Random

Question 1

Calo’s Harm Dimensions

Answer 1

Defines risks on whether they are
- measure & objective
- perceived & subjective

Question 2

Solove’s Taxonomy of Privacy

Answer 2

• Identifies risk based activities on specific activies involved

Question 3

Niseembaums Conceptual Integrity

Answer 3

Identifieis risk based on whether processing is in alignment with norms of a partifular context

Question 4

Jurisdictional Nexus

Answer 4

Reason why a places is allowed to have power over you/your situation

Question 5

Vail Letter

Answer 5

• employer led 3rd party investigations could be considered “consumer report” > could trigger/invoke FCRA notice
• FACTA added exception that made 3rd investigations into misconduct no longer treated as “consumer report”
• rendered Vail letter Null

Question 6

Qualfied Protective Order (QPO)

Answer 6

• special kind of court order that allows sharing of PHI, while tightly limited what can be done with it
• Applies to STATE courts

Question 7

Protective Order

Answer 7

prevents access to sensitive information through:
- redaction
- restrict electronic access

Question 8

Rule 5.2 (of Federal Rules of Civil Procedure 2007)

Answer 8

“Privacy protection for filings made with the court”
- required redactions to limit information provided

Question 9

Budapest Convention (Council of Europe Convention on Cybercrime 2004)

Answer 9

60+ countries
mandates participating countries:
- outlaw certain cybercrime
- enact evidence gathering rules
- cooperate with cross border investigations

Question 10

2nd Additional Protocol (2022)

Answer 10

Objective - Assist with global evidence

Question 11

OECD

Answer 11

“Guidelines on the protection of privacy and transborder flows of personal data”

Question 12

Convention 108

Answer 12

Council of Europe
Convention on the Protection of Individuals with regard to Automatic Processing of Personal Data

Question 13

Madrid Resolution

Answer 13

42 Country DPA
International Standards on the Protection of Personal Data and Privacy

Question 14

ARPAnet

Answer 14

Military computer 1969
Stanford/UCLA
Precurssor to Internet

Question 15

Mosaic

Answer 15

foudation for Netscape
created by Marc Andreesen

Question 16

Nexus

Answer 16

first web browser
created by Tim Berners- Lee

Question 17

Cellular/ SMS

Answer 17

160 limit
needs cell service

Question 18

OTT

Answer 18

need wifi
E2E encryption
no character limit

Question 19

Packet

Answer 19

1500 bytes

Question 20

Deep packet inspection

Answer 20

nodes inspect packets as they cross network

Question 21

Primary cause of security incidents

Answer 21

humans

Question 22

EU Cookie Directive

Answer 22

under GDPR
- requires consent
- info stored in cookie considered personal info

Question 23

Two categories of PETs

Answer 23

1- Data altering /deidentification
2- data shielding

Question 24

Deidentification

Answer 24

1- supression = removes identifiers
2- generalization = detailed data element replaced by general (DOB replaced by year only)
3- noise addition = data replaced with similar but different data (objective = preserve statistical properties)

Question 25

Data shielding types

Answer 25

1 - encryption 2 - hashing

Question 26

Encryption types

Answer 26

1 - symmetrical (1 key aka private key) 2 - assymetrical (2 key aka public key)

Question 27

Differential privacy

Answer 27

desired level of privacy determines NOISE addition * mathematical guarantee about peoples indistinguishability

Question 28

Data sanitation

Answer 28

process of permanently/irreversibly removing/destroying data from storage

Question 29

Encryption requirements

Answer 29

1- algorithim 2- cipher 3- code 4- encryption key

Question 30

One Way Principle

Answer 30

should be computationally infeasible to find any input that maps to any NEW pre-defined output

Question 31

Collision Resistence

Answer 31

should be computationally infeasible to find any 2 distinct inputs that map to the same output

Question 32

Public Key Infrastructure

Answer 32

System of digital cert authorities and other registration entities that verifies the authenticity of each party involved in an electronic transaction through the use of cryptography

Question 33

Privacy Incident

Answer 33

an adeverse event/aaction that is unplanned/unusual/unwanted that happened as a a result of non-compliance with policy/procedures

Question 34

Data Breach

Answer 34

- when data is accessed WITHOUT authorization - legal term of art - defined by a statute (legal definition must be met) - can be caused by human error

Question 35

Threat modeling

Answer 35

process of analyzing representations of a system to highlight concerns about security and privacy characteristics

Question 36

Privacy Mission

Answer 36

concise delcaration of company's core purpose, focus and how it will achieve it's goals

Question 37

Privacy Vision

Answer 37

inspirational description of company's lng term aspirations and desired future state - 1st step/short statement

Question 38

Accountability Principle

Answer 38

dictates that an org take responsibility for protecting personal info - demonstrating compliance - inherently flexible

