CIPT Module 6: Privacy by Design Methodology Exam Questions with 100% Correct Answers

CIPT Module 6: Privacy by Design Methodology Exam Questions with 100% Correct Answers What is the Privacy by Design Methodology? building processes, products and services that embed privacy principles within the design as a requirement. Keeping the concept of privacy as a forethought in design allows for measurability and compliance of privacy laws and regulations. What is the concept of Goal setting when it comes to Privacy by Design? Organizations are challenged to achieve balance between the needs of the organization, the privacy principles mandated by requirements and regulations, and the cultivation of customer trust and loyalty. Privacy laws often lead to the creation or emergence of privacy goals within an organization and can be used to meet privacy goals through technology. For example, designing protections for online gaming accounts as though they were financial accounts; applying similar notification and control techniques helps individuals better protect their information and more closely monitor their accounts for any malicious activity. Privacy technologists are complying with privacy laws through design, while aligning technology with the privacy goals of an organization. This two-fold approach allows for longer-term benefits for stakeholders and individuals and connects technology with privacy expectations. Documenting Requirements for applying privacy to a new system design or addressing a problem. . Understanding privacy requirements provides engineers the opportunity to capture critical privacy properties prior to design, as well as other technological commitments that meet the needs of the organization. Addressing privacy threats and requirements during the design phase is not only easier, but also more cost effective than addressing privacy threats and requirements after design implementation. Privacy requirements can be formally documented in a software requirements specification (SRS), expressed mathematically or summarized in an Agile user story Standard elements of a software requirements specifications Requirement ID Requirement Statement Author Revision Number Release Date Keywords Legal Compliance Scenario Description Design Assumptions What are the two types of requirements engineers must distinguish between? Functional and Non-functional Functional - The specific function of the intended information system; it describes what the system will do (e.g. "The system shall provide a link to a privacy notice at the bottom of every page.") Non-Functional - The constraint of the system that the engineer can trace to a functional requirement or design element. (e.g. "the system shall not disclose personal information without authorization or consent.") What are Quality Attributes? Quality attributes are nonfunctional requirements used to evaluate how a system is performing. Privacy is an example of a quality attribute and can be divided into further quality attributes. What are the Privacy Quality Attributes Identifiability Network Centricity Confidentiality Availability Integrity Mobility What is Identifiability? (PQA) The extent to which a user is identified by an authentication system. Examining the combinations of quasi-identifiers (module 4) within a system design and evaluating how personal identifiers are isolated from each other reduces the risk of unwanted users drawing inferences that may identify an individual. Web server log files can also be configured to record less information from HTTP request headers, using a pseudonym in place of a user's identity. Here, privacy technologists and organizations need to ensure that system design aligns with the goals of identifiability. What is network centricity? (PQA) The extent to which personal information remains local to the client. When using an architecture where personal information needs to be collected for the purposes of a transaction, the designer can choose to retain the information on the client side and transfer it only to complete the transaction. Processing toward the client rather than the server reduces the risk of unwanted disclosure and secondary use and gives individuals more control over their personal information. Here, application logic must be shared across the client and server as opposed to only centralizing processing on the server side, which may present risks to privacy. Frequent updates may be needed as new services are added. Other systems may be designed to disaggregate any personal information while still making the information available. This method may be an option with personal information that is distributed across multiple systems. It allows individuals to have a single interface but mitigates inappropriate use or disclosure across systems, since any given data source may contain only a fraction of an individual's personal information (module 4). What is Confidentiality? PQA The extent to which personal information is accessible by others. Privacy technologists have choices in design as to how personal information is accessed via mechanisms that assign permissions, log-ins, data encryption, tokenization and aggregation (module 4). Implementing confidentiality mechanisms requires tracking business needs and authorization through access logs and should align with the functions and responsibilities of the business. What is availability? PQA Referred to as a security property. Availability means data is accessible when needed by an authorized entity within the organization or by the data subject. If security measures are implemented for data, the designer must decide if accessing personal information in the event of an incident is a requirement. The scope of emergency access should be clearly mapped out, including who has authorization, what information is available, and how long access should be available; also, identify who is responsible for reviews, audit logs, or approving access once the incident is over. Data persistence must be taken into consideration as well What is data persistence? PQA Data persistence is when data is still retrievable in the form of backups, replication sites and archives, even after it has been deleted from a production database. While data persistence is useful in the event of a system's failure, it can pose an accessibility risk by unwanted actors. Establishing retention requirements at the beginning phases of design development from a data life cycle viewpoint will help mitigate the risk of inappropriate use of available data. What is integrity? PQA The extent to which the system maintains a reliable state with data free from error. Integrity of personal information ensures that data is consistently accurate, complete and current. Privacy Technologists can apply the concept of integrity when addressing the following potential risks in design by considering how information is collected and restored... Manual Entry; cross-checks to verify the entries are correct Restored data from backups; mechanisms to ensure that corrections to data propagate in backup files Limited reliance on mechanisms outside designer control or prone to failure. What is mobility? PQA The extent to which a system moves from one location to another, as in laptop and mobile phone capabilities Increasing security around "bring your own device" (BYOD) programs or using organizations' mobile devices is necessary, as well as minimizing the amount of data that can be stored locally. How can PTs identify information needs to ensure privacy by design? Privacy by design requires a minimalist approach to processing personal information. What is the least amount of personal information needed to accomplish the goal? For example, when designing for the collection of information, if privacy technologists begin with the end in mind, they should be able to identify the purpose that requires the collection of information and how that purpose determines the amount of information that is necessary to collect and use these facts to drive their design accordingly. High-level design and implementation While requirements describe the behaviors that a system should exhibit, designs describe how the system's parts should work together to implement those behaviors. The components of high- level design include quality attributes, discussed previously in this module, technology architectures and design representation.