Set #1-Privacy by Principles & Laws (Video Notes)

Vocabulary-style flashcards covering key privacy principles, laws, techniques, and terminology from the lecture notes.

Obfuscation

To make information more difficult to understand; to hide the true meaning.

OECD Guidelines

Eight privacy principles: Collection Limitation, Data Quality, Purpose Specification, Use Limitation, Security Safeguards, Openness, Individual Participation, and Accountability; a data controller should be accountable for complying with measures giving effect to these principles.

Omnibus Laws

Laws that define requirements across the entire economy, covering public-sector, private-sector, and health-sector activities.

Online Behavioral Advertising

Websites or online advertising services track and analyze search terms, browser or user profiles, preferences, demographics, online and offline activity, location data, etc., to serve targeted ads.

Online Data Storage

Storage of data by a third-party vendor accessible over the Internet (cloud storage); an alternative to local hard drive storage.

Opt-In

An active affirmative indication of choice, such as checking a box signaling a desire to share information with third parties.

Opt-Out

A lack of action implies a choice; unless the box is checked/unchecked, the individual's information may be shared with third parties.

Organization for Economic Cooperation and Development (OECD)

International organization promoting policies to achieve sustainable economic growth, employment, and rising living standards in member and non-member countries, contributing to the world economy.

Passive Collection

Collecting data from a data subject without their awareness.

Perimeter Controls

Technologies and processes designed to secure an entire network by preventing external penetration.

PCI Security Standards Council

Body responsible for developing and managing the PCI Data Security Standard; members include American Express, Discover, JCB, MasterCard, Visa and affiliate members.

Persistent Storage

Storage of data in non-volatile media (e.g., hard drive); without it data would reside only in RAM and be lost when power is lost.

Personal Information

Could be a generic term or an EU term; in the U.S. it is often referred to as PII.

Pharming

Redirecting a valid internet request to a malicious website by modifying a Hosts file or corrupting DNS.

Plan-Driven Development Model

A software development strategy that concentrates on designing the entire system before creation; example: Spiral model.

Spear Phishing

Phishing tailored to an individual user (e.g., an email appearing to come from the user’s boss) to obtain information.

Phishing

Emails or other communications designed to trick a user into providing passwords or other sensitive information.

Platform for Privacy Preferences Project (P3P)

Project aimed at designing web protocols with user privacy in mind; produced protocols including XACML.

Premium Advertising

The most expensive and most visible web advertising, typically on the homepage, used by big-name brands.

POST Method

HTML form submission method that sends data to a web page; considered more secure than GET.

Privacy by Design

Concept of embedding privacy into technology, systems and practices from the design phase; includes seven foundational principles.

Privacy Notice

A statement describing how an organization collects, uses, retains, and discloses personal information.

Privacy Nutrition Label

A standard-form label intended to make privacy policies easily understandable; developed by Cylab Usable Privacy and Security Laboratory (CUPS) at Carnegie Mellon University.

Privacy Officer

Official responsible for privacy coordination and implementation within a department; may be statutorily mandated and/or appointed; related to privacy statements, notices, or policies; special notices mandated by GLBA and COPPA in the U.S.

Privacy Patterns

A set of design-pattern-like solutions to common privacy problems in software; each pattern describes a privacy concern and a uniform approach to address it.

Privacy Policy

Internal statement governing how an organization handles personal information; directed at users and instructing employees on data collection, use, and rights.

Privacy Review

Analysis of all new projects for compliance with an organization’s privacy standards and policies; should occur multiple times from early project stages.

Privacy Risk

A formula to assess a project’s privacy impact: likelihood of threat × potential impact; difficult to quantify, often compared across projects.

Privacy Standard

Minimum level at which privacy should be protected in new projects, applications, and services; based on internal policy and external regulations.

Protected Health Information (PHI)

Individually identifiable health information transmitted or maintained by a covered entity or business associate; relates to health condition, provision of healthcare, or payment for healthcare.