3.2 Goals and Principles - Privacy Flashcards Preview

HCISSP ISC2 > 3.2 Goals and Principles - Privacy > Flashcards

Flashcards in 3.2 Goals and Principles - Privacy Deck (12)
Loading flashcards...
1
Q

who are the stakeholders of privacy?

A

Users, businesses, regulators, public authorities etc.

2
Q

why do we need privacy?

A
Societal perspective
   -Foundation of democracy
   -Freedom of speech
Individual perspective
   -Free personal development
   -Ownership of personal data of any kind
3
Q

what happens if we have no privacy?

A
  • we are afraid of observations and consquences

- Hesitance to develop personally

4
Q

What types of privacy protection exist?

A
  • Data protection (by law)
  • Privacy by design
  • Technical data protection
5
Q

what are the goals of “Data protection” (Datenschutz)?

A
  • Measures for the protection of stored and transferred personal data
  • protection of citizens against governmental institutions
6
Q

what are the principles of data protection

A

Data minimisation
-The service should be offered with a minimum of needed data.
Information of data subject
-The person whose data is being stored, should know what has been stored.
Acceptance with consent
-The data subject is to be asked in advance.

7
Q

What are main aspects of EU General Data Protection Regulation?

A
  • Explicit vs. assumed consent(Art. 6-8)
  • Right to be forgotten (demand that personal data be deleted if there are no grounds it be kept; art. 12,14,17)
  • Easier access + transfer to different provider (Art. 20)
  • Privacy by design and by default(Art. 25)
  • Notification about data breaches(Art. 33,34)
  • Higher fines, ≤ max(20 Mio. €, 4% turnover) (Art. 83)
8
Q

what is the scope of the EU GDPR?

A
  • Processing of personal data at least partly by automated means or as part of a filing system
  • Establishment of controller/processor in EU
  • Data subject in the EU
  • -Even if processing takes place outside of EU, provided that goods/services are offered (regardless of payment) or behaviour is monitored
9
Q

What is personal data regarding to the EU GDPR?

A
  • any information relating to an identified or identifiable natural person
  • Identifiable directly or indirectly by reference
  • -Name
  • -ID Number
  • -Location Data
  • -Online identifier
10
Q

What is proccessing regarding to the EU GDPR?

A

any operation on personal data

  • Collection
  • Recording
  • Adaption (Anpassung)
  • Retrieval (Abrufen)
  • Restriction, destruction
11
Q

What is privacy by design regarding to the EU GDPR?

A
  • Implement measures (e.g. pseudonymisation) for data minimisation
  • Ensure that by default only necessary personal data is processed
  • Amount, storage period, accessibility
12
Q

What are the principles of privacy by design?

A
  1. Proactive not Reactive; Preventative not Remedial
  2. Privacy as the Default Setting
  3. Privacy Embedded into Design
  4. Full Functionality –Positive-Sum, not Zero-Sum
  5. End-to-End Security –Full Lifecycle Protection
  6. Visibilityand Transparency–Keep it Open
  7. Respect for User Privacy –Keep it User-Centric

Decks in HCISSP ISC2 Class (56):