Privacy Principles Melinda Clarke.

Slides:



Advertisements
Similar presentations
EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.
Advertisements

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.
Data Protection.
SIU School of Medicine Identity Protection Act and Associated SIU Policy.
Research Development for Android Coopman Tom. What is Android?  Smartphone operating system  Google  Popular  ‘Easy to develop’  Open-Source  Linux.
Domain Name Registrant Data: The Privacy Questions Alan Davidson Center for Democracy and Technology
FARMINGTON AREA PUBLIC SCHOOLS SUMMER TECHNOLOGY ACADEMY AUGUST 18TH, 2010 Web 2.0 Tools.
1 The Engineer as a Professional Privacy. 2 After reading the articles please answer the following questions. 1) Is privacy a concern that engineers have.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
SMART GRID: Privacy Awareness and Training – for PUCs/PSCs A Starting Point December 2011 SGIP-CSWG Privacy Group 1 DRAFT.
Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Practical Information Management
Service Organization Control (SOC) Reporting Options and Information
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
HIPAA PRIVACY AND SECURITY AWARENESS.
Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.
Ames Laboratory Privacy and Personally Identifiable Information (PII) Training Welcome to the Ames Laboratory’s training on Personally Identifiable Information.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
Greater Toronto Hockey League The Implementation of PIPEDA and Amateur Sports – A Case Study.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
Twelve Guiding Principles for the Regulation of Surveillance Camera Systems Presented by: Alastair Thomas Date: 23 rd October 2013.
Supervision SICOR Securities, Inc.. Why? NASD 3110 requires the firm to “…establish and maintain a system to supervise the activities of each registered.
HIPAA and Human Subjects Research IRB Member CE May 2014 Slideshow by Sean Horkheimer.
Privacy Advisory Services … … A Best Practices, Integrated Approach Insert Firm Name Here.
James Fox Shane Stuart Danny Deselle Matt Baldwin Acceptable Use Policies.
Goal: By the end of this lesson you should understand how social media are taking away your privacy rights.
Session 11 Data protection. 1 Contents Part 1: Introduction Part 2: Applicability and responsibility Part 3: Our procedures on data protection Part 4:
DON Code of Privacy Act Fair Information Principles DON has devised a list of principles to be applied when handling Protected Personal Information (PPI).
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
Service Organization Control Reports What Have We Learned? Chris Bruhn DIRECTOR, IT RISK SERVICES, BKD, LLP SAS 70 ENDS EXIT TO SSAE 16.
HIPAA Privacy What Every Staff Member Needs to Know.
Effect of Corporate IT Policies on Otherwise Privileged Communication By: Jonathan T. Barton.
Jim Loter Director of Information Technology
The Apple Privacy Policy zakiya mitchell
Denise Chrysler, JD Director, Mid-States Region
Nassau Association of School Technologists
Student Privacy in an Ever-Changing Digital World
Prepared by Kris Twomey Law Office of Kristopher E. Twomey, P.C.
Obligations of Educational Agencies: Parents’ Bill of Rights
Service Organization Control (SOC)
KET ENCYCLOMEDIA STUDENT ACCOUNT CHANGES
PERSONAL DATA PROTECTION ACT 2010
Cyber Issues Facing Medical Practice Managers
Move this to online module slides 11-56
Are you processing personal data lawfully?
G.D.P.R General Data Protection Regulations
Current Privacy Issues That May Affect Your Credit Union
Employee Privacy and Privacy of Employee Information
General Data Protection Regulations
Data Protection principles
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
Mathew Norman, Policy & Public Affairs Officer, RLA Wales
GDPR (General Data Protection Regulation)
Information management and communication
Personal Information and Companies
IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004
PRIVACY PRESENTATION TO THE SPRING 2013 CONFERENCE BY HANK MOORLAG
Good Spirit School Division
Student Privacy in the age of big data
HIPAA Privacy and Security Update - 5 Years After Implementation
Data Protection What can I do? GDPR Principles General Data Protection
Colorado “Protections For Consumer Data Privacy” Law
General Data Protection Regulation Community Councils
Presentation transcript:

Privacy Principles Melinda Clarke

Instructions and Game Introduction Everyone should have 3 things: a card BINGO board marker We’ll review the privacy principles Each scenario has associated data elements and uses Get 5 privacy principles in a row on the BINGO board to win!

