Cloud Computing Fundamentals: Privacy and Compliance Risks

Questions and Answers

What is the primary assumption in an 'opt-out' system?

• That consumers have declined permission for information use
• That the consumer is unaware of information collection purposes
• That the information gatherer can use the consumer's information for other purposes without explicit consent (correct)
• That consumers have explicitly granted permission for information use

What is an essential aspect of providing access to PII?

• Storing data in a secure, encrypted format
• Limiting access to only necessary employees
• Cross-referencing data with reputable databases
• Ensuring access is inexpensive and timely (correct)

What is a key measure to protect against internal security threats?

• Limiting access to necessary employees (correct)
• Encrypting data in transit
• Storing data in a secure, cloud-based environment
• Conducting regular security audits

What is the primary purpose of enforcement measures in privacy policies?

To ensure companies follow the Fair Information Practice Principles (C)

What is a benefit of cross-referencing data with reputable databases?

Increasing the integrity of data (C)

What is a primary goal of the Fair Information Practice Principles?

To ensure the accuracy and security of collected data (C)

What is a key aspect of an organization's privacy policy that involves the user?

Means for the user to access and correct PII held by the organization (A)

Which of the following is a requirement for gaining PCI-compliance in a cloud computing environment?

Segmentation of virtual infrastructure (A)

What is typically included in an organization's privacy policy statement?

Statement of the organization's commitment to privacy (C)

What type of information is typically collected by organizations?

Names, addresses, credit card numbers, phone numbers, and other personally identifiable information (C)

What is a mechanism used to secure information transmissions in an organization's privacy policy?

Encryption (B)

Why do cloud computing service providers need to cooperate with organizations to gain PCI-compliance?

To address segmentation of virtual infrastructure (B)

What is the primary goal of the 'notice' principle in privacy and compliance risks?

To notify consumers of the entity collecting data and its intended uses (D)

What is the difference between 'opt-in' and 'opt-out' methods in relation to the disclosure of PII to third parties?

Opt-in requires consumers to affirmatively give permission, while opt-out assumes permission without consent (B)

What is the primary purpose of the 'choice' principle in privacy and compliance risks?

To enable consumers to opt-out or opt-in regarding disclosure of PII to third parties (A)

What is a key aspect of an entity's information practices that must be disclosed to consumers before collecting personal data?

The entity collecting data, its intended uses, and potential recipients (A)

What is the primary goal of the privacy policy statement in relation to personal data collection?

To inform consumers of the entity's information practices and obtain consent (D)

What is a key requirement for entities collecting personal data in relation to confidentiality, integrity, and quality?

To ensure the confidentiality, integrity, and quality of personal data (B)