Cloud Computing Fundamentals: Privacy and Compliance Risks

Questions and Answers

What is the primary assumption in an 'opt-out' system?

That consumers have declined permission for information use

That the consumer is unaware of information collection purposes

That the information gatherer can use the consumer's information for other purposes without explicit consent (correct)

That consumers have explicitly granted permission for information use

What is an essential aspect of providing access to PII?

Storing data in a secure, encrypted format

Limiting access to only necessary employees

Cross-referencing data with reputable databases

Ensuring access is inexpensive and timely (correct)

What is a key measure to protect against internal security threats?

Limiting access to necessary employees (correct)

Encrypting data in transit

Storing data in a secure, cloud-based environment

Conducting regular security audits

What is the primary purpose of enforcement measures in privacy policies?

To ensure companies follow the Fair Information Practice Principles

What is a benefit of cross-referencing data with reputable databases?

Increasing the integrity of data

What is a primary goal of the Fair Information Practice Principles?

To ensure the accuracy and security of collected data

What is a key aspect of an organization's privacy policy that involves the user?

Means for the user to access and correct PII held by the organization

Which of the following is a requirement for gaining PCI-compliance in a cloud computing environment?

Segmentation of virtual infrastructure

What is typically included in an organization's privacy policy statement?

Statement of the organization's commitment to privacy

What type of information is typically collected by organizations?

Names, addresses, credit card numbers, phone numbers, and other personally identifiable information

What is a mechanism used to secure information transmissions in an organization's privacy policy?

Encryption

Why do cloud computing service providers need to cooperate with organizations to gain PCI-compliance?

To address segmentation of virtual infrastructure

What is the primary goal of the 'notice' principle in privacy and compliance risks?

To notify consumers of the entity collecting data and its intended uses

What is the difference between 'opt-in' and 'opt-out' methods in relation to the disclosure of PII to third parties?

Opt-in requires consumers to affirmatively give permission, while opt-out assumes permission without consent

What is the primary purpose of the 'choice' principle in privacy and compliance risks?

To enable consumers to opt-out or opt-in regarding disclosure of PII to third parties

What is a key aspect of an entity's information practices that must be disclosed to consumers before collecting personal data?

The entity collecting data, its intended uses, and potential recipients

What is the primary goal of the privacy policy statement in relation to personal data collection?

To inform consumers of the entity's information practices and obtain consent

What is a key requirement for entities collecting personal data in relation to confidentiality, integrity, and quality?

To ensure the confidentiality, integrity, and quality of personal data