CIPP/E Exam Questions and Answers
Save
Terms in this set (224)
International Association of Privacy Professionals -
IAPP
founded in 2000
Global Data Privacy Regulation - May 2018
- states can make further legislation
- stronger rights for online environment
GDPR
- SA have increased powers
- broader application - anyone targeting EU cust
- 173 recitals, 99 articles, 11 chapters
Rational for Data Increase in computers in 1970 and cross-border trade
Protection
EEC European Economic Community
1948 after WWII - right to private and family life and
freedom of expression (Art 12)
Human Rights Declaration
- created by Council of EU, adopted by United
Nations
European Court of Human Rights - binding decisions
ECHR (Court) - gives opinion on ECHR
- personal info to be private but not absolute right
European Convention on Human Rights - 1953
- created by Council of EU (not just EU)
ECHR - open to member states (application)
- like HRD, recognizes the need for balance
- based on Universal Human Rights Declaration
, Organization for Economic Cooperation and
Development - 1980
- created OECD guidelines on transborder flow of
OECD
personal data
- membership extends beyond Europe
- focused on economic growth, NOT BINDING
(1) Collection Limitation (consent, fair, lawful)
(2) Data Quality (complete, accurate, update-to-date)
(3)Purpose Specification (specified at collection)
(4) Use Limitation (consistent with purpose)
(5) Security Safeguards (against loss, destruction,
OECD Guidelines
modification, unauthorized access)
(6) Openness (use of info, Controller identity & loc)
(7) Individual Participation (entitled to receive from
Controller)
(8) Accountability (controller complies with above)
- domestic processing & re-export of data
- transborder flows are uninterrupted & secure
OECD Guidelines -
- don't engage with other members unless guidelines
Member state
are observed
considerations
- member state can restrict if protection not provided
- avoid laws to restrict TB data flows
, - 1981 - worldwide scope
- Convention for the Protection of Individuals in
regard to automatic processing (not profiling) of PD
- first legally binding international instrument in the
area of data protection.
- requires signatories to take steps to ensure
fundamental human rights with regard to the
Convention 108 aka CoE
processing of personal information.
Convention
- US was not signatory
Global privacy day (1/28)
- same as OECD except: (1) preserve info to identify
person for no longer than needed (2) Special
categories - race, religion, sex/health life, political
views, criminal conv not auto processed without
safeguards
Transborder Special Rules For countries not signatory parties
Mutual Assistance designate SA to oversee compliance
- Direction 95/46/EC
- not law, framework
- 1995
Data Protection Directive - fragmented implementation across states
- replaced by GDPR
- only applied to Controllers
- 78 recitals, 34 articles, 7 chapters
- 2000 in Nice
- created by EU
- Lisbon Treaty made this binding for EU states
- Art 7 - private life, family, home, comm
Charter of Fundamental
- Art 8 - separate right to data protection
Rights of EU
- promotes individual civil, political, economic, and
social rights for European citizens
- similar principles as ECHR but refers to protection of
personal data
Save
Terms in this set (224)
International Association of Privacy Professionals -
IAPP
founded in 2000
Global Data Privacy Regulation - May 2018
- states can make further legislation
- stronger rights for online environment
GDPR
- SA have increased powers
- broader application - anyone targeting EU cust
- 173 recitals, 99 articles, 11 chapters
Rational for Data Increase in computers in 1970 and cross-border trade
Protection
EEC European Economic Community
1948 after WWII - right to private and family life and
freedom of expression (Art 12)
Human Rights Declaration
- created by Council of EU, adopted by United
Nations
European Court of Human Rights - binding decisions
ECHR (Court) - gives opinion on ECHR
- personal info to be private but not absolute right
European Convention on Human Rights - 1953
- created by Council of EU (not just EU)
ECHR - open to member states (application)
- like HRD, recognizes the need for balance
- based on Universal Human Rights Declaration
, Organization for Economic Cooperation and
Development - 1980
- created OECD guidelines on transborder flow of
OECD
personal data
- membership extends beyond Europe
- focused on economic growth, NOT BINDING
(1) Collection Limitation (consent, fair, lawful)
(2) Data Quality (complete, accurate, update-to-date)
(3)Purpose Specification (specified at collection)
(4) Use Limitation (consistent with purpose)
(5) Security Safeguards (against loss, destruction,
OECD Guidelines
modification, unauthorized access)
(6) Openness (use of info, Controller identity & loc)
(7) Individual Participation (entitled to receive from
Controller)
(8) Accountability (controller complies with above)
- domestic processing & re-export of data
- transborder flows are uninterrupted & secure
OECD Guidelines -
- don't engage with other members unless guidelines
Member state
are observed
considerations
- member state can restrict if protection not provided
- avoid laws to restrict TB data flows
, - 1981 - worldwide scope
- Convention for the Protection of Individuals in
regard to automatic processing (not profiling) of PD
- first legally binding international instrument in the
area of data protection.
- requires signatories to take steps to ensure
fundamental human rights with regard to the
Convention 108 aka CoE
processing of personal information.
Convention
- US was not signatory
Global privacy day (1/28)
- same as OECD except: (1) preserve info to identify
person for no longer than needed (2) Special
categories - race, religion, sex/health life, political
views, criminal conv not auto processed without
safeguards
Transborder Special Rules For countries not signatory parties
Mutual Assistance designate SA to oversee compliance
- Direction 95/46/EC
- not law, framework
- 1995
Data Protection Directive - fragmented implementation across states
- replaced by GDPR
- only applied to Controllers
- 78 recitals, 34 articles, 7 chapters
- 2000 in Nice
- created by EU
- Lisbon Treaty made this binding for EU states
- Art 7 - private life, family, home, comm
Charter of Fundamental
- Art 8 - separate right to data protection
Rights of EU
- promotes individual civil, political, economic, and
social rights for European citizens
- similar principles as ECHR but refers to protection of
personal data
