?

If the customer has been informed and agrees to the transfer. (B)

If a customer buys a service without a contract and a data breach occurs, what should the organization do?

Notify the customer about the breach as quickly as possible. (A)

What is the primary focus of data privacy regulations like the Canadian Information Protection and Electronic Documents Act (PIPEDA)?

Regulating how private sector organizations collect, use, and disclose personal information. (A)

Why should organizations instruct all employees to comply with privacy procedures and policies?

To ensure consistent adherence to data protection standards and prevent unauthorized data access. (B)

A company wants to use customer data for a new project that was not part of the original data collection agreement. What should the company do?

Inform customers about the new project and ask for their consent to use their data. (D)

Which of the following is NOT a key aspect of ensuring data privacy during data collection?

Ensuring data is used for purposes unrelated to its collection. (A)

Which scenario represents a violation of data privacy principles?

A hospital sharing patient medical records with insurance companies without patient consent. (B)

Which activity is the LEAST likely to contribute to the creation of new data?

Browsing a static website without interacting with it. (D)

What is the primary role of browser software regarding user search data?

To record and store search data for assessing search result relevance and studying user behavior. (D)

What is the MOST appropriate action for a company to take when it discovers a data breach that exposes customers' personal information?

Immediately notify affected customers and relevant authorities. (B)

What is a key element of 'data privacy?'

Restricting access to data and ensuring its proper usage. (A)

Which of the following practices aligns with ethical data handling?

Using data for purposes clearly communicated and agreed to by users. (D)

How has the Internet of Things (IoT) impacted data generation?

It has increased data generation by connecting numerous devices and enabling data exchange. (D)

Which consideration is most important when transferring customer data internationally?

Whether the receiving country has adequate data protection laws. (C)

A company routinely collects detailed personal information from its customers but lacks a clearly defined and accessible privacy policy. Which data privacy principle is the company MOST likely violating?

Transparency. (A)

A social media company collects data on user activity to personalize ads. However, they also use this data to predict users' political affiliations and share these predictions with political campaigns, without user consent. Which data privacy principle is MOST directly violated by sharing the data in this way?

Purpose limitation. (A)

An organization retains customer data indefinitely, arguing that the data may be useful for future, unforeseen purposes. The organization has robust security measures in place and promises to anonymize the data after 5 years. Which data privacy principle is MOST clearly violated?

Storage limitation. (B)

A company experiences a data breach. As a result, customers' personal information, including social security numbers and bank account details, is exposed. The company publicly announces the breach, but downplays the potential risks to customers, stating that its robust security measures will prevent any misuse of the data. Which data privacy principle is the company MOST likely violating in its response?

Lawfulness, Fairness, and Transparency. (A)

A retailer implements a facial recognition system in its stores, without informing customers, to track their shopping habits. This data is used to personalize marketing offers. Which of the following data privacy principles is MOST likely being violated?

Transparency. (A)

Imagine a scenario where a company collects user data with explicit consent for one specific purpose. However, they later decide to use that same data for an entirely different purpose without obtaining new consent. Which of the core ethical principles related to data collection is MOST clearly being violated?

Purpose Limitation (B)

An organization implements strong encryption for customer data at rest and in transit. However, they fail to regularly test their security measures or patch known vulnerabilities, leading to a data breach. Which data privacy principle did the organization MOST likely fail to uphold?

Accountability (A)

A small startup is developing an AI-powered tool that requires access to large amounts of personal data. The founders, eager to get their product to market quickly, decide to skip the step of thoroughly assessing the privacy risks of their project. Which of the core principles from the material they have failed at implementing?

All of the above (D)

A rogue employee at a data processing firm illicitly compiles and sells sensitive personal data on the dark web. Despite the company having implemented reasonable technical and organizational measures for data security, this malicious activity goes undetected for a considerable duration. When the breach is discovered (months later), regulators determine there were no prior incidents, and the firm had complied with industry best practices. Based solely on this information, which of the following consequences is the data processing firm MOST likely to face?

Limited or no formal penalties, acknowledging the firm's prior adherence to best practices and the unforeseeable nature of the rogue employee's actions. (A)

Flashcards

Data Privacy

Data collection that respects user privacy, ensuring data is accurate, secure, and used appropriately.

Data Technology

Rapid info production and usage, engaging vast amounts of data.

Internet Data Tracking

Recording user searches to improve results and personalize experiences.