Question 39

Judicial Redress Act 2015

Answer 39

qualifiying NON US citizens may use civil actions against US gov agencies to gain access to covered records

Question 40

EO 14086

Answer 40

surveillance need comply with ncecessity and proportionality

Question 41

Surprise Minimization Rule

Answer 41

no one should be suprised by having their info processed in a particular way prohibitied by local law because their info was transferred to another jurisdiction

Question 42

EO14036

Answer 42

urged FTC to address unfair data collection/surveillance practices

Question 43

Major Questions Doctrine

Answer 43

agencies cannot issue rules withou clear/express authorization from congress

Question 44

Who regulates MedTech

Answer 44

Section 5 of FTC Food, Drug Cosmetic Act of FDA

Question 45

CPNI notification timeline

Answer 45

7 days

Question 46

Puerto Rico Breach timeline

Answer 46

10 days

Question 47

FISA section 702

Answer 47

Authorizes targeting Non-US persons reasonably believed to be located outside US to acquire foreign intelligence

Question 48

FISA “Lone Wolf” Provision

Answer 48

Defines an “agent of a foreign power” to include non us persons who engage in international terrorism, regardless of affiliation with a specific foreign power

Question 49

FISA section 205

Answer 49

Granted Foreign Intelligence Surveillance Court (FISC) the authority to compensate by amicus curiae (individual or org not directly involved in lawsuit to offer info/expertise/insight via an amicus brief)

Question 50

Key Points of Title 7 of Civil Rights Act

Answer 50

Prohibits employment discrimination based on - race/color - sex (includes pregnancy) - religion - national origin EXCLUDES Martial Status Applies to 15+ employees private or gov.

Question 51

Does anything Preempt states in data disposals?

Answer 51

FACTA PREEMPTS most states in FACTA Data Disposal

Question 52

What act followed 9/11?

Answer 52

USA PATRIOT ACT

Question 53

What state does ECDIS most apply?

Answer 53

Colorado

Question 54

What fields are not considered under CPNI?

Answer 54

Name and Phone Number

Question 55

What are the NIST Steps?

Answer 55

Identify Protect Monitor Respond Recover

Question 56

When is a notification NOT required under GDPR when…?

Answer 56

DATA IS ENCRYPTED controller has taken steps to protect data subjects (close accounts) Unreasonable burden & public notice is given

Question 57

How long do companies under GDPR have to respond to DSAR?

Answer 57

“Without undue delay and within 1 Month from RECEIPT of request

Question 58

What states have adopted PCI-DSS?

Answer 58

Minnesota Nevada Washington

Question 59

What is a biometric “Identifier” under BIPA?

Answer 59

- Retina - Iris - Fingerprint - Voiceprint - Scan of hand/face geometry

Question 60

What is biometric “information” under BIPA?

Answer 60

Any info based on individual’s biometric identifiers used to identify an individual

Question 61

What is a biometric “identifier” Washington Biometric Privacy Law (RCW 19.375)

Answer 61

Data generated from automatic measurements of an individual’s biological characteristics (Same as BIPA)

Question 62

What is a biometric “identifier” Washington Biometric Privacy Law (RCW 19.375)

Answer 62

Data generated from automatic measurements of an individual’s biological characteristics (Same as BIPA)

Question 63

What is OMB M 17-12?

Answer 63

Office of Business Management, Memorandum 17-12 “Preparing for and responding to a Breach of PII”

Question 64

What are the key points of OMB 17-12?

Answer 64

- identify stakeholders for PIRT (Privacy Incident Response Team) - identify compliance documentation - collaborate across business functions - determine scope of breach/ required reporting - assess impact on affected individuals - mitigate risk - notify affect individuals

Question 65

How many states have breach notification laws?

Answer 65

- All 50 states - DC - Puerto Rico - Virgin Islands

Question 66

What is an AEDT?

Answer 66

- computational processes derived from machine learning, statistical modeling, data analytics or AI - issues simplified outputs (scores, classifications, recommendations) - substantially assists or replaced discretionary decision making

Question 67

What is said in Section 702 of FISA?

Answer 67

- permits broad US Intelligence surveillance of foreign persons - not limited to what is "strictly necessary and proportionate" - allows compelled cooperation from electronic service providers if they fall under 702 authority - major reason why Privacy Shield was invalidated

Question 68

What is surveillance economics?

Answer 68

- Companies or governments make money or gain power by collecting a lot of data about people. - collecting people’s data because it’s profitable or useful.

Question 69

Stages of Privacy Operational Lifecycle

Answer 69

- Access (baselines/training/assessments) - Sustain (monitoring) - Respond

Question 70

What is cookie deprecation?

Answer 70

phasing out third‑party cookies so companies can no longer track people across websites the same way they used to.

Question 72

What is deterministic tracking?

Answer 72

Method of identifying and following a user across sessions, channels, and/or devices using exact, know identifiers rather than statistical guesses