Intro to IT Privacy (IAPP) - Chapter 2 WITH 100% SURE
ANSWERS
Software Ecosystem Multiple professions that all interact during the development and use of software.
Project Manager Manages team resources and communication during construction, deployment, and
(Software Ecosystem Roles) maintenance of software or websites.
Works to curate privacy knowledge for project stakeholders. Often begins as a
Area Specialist for Privacy
developer or project manager.
Organization whose mission is to strengthen individual rights and freedoms by
defining, promoting, and influencing technology policy and the architecture of the
Center for Democracy and Technology Internet.
https://cdt.org/
Federal Trade Commission (FTC) Regulates privacy by pursuing unfair or deceptive trade practices.
How can functional violations of privacy in By correct design, implementation and deployment.
software be avoided?
Occurs when a system cannot perform a necessary function to ensure individual
Functional Violation of Privacy
privacy.
The unanticipated, or coerced use of information concerning a person against that
Objective Privacy Harm
person.
The perception of unwanted observation, without knowing whether it has occurred
Subjective Privacy Harm
or will occur.
1) Information collection.
Solove's Four Risk Categories of Privacy 2) Information processing.
Harm 3) Information dissemination.
4) Invasion.
IEEE Institute of Electrical and Electronics Engineers
Defect A flaw in the requirements, design or implementation that can lead to a fault.
(IEEE)
Fault An incorrect step, process or data definition in a computer program.
(IEEE)
1/7
, 10/24/24, 3:56 AM
Error The difference between a computed, observed or measured value or condition and
(IEEE) the true, specified or theoretically correct value or condition.
Failure The inability of a system or component to perform its required functions within
(IEEE) specified performance requirements.
Harm The actual or potential ill effect or danger to an individual's personal privacy,
(IEEE) sometimes called a hazard.
Classic Formula for Risk risk = probability of an adverse event X impact of the event
1) Accept the risk as-is.
2) Transfer the risk to another entity.
Conventional Risk Management Options
3) Mitigate the risk.
4) Avoid the risk.
1) Compliance.
2) Fair Information Practice Principles (FIPPs).
Privacy Risk Models
3) Calo's Subjective/objective Dichotomy.
4) Solove's Taxonomy of Privacy Problems.
Compliance Risk Model Failure to do what is required, or avoid what is prohibited.
Can be used similarly to a law, regulation, or policy. Describes specific qualities and
Fair Information Practice Principles
behaviors of systems that handle personal information.
Relates to individuals' expectations of how their information may be used, actual
Calo's Subjective/Objective Dichotomy usage—including surveillance or tracking—and consent or lack thereof to the
collection and use of that information.
1) Information Collection.
2) Information Processing.
Solove's Risk Categories of Privacy Harm
3) Information Dissemination.
4) Invasion.
1) Surveillance.
Information Collection (Solove)
2) Interrogation.
The observation and/or capturing of an individual's activities.
Surveillance (Solove) Example: An advertising website embeds HTML iframes into multiple third-party
news, social networking and travel websites to track users by what pages they visit
and what links they click on.
Actively questioning an individual or otherwise probing for information.
Interrogation (Solove) Example: A website requires a user to enter his or her mobile phone number as a
condition of registration, although the website's primary function does not require
the phone number and there is no statutory or regulatory requirement to do so.
Combining multiple pieces of information about an individual to produce a whole
that is greater than the sum of its parts.
Aggregation (Solove)
Example: Analyzing multiple purchases to determine a user is pregnant.
Links info to specific individuals.
Identification (Solove)
Example: Using cookies and IP with a user's browsing history to determine identity.
2/7
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller mbitheeunice2015. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $9.49. You're not tied to anything after your purchase.