Untitled Quiz

Questions and Answers

What year was the Fair Credit Reporting Act enacted?

1970

What does the term "processing" refer to in the context of privacy and data protection laws?

Collecting, recording, organizing, storing, updating or modifying, retrieving, consulting, and using personal information.

Match the following privacy principles with their corresponding descriptions:

Collection Limitation = Limits the information collected to what is relevant and obtained by lawful and fair means. Purpose Specification = Specifies the purposes for which information is collected and limits future use to those purposes or compatible purposes. Use Limitation = Limits the disclosure of personal information to purposes other than those specified or for other legal purposes with the individual's consent or by legal authority. Data Quality = Ensures that personal information should be relevant and, where necessary, kept up to date. Information must be accurate, complete, and kept up to date. Security Safeguards = Organizations should protect personal information with reasonable safeguards against risks such as loss or unauthorized access, destruction, use, modification, or disclosure. Openness Principle = Establishes a general policy of openness about practices and policies with respect to personal information. Individual Participation Principle = Provides the right to obtain confirmation of whether or not an organization has data about the individual; to receive a description of that data; to correct inaccurate information; and to challenge the data and delete the information. Accountability Principle = Requires an organization to be accountable for complying with measures to implement the data protection principles.

What year did Congress enact the Controlling the Assault of Non-Solicited Pornography and Marketing Act, better known as CAN-SPAM?

2003

The U.S. government has enacted a comprehensive federal privacy law that applies to all types of personal information.

False (B)

What are the two main categories of exemptions found in state comprehensive privacy laws?

Entity-level exemptions and data-based exemptions (A)

What does the term "deidentified data" refer to?

Data that is not reasonably associated or linked with a particular individual.

What is the intended outcome of a strong "defense in depth" security strategy?

By creating multiple layers of security, it makes it more challenging for attackers to gain unauthorized access to sensitive information.

What are the five core functions of the NIST Cybersecurity Framework?

Identify, Protect, Detect, Respond, and Recover.

What is the purpose of the "Notice at point of collection" requirement in state comprehensive privacy laws?

To inform consumers about the categories of personal data collected and the purpose for using that data before the collection takes place.

What are the two types of data collection that are typically distinguished under the FCRA?

First-party data collection and third-party data collection.

What three requirements must be met for an employer to obtain an investigative consumer report under the FCRA?

The employer must provide written notice to the applicant, obtain consent from the applicant, and certify to the reporting agency that the employer has a permissible purpose and has obtained consent from the employee.

What is the purpose of the "Red Flags Rule" under FACTA?

To mandate financial institutions to develop and implement written programs to prevent and mitigate identity theft.

What is the central focus of the GLBA Safeguards Rule?

To protect the confidentiality and integrity of customer information by requiring financial institutions to develop and implement a comprehensive information security program.

What is the purpose of the "opt-in" consent requirement under the CCPA and CP in California?

To require that financial institutions obtain written consent from consumers before sharing their personal information with unaffiliated third parties.

What are the three main areas of focus in state comprehensive privacy laws, as discussed in Chapter 6?

Key terms, consumer rights, and business obligations (C)

What is the primary purpose of state data breach notification laws?

To protect individuals from identity theft and fraud by requiring businesses to notify affected individuals and government agencies.

What is the primary purpose of the HIPAA Privacy Rule?

To protect the privacy and security of protected health information (PHI), while ensuring the efficiency of the healthcare system.

What are the two key methods for de-identifying data under HIPAA's Privacy Rule?

The rule allows for either removing at least 18 specific data elements or having an expert certify that the risk of reidentifying individuals is very small.

What is the primary purpose of the Genetic Information Nondiscrimination Act (GINA) of 2008?

To prohibit discrimination in health insurance and employment based on genetic information.

What is "information blocking" under the 21st Century Cures Act?

Any activity that is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information.

What are some of the key areas that the FTC focuses on in "illegal conduct" under the FTC Act, as discussed in the context of health technologies?

The FTC focuses on illegal conduct that exploits Americans’ location, health, and other sensitive data. This has led to the enforcement of the FTC Act against companies involved in the collection and sharing of health information, raising concerns about privacy and security practices in the medtech industry.

What is the main purpose of the Bank Secrecy Act (BSA) of 1970?

To prevent money laundering and deter organized crime by requiring financial institutions to keep detailed records and report suspicious transactions.

What are the two main categories of privacy telecommunications issues, as discussed in Chapter 11?

Telemarketing communications and internet-based marketing communications (A)

What does the term "express prior authorization" signify under CAN-SPAM, as discussed in Chapter 11?

Consumers must actively grant clear and affirmative consent before receiving text messages (MSCMs) from a company or organization.