Social Media Data

User interactions become new data for social media apps.

Digital Communication

Source of data through communications, creating vast amounts of data daily.

CCTV

Technology for security, monitoring environments and enforcing rules.

Internet of Things (IoT)

Tech enabling devices to connect, send and receive data via the internet.

International Data Privacy Principles or IDPPs

Principles for data privacy, used in Asia, Europe, and the US.

Compliance Requirement

Requires businesses to follow local laws, including data privacy and contracts.

Data Security

Guarding personal data from unauthorized access or misuse.

Privacy Policy

Informing users clearly about data practices and responsibilities.

Data Usage

Data can only be used for its original purpose, fairly, and transparently.

Study Notes

• Chapter 5 discusses data analysis
• Topic A is about collecting data

Data and Its Role

• Modern information technology quickly makes and uses data
• Data use involves a lot of things
• Internet browsers record and save searches, which are then used to improve search results and study user behavior

Social Media

• Social media allows users to interact
• Interaction involves statuses, comments, photos, and messages
• These interactions create new data for social media apps
• User data helps apps learn about user behavior, habits, and preferences
• This is used to show relevant ads

Communication

• Daily technological communication generates lots of todays data
• Each minute 16 million texts, 156 million emails, and over 100 million spam emails are sent creating lots of new data

CCTV (Closed-Circuit Television)

• CCTV is increasingly common for security in private and public areas
• Many cities utilize CCTV networks to monitor security and traffic
• CCTV data can be used to enforce laws if traffic violations occur

Internet of Things (IoT)

• IoT connects devices to the internet, allowing them to send and receive data
• In 2020, there were 200 billion IoT devices connected
• Connecting machines can track many things
• An example is tracking agitator rotation, run time, production, potential issues and predict maintenance for a milk factory's Mixed Storage Tank (MST)

Privacy Aspects in Data Collection

• Data privacy concerns how data is collected, accessed, used, and who has rights to access it
• Secured data privacy includes the following
  • Data should be collected with accuracy and completeness
  • Data must be free from inappropriate use
  • Data must be free from unauthorized access, personal data must be prioritized
  • Data content must be accessible with legal ownership
  • Individuals with the right to do so can review, update, or correct the data
• International Data Privacy Principles (IDPPs) are used for data privacy protection
• Asia, Europe, and the United States use IDPPs
• The standards must be met in order to comply with international data privacy protection
• Compliance involves following local laws, which include privacy laws, contract laws, and other related rules
• Use current standard security technology to protect private data from access, processing, deletion, removal, or unintentional use that is unauthorized
• Enforce transparent privacy policies, including who is in charge of data privacy and how to get in touch with them
• Explain why data is collected, what personal information is taken, how it is used, who will see it, how long it will be kept, and how to have it deleted or changed if asked
• Make sure all staff follows the privacy rules and stays away from anything that could cause illegal or unauthorized access
• Do not use or leak customer information unless it is required for statistics with the customer's identity kept private
• Customer data can be released to other parties only if a court orders it or the customer agrees to its use and distribution
• Do not gather customer data if it is unnecessary or too much
• Use and share customer data responsibly and only for things that help the company
• Do not use third parties to manage customer data unless they follow privacy practices that are accepted around the world
• Organizations must disclose any privacy breaches involving sensitive information
• Keep customer information that is not needed for an extended amount of time
• Do not send private customer data to nations, territories, or regions that either have lax data protection policies or are entirely without such laws
• Transfer only occurs when a customer has been made aware of these deficiencies and grants their explicit approval
• In cases of a contract with an organization, or when a customer buys their services or products:
  • Notify customers immediately of any data breaches
  • Inform customers about what specific data you keep based on the terms they agreed to
  • Unless legally obligated, delete all customers data upon request
  • Ensure that client data is not used to inform other content or services
  • Never share private customer data without explicit permission from the customer
  • Do not keep any client data unless forced to do so by law
• If no contract is in place rules should be followed
  • Inform customers if there has been a breach as soon as possible
  • If customers require info on what has been stored, it can be shared, removed etc
  • Never use data to formulate data for private customers
• Countries and regions all over the world are paying close attention to privacy rules to protect people's data
• There are numerous laws protecting data privacy
• Some areas with privacy protection laws: Canadian Information Protection and Electronic Documents Act, Australia's Privacy Act, The Hong Kong Personal Data Privacy Ordinance