CIPP/E Definitions and aides de memoire fully solved graded A+ 2023/2024

CIPP/E Definitions and aides de memoire GAPP framework (Generally Accepted Privacy Principles) - correct answers Privacy encompasses the rights and obligations of individuals and organisations with respect to the collection, use, retention, disclosure and disposal of personal information. CURDD - correct answers Collection Use Retention Disclosure Disposal Classes of privacy - correct answers Information privacy Bodily privacy Territorial privacy Communications privacy Personal information - correct answers info related to an identified or identifiable person Personal data - correct answers info related to an identified or identifiable natural person or data subject Data subject - correct answers an identifiable person who can be identified, directly or indirectly, in particular, by reference to an id number, or to one or more factors specific to: -Physical -physiological -mental -economic -cultural -social identity. US sensitive categories of personal data - correct answers SS# financial info drivers license # med records EU sensitive categories of personal data - correct answers racial/ethnic origin political opinions religious/philosophical opinions trade union membership health/sex life offences/criminal convictions Info Sec Policy - Roles - correct answers Data protection authority Data controller Data processor Data subject Data protection authority - correct answers DPA enforces rules/regs Data controller - correct answers decides how and why data is processed Data processor - correct answers processes data for data controller Privacy policy - correct answers internal statement/policy that articulates an organisation's position on privacy, protection and use of personal data Privacy notice - correct answers outbound statement to customers, job applicants, and anyone outside the organisation describing how the organisation is collecting, using, retaining, disclosing and disposing of personal data. Consent rights - correct answers Describe choices to individuals Get implicit/explicit consent with respect to CURDD particularly for PI disclosure to other data controllers. Choice - correct answers Opt-in or opt-out Opt-out presumes permission Opt-in MUST be used with sensitive information. OECD privacy framework - correct answers Collection Limitation -limits to collection -lawful and fair means -consent Data quality -relevant to purpose -accurate, complete and up-to-date Purpose specification -specify purpose no later than time of collection -subsequent use limited to specify purpose Use limitation -Not disclosed/made available or used outside of specific purpose without consent of DS or legal authority Security safeguards -protected by reasonable security Openness -general transparency on dev/practice/purposes.