Use, Retention, Disposal Privacy Principles Notice Choice and Consent Collection Use, Retention, Disposal Access Disclosure Security for Privacy Quality GAPP Privacy Principles: https://www.cippguide.org/2010/07/01/generally-accepted-privacy-principles-gapp/ Notice: The organization provides notice of its privacy policies and procedures. The organization identifies the purposes for which personal information is collected, used and retained. Choice & Consent: The organization describes the choices available to the individual. The organization secures implicit or explicit consent regarding the collection, use and disclosure of the personal data. Collection: Personal information is only collected for the purposes identified in the notice. Use, Retention, Disposal: The personal information is limited to the purposes identified in the notice the individual consented to. The organization retains the personal information only for as long as needed to fulfill the purposes, or as required by law. After this period, the information is disposed of appropriately. Access: The organization provides individuals with access to their personal information for review or update. Disclosure: Personal information is disclosed to third parties only for the identified purposes and with implicit or explicit consent of the individual. Security for Privacy: Personal information is protected against both physical and logical unauthorized access. Quality: The organization maintains accurate, complete and relevant personal information that is necessary for the purposes identified. Data Types: Postal mail address Phone number Use: Data Element Marketing: Name and Email address Billing: Bank Account Number Social Media: Name and Location Social Media: Username and User Generated Content

Data Elements: Name, User Generated Content, Location PRIVACY PRINCIPLES Notice Choice & Consent Access Disclosure Collection Use, Retention, Disposal Security Quality Data Elements: Name, User Generated Content, Location Use: Law Enforcement Requests Source: https://www.vice.com/en_us/article/xwnva7/snapchat-employees-abused-data-access-spy-on-users-snaplion Security: Controls were in place but may not have been implemented appropriately

Data Element: Bank Account Number Use: Billing PRIVACY PRINCIPLES Notice Choice & Consent Access Disclosure Collection Use, Retention, Disposal Security Quality Data Element: Bank Account Number Use: Billing Source: Quality: Data wasn’t accurate.

Data Element: Email Address Use: Account Verification PRIVACY PRINCIPLES Notice Choice & Consent Access Disclosure Collection Use, Retention, Disposal Security Quality Data Element: Email Address Use: Account Verification Source: https://www.businessinsider.com/facebook-uploaded-1-5-million-users-email-contacts-without-permission-2019-4 Collection: Collected it for a secondary purpose from what it was intended for Use, Retention, Disposal: Used for a secondary purpose, not deleted after use.

Data Elements: Name and Email Address Use: Marketing PRIVACY PRINCIPLES Notice Choice & Consent Access Disclosure Collection Use, Retention, Disposal Security Quality Data Elements: Name and Email Address Use: Marketing Source: https://www.zdnet.com/article/pregnancy-club-fined-400000-for-sharing-data-of-over-14-million-people/ Notice: Didn’t tell them what was their data was going to be used for Collection: Collected it for a secondary purpose from what it was intended for Choice/Consent: Didn’t give them an opportunity to choose what their info was used for Disclosure: Shared with a 3rd party without a business need or consent Use, Retention, Disposal: Used for a secondary purpose.

Data Elements: Name and Location Use: Social Media PRIVACY PRINCIPLES Notice Choice & Consent Access Disclosure Collection Use, Retention, Disposal Security Quality Data Elements: Name and Location Use: Social Media Source: http://pleaserobme.com/ Choice & consent: The ability to choose what you share and with whom

Data Elements: Username and User Generated Content Use: Social Media PRIVACY PRINCIPLES Notice Choice & Consent Access Disclosure Collection Use, Retention, Disposal Security Quality Data Elements: Username and User Generated Content Use: Social Media Source: https://www.businessinsider.com/people-who-got-fired-for-using-twitter-2014-7 Choice & consent: The ability to choose what you share and with whom

Takeaways Be mindful of what you choose to share. Configure your settings. Laugh at Mr. Clarke’s jokes.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.