What are the two key categories of consumer privacy laws that impact the regulation of digital advertising, as discussed in Chapter 11?

State specific laws that target digital advertising practices and comprehensive state privacy laws that include broader regulations covering a wider scope of data protection issues.

What is the purpose of the AdChoices program, as discussed in Chapter 11?

To provide consumers with greater transparency and control over the use of their information by allowing them to opt out of targeted advertising and access resources with explanations about how data is used.

What are the three key areas of ethical concern in the context of digital advertising, as discussed in Chapter 11?

Ethics in digital advertising focus on honesty and fairness in advertising content, the selection of appropriate advertising environments, and the potential for bias in data analysis used for ad targeting.

What is the primary reason for the existence of strict privacy laws regarding medical information, as mentioned in Chapter 8?

Medical information is inherently sensitive, dealing with deeply personal aspects of individuals' health and wellbeing.

What year did the Health Insurance Portability and Accountability Act (HIPAA) become law in the United States?

1996

Flashcards

Legislative Branch

The branch of government responsible for creating and passing laws.

Executive Branch

The branch of government responsible for enforcing and administering laws.

Judicial Branch

The branch of government responsible for interpreting laws and deciding their meaning.

U.S. Congress

The U.S. Congress, made up of the Senate and the House of Representatives, is responsible for creating and passing laws.

Executive Branch

The president, the vice president, the president's cabinet, and federal agencies all make up the executive branch. They enforce and administer laws.

Judicial Branch

The federal court system that interprets laws and decides if they're constitutional.

District Court

The lowest level of federal court; the 'trial court' where evidence is presented.

Federal Appellate Court

Also known as a Circuit Court; this court reviews decisions made by the District Courts.

U.S. Supreme Court

The highest court in the US federal system; it hears appeals from circuit courts and makes final decisions on federal laws.

Checks and Balances

A system where each branch of government has some power over the other branches to prevent any one branch from becoming too powerful.

Confirmation

The process where the Senate approves presidential appointments to federal offices.

Presidential Veto

The president's ability to reject a law passed by Congress; can be overridden by a 2/3rds vote in Congress.

Delegation of Rulemaking Power

When Congress gives the authority to federal agencies to create regulations to implement laws.

Rulemaking

The process where federal agencies create detailed rules to explain how laws will be enforced.

Enforcement

Actions taken by the government to enforce laws, often through civil or criminal legal processes.

Judicial Interpretation

When laws are interpreted by courts, focusing on their constitutionality and intent.

Appeal

A legal process where someone can challenge a decision made by a lower court.

Constitutionality

The process of determining if a law is legal under the U.S. Constitution.

Intent

The reason or purpose behind creating a law.

Appointment of Federal Judges

The process where the Senate approves presidential appointments to federal courts.

Federal Trade Commission (FTC)

An independent agency in the U.S. that enforces laws related to competition and consumer protection, including privacy laws.

Comprehensive Laws

Laws that apply to the entire U.S. economy, covering everyone and every sector.

Sectoral Laws

Laws that apply to specific industries or sectors, like healthcare or finance.

State Laws

Laws that are created by states, covering only the people and businesses within that state.

Local Laws

Laws that are created by cities or towns, covering only the people and businesses within that jurisdiction.

Overlap

A situation where two or more laws overlap, potentially creating confusion about which law applies.

Gap

A situation where there is no law covering a particular situation, leaving a 'blank' space in legal protection.

Different Privacy Needs

The idea that different parts of the economy have different privacy and security needs, making sectoral laws more appropriate.

Costly Paperwork

The argument that comprehensive laws lead to more rules and paperwork for businesses, potentially increasing costs and bureaucracy.

Discouraging Innovation

The concern that too many regulations can slow down innovation, especially in technology.

Study Notes

U.S. Private-Sector Privacy

• Fourth Edition by Peter Swire, CIPP/US and DeBrae Kennedy-Mayo, CIPP/US
• An IAPP publication
• Copyright 2024, The International Association of Privacy Professionals, Inc. (IAPP)
• ISBN: 978-1-948771-77-1

Table of Contents

• About the IAPP
• Preface
• Acknowledgments
• Introduction
  • Chapter 1: Introduction to Privacy
    • 1.1 Defining Privacy
    • 1.2 Classes of Privacy
    • 1.3 The Historical and Social Origins of Privacy
    • 1.4 Fair Information Practices
    • 1.5 Information Privacy, Data Protection, and the Advent of Information Technology
    • 1.6 Personal and Nonpersonal Information
    • 1.7 Sources of Personal Information
    • 1.8 Processing Personal Information
    • 1.9 Sources of Privacy Protection
    • 1.10 World Models of Data Protection
    • 1.11 Conclusion
  • Chapter 2: U.S. Legal Framework ...and so on until the end of the book.