CIPT V6.3 PRIVACY PRINCIPLES,
MODELS, AND TECHNOLOGIES
OVERVIEW EXAM QUESTIONS WITH
100% CORRECT ANSWERS L LATEST
VERSION 2025/2026.
Primary goal of privacy in technology - ANS To protect individuals' privacy while enabling
functionality, ensuring data collection, storage, and processing align with privacy principles.
Difference between a privacy policy and a privacy notice - ANS A privacy policy is an internal
document guiding how personal data is managed; a privacy notice is an external statement
explaining how personal data is collected, used, and shared.
Main stages of the data life cycle - ANS Collection, Use, Disclosure, Retention, and
Destruction.
Privacy by design (PbD) - ANS A proactive approach embedding privacy into the design and
operation of systems, products, and services from the outset.
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
, Seven foundational principles of Privacy by Design - ANS 1) Proactive not reactive; 2) Privacy
as the default; 3) Embedded into design; 4) Full functionality (positive-sum); 5) End-to-end
security; 6) Visibility and transparency; 7) Respect for user privacy.
Purpose of a privacy risk model - ANS To identify, evaluate, and manage privacy risks through
frameworks such as compliance, FIPPs, and contextual integrity models.
Compliance Model for privacy risk - ANS Identifies risks as failures to meet legal or regulatory
obligations, aligning system elements with specific requirements.
FIPPs-based model - ANS Uses Fair Information Practice Principles like notice, choice, access,
and accountability to guide privacy protection.
Calo's Harms Dimensions model - ANS Divides privacy harm into objective (measurable) and
subjective (perceived) harms.
Nissenbaum's Contextual Integrity model - ANS Defines privacy as appropriate information
flow according to social and contextual norms.
Main NIST frameworks relevant to privacy - ANS Risk Management Framework, Cybersecurity
Framework, Privacy Framework, and NICE Cybersecurity Workforce Framework.
FAIR model in privacy risk - ANS A quantitative model that analyzes risk frequency and
magnitude to estimate overall privacy risk.
Value-sensitive design - ANS A design methodology that integrates moral and ethical values,
like privacy and fairness, throughout system design.
2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
MODELS, AND TECHNOLOGIES
OVERVIEW EXAM QUESTIONS WITH
100% CORRECT ANSWERS L LATEST
VERSION 2025/2026.
Primary goal of privacy in technology - ANS To protect individuals' privacy while enabling
functionality, ensuring data collection, storage, and processing align with privacy principles.
Difference between a privacy policy and a privacy notice - ANS A privacy policy is an internal
document guiding how personal data is managed; a privacy notice is an external statement
explaining how personal data is collected, used, and shared.
Main stages of the data life cycle - ANS Collection, Use, Disclosure, Retention, and
Destruction.
Privacy by design (PbD) - ANS A proactive approach embedding privacy into the design and
operation of systems, products, and services from the outset.
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
, Seven foundational principles of Privacy by Design - ANS 1) Proactive not reactive; 2) Privacy
as the default; 3) Embedded into design; 4) Full functionality (positive-sum); 5) End-to-end
security; 6) Visibility and transparency; 7) Respect for user privacy.
Purpose of a privacy risk model - ANS To identify, evaluate, and manage privacy risks through
frameworks such as compliance, FIPPs, and contextual integrity models.
Compliance Model for privacy risk - ANS Identifies risks as failures to meet legal or regulatory
obligations, aligning system elements with specific requirements.
FIPPs-based model - ANS Uses Fair Information Practice Principles like notice, choice, access,
and accountability to guide privacy protection.
Calo's Harms Dimensions model - ANS Divides privacy harm into objective (measurable) and
subjective (perceived) harms.
Nissenbaum's Contextual Integrity model - ANS Defines privacy as appropriate information
flow according to social and contextual norms.
Main NIST frameworks relevant to privacy - ANS Risk Management Framework, Cybersecurity
Framework, Privacy Framework, and NICE Cybersecurity Workforce Framework.
FAIR model in privacy risk - ANS A quantitative model that analyzes risk frequency and
magnitude to estimate overall privacy risk.
Value-sensitive design - ANS A design methodology that integrates moral and ethical values,
like privacy and fairness, throughout system design.
2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
