Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
27 Cards in this Set
- Front
- Back
Define privacy. |
The right to be left alone. To decide what to reveal about oneself. |
|
Name four different legislation concerned with privacy. |
Human rights act 1998. Convention for protection of human rights 1950 Universal declaration of human rights 1948 |
|
Name four different types of privacy. |
[Privacy is terribly boring] 1. Privacy of communications 2. Information privacy (DPA) 3. Territorial privacy (Video recording) 4. Bodily privacy (Invasive procedures, genetic tests) |
|
Give four key points proving why privacy is important. |
Psychological well being. Sociological well being. Economically - Freedom to innovate Political privacy - People need to be free to think, argue and act. |
|
Discuss the four major models for privacy protection. |
1. Comprehensive laws. 2. Sectoral laws 3. Self regulation 4. Technologies of Privacy |
|
Discuss comprehensive laws relating to privacy. |
General Laws that govern: Collection. Use. Dissemination of personal information. Example: Data Protection Act of 1998. |
|
Discuss Sectoral laws relating to privacy. |
Specific Laws that cover only certain sections (sectors) of privacy protection. Ex: Health & Financial Privacy laws in USA. Problems: Lags behind with each new technology introduced. Lack of oversight. |
|
Discuss Self regulation relating to privacy. |
Companies step in, define their own privacy rules. Drawbacks: Weak protections. Lack of enforcement. |
|
Discuss Technology relating to privacy. |
For: Encryption. Anonymous remailing. Proxy servers. Biometric access systems. Secure Online access. Against: Government backdoors, spyware, cookie tracking. |
|
Name some threats to privacy. |
9/11: Increased surveillance Weakened data protection laws. Sharing company/customer data with government agencies. Identity systems Face regognition |
|
Discuss privacy within the context of e-commerce. (1) What are the issues? |
Large amounts of personal data transferred which can reveal interests, tastes, religion. Ex: Data Mining. Tracking cookies. Customers concerned about unauthorized access to that data and secondary use. |
|
Discuss privacy within the context of e-commerce. (2) How is it regulated? Name two relevant directives. |
EU Data Protection Directive (1995) EU e-Privacy Directive (2002) |
|
Who does the Data Protection Act (DPA) protect? |
It protects individuals. It regulates the ability of organisations to use the data for business purposes. |
|
What is the EU data protection directive? |
It protects the privacy and all personal data of EU Citizens. It states that data should be processed in a fair and legal way, limited to the purposes that were explicitly defined. |
|
What is personal data in relation to the EU data protection directive? |
Personal data is any information which can directly relate to a person. Data is only personal if it enables anyone to link information to a specific person. |
|
What is sensitive personal data according to the EU Data Protection Directive? |
Data revealing: Racial, religious, political, trade-union, health or sex life. |
|
Define processing in the context of the EU data protection directive. |
Processing is any operation performed on personal data by automatic or manual means. Examples include collection, recording, organisation, storage, retrieval. |
|
How should personal data be processed according to the EU data protection directive? |
Relevant to the explicitly defined purposes. Data stored must always be Accurate. Time-Limited data is only stored for as long as needed. |
|
When is processing permitted, according to the EU data protection directive? |
Data may only be processed with Consent. By Contract and meeting Legal obligations. With the vital interests of the data subject in mind especially when subject is physically/legally incapable of giving consent. With public interest and legitimate interest. |
|
What are the four rights of data subjects? |
1. Right to access the information 2. Right to correct the information 3. Right to object 4. Right to not be automation and solely automated decisions. |
|
What are the obligations of data controllers? |
1. Notice to individuals: if the data is not used in purposes already explicitly defined. 2. Notice to data protection authorities. |
|
Transfer of data to third countries is allowed when.... |
Data can only be transferred to non-EU countries under specific circumstances if they provide adequate protection. 1. Country specific exceptions, ex: EU & US: Safe harbor provision 2. Business specific exceptions 3. Circumstance specific exceptions |
|
Name a few examples of data protection offences (Data Protection Act of 1998) |
1. Processing personal data without notifying the data commissioner. 2. Unlawful obtaining, selling of personal data. 3. Failing to respond to information notice. 4. Failing to take appropriate technical/organisational security. |
|
Name the key points of protection the EU e-privacy Directive provides. |
1. Subscribers must be informed of security threats 2. Confidentiality of information is to be maintained. 3. Consent is provided. 4. Erase/anonymize data not needed. 5. SPAM- No emails without prior opt-in consent |
|
Cookies |
Users must be informed that 1) they are there 2) what they are doing 3) obtain consent. |
|
Human rights act 1998 |
"Everyone has the right to respect for his private and family life", however this right cannot be used to interfere with public authorities acting in accordance with the law. |
|
Freedom of information act (2000) |
Amends DPA (1998) Provides right of access to information held by public authorities with exemptions. |