CITP EXAM QUESTIONS AND ANSWERS:
LATEST UPDATE (ALREADY GRADED A+.)
Nissenbaum's Contextual Integrity
Ties adequate protection for privacy to norms of specific contetexts, demanding that information
gathering and dissemination be appropriate to that context and obey the governing norms of
distribution within it. This viewpoint presents a challenge to IT professionals: how to identify relevant
norms and preserve norms when they introduce new or changing technology? Helen Nissenbaum's
framework of contextual integrity ties privacy expectations to context-dependent norms of information
flow. Information collection, processing and transmission practices that are in accordance with those
norms are likely to be perceived as acceptable, whereas practices that do not follow those norms are
perceived as privacy violations because they violate contextual integrity.
Solove's Taxonomy
A work by Daniel Solve and attempts to order the different harms that may arise from infringements in
privacy. The taxonomy is split into four categories: 1) Information Collection, 2) Information Processing,
3) Dissemination of Information, and 4) Invasion.
Calo's Harms Dimensions
Objective harms are measurable and observable, wherein a person's privacy has been violated and a
direct harm is known to exist. Subjective harms exist without an observable or measurable harm, but
where an expectation of harm exists.
Westin's Four States of Privacy
The states include:
Solitude: The individual stands by themselves, separate from the group and remains free from the
observations of others.
Intimacy: The individual is part of a small unit; information sharing and the rules of secrecy are
negotiated with members of the unit.
anonymity: While the individual is in public, they still maintain freedom from identification and
surveillance.
reserve: While the individual is in a large group, they maintain the ability to withold communication or
disengage from others to create a psychological barrier agains t unwanted intrusion.
Fair Information Practice Principles (FIPPs)
Published in 1977 by the U.S. Federal Trade Commission (FTC) and provides guidance to businesses in
the United States. FIPPs is a collection of widely accepted principles that agencies use when evaluating
information systems, processes, programs, and activities that affect individual privacy. FIPPs are not a
requirement; rather, they are principles that should be applied by each agency according to the agency's
particular mission and privacy program requirements.
Collection Limitation Principle
, FIPPS Principle: There should be limits to the collection of personal data and any such data should be
obtained by lawful and fair means and where appropriate, with the knowledge or consent of the data
subject.
Data Quality Principle
FIPPS Principle: Personal data should be relevant to the purposes for which they are to be used, and, to
the extent necessary for those purposes, should be accurate, complete and kept up-to-date.
Purpose Specification Principle
FIPPS Principle: The purposes for which personal data are collected should be specified not later than at
the time of data collection and the subsequent use should be limited to the fulfillment of those purposes
or such others as are not incompatible with those purposes and as are specified on each occasion of
change of purpose.
Use Limitation Principle
FIPPS Principle: Personal data should not be disclosed, made available or otherwise used for purposes
other than those specified, except: (a) with the consent of the data subject; or (b) by the authority of
law.
Security Safeguards Principle
FIPPS Principle: Personal data should be protected by reasonable security safeguards against such risks
as loss or unauthorized access, destruction, use, modification or disclosure of data
Openness Principles—There should be a general policy of openness about developments, practices and
policies with respect to personal data. Means should be readily available of establishing the existence
and nature of personal data, and the main purposes of their use, as well as the identity and usual
residence of the data controller.
Individual Participation Principle
FIPPS Principle: An individual should have the right: (a) to obtain from a data controller, or otherwise,
confirmation of whether or not the data controller has data relating to him; (b) to have communicated
to him, data relating to him within a reasonable time; at a charge, if any, that is not excessive; in a
reasonable manner; and in a form that is readily intelligible to him; (c) to be given reasons if a request
made under subparagraphs (a) and (b) is denied, and to be able to challenge such denial; and (d) to
challenge data relating to him and, if the challenge is successful to have the data erased, rectified,
completed or amended.
Accountability Principle
FIPPS Principle: A data controller should be accountable for complying with measures which give effect
to the principles stated above observes data streams produced by the data subject without interfering
with the subject's normal behavior; (3) repurposing, which occurs when the previously collected data is
now assigned to be used for a different purpose, e.g., reusing a customer's shipping address for
marketing and (4) third-party collection, when previously collected information is transferred to a third-
party to enable a new data collection
LATEST UPDATE (ALREADY GRADED A+.)
Nissenbaum's Contextual Integrity
Ties adequate protection for privacy to norms of specific contetexts, demanding that information
gathering and dissemination be appropriate to that context and obey the governing norms of
distribution within it. This viewpoint presents a challenge to IT professionals: how to identify relevant
norms and preserve norms when they introduce new or changing technology? Helen Nissenbaum's
framework of contextual integrity ties privacy expectations to context-dependent norms of information
flow. Information collection, processing and transmission practices that are in accordance with those
norms are likely to be perceived as acceptable, whereas practices that do not follow those norms are
perceived as privacy violations because they violate contextual integrity.
Solove's Taxonomy
A work by Daniel Solve and attempts to order the different harms that may arise from infringements in
privacy. The taxonomy is split into four categories: 1) Information Collection, 2) Information Processing,
3) Dissemination of Information, and 4) Invasion.
Calo's Harms Dimensions
Objective harms are measurable and observable, wherein a person's privacy has been violated and a
direct harm is known to exist. Subjective harms exist without an observable or measurable harm, but
where an expectation of harm exists.
Westin's Four States of Privacy
The states include:
Solitude: The individual stands by themselves, separate from the group and remains free from the
observations of others.
Intimacy: The individual is part of a small unit; information sharing and the rules of secrecy are
negotiated with members of the unit.
anonymity: While the individual is in public, they still maintain freedom from identification and
surveillance.
reserve: While the individual is in a large group, they maintain the ability to withold communication or
disengage from others to create a psychological barrier agains t unwanted intrusion.
Fair Information Practice Principles (FIPPs)
Published in 1977 by the U.S. Federal Trade Commission (FTC) and provides guidance to businesses in
the United States. FIPPs is a collection of widely accepted principles that agencies use when evaluating
information systems, processes, programs, and activities that affect individual privacy. FIPPs are not a
requirement; rather, they are principles that should be applied by each agency according to the agency's
particular mission and privacy program requirements.
Collection Limitation Principle
, FIPPS Principle: There should be limits to the collection of personal data and any such data should be
obtained by lawful and fair means and where appropriate, with the knowledge or consent of the data
subject.
Data Quality Principle
FIPPS Principle: Personal data should be relevant to the purposes for which they are to be used, and, to
the extent necessary for those purposes, should be accurate, complete and kept up-to-date.
Purpose Specification Principle
FIPPS Principle: The purposes for which personal data are collected should be specified not later than at
the time of data collection and the subsequent use should be limited to the fulfillment of those purposes
or such others as are not incompatible with those purposes and as are specified on each occasion of
change of purpose.
Use Limitation Principle
FIPPS Principle: Personal data should not be disclosed, made available or otherwise used for purposes
other than those specified, except: (a) with the consent of the data subject; or (b) by the authority of
law.
Security Safeguards Principle
FIPPS Principle: Personal data should be protected by reasonable security safeguards against such risks
as loss or unauthorized access, destruction, use, modification or disclosure of data
Openness Principles—There should be a general policy of openness about developments, practices and
policies with respect to personal data. Means should be readily available of establishing the existence
and nature of personal data, and the main purposes of their use, as well as the identity and usual
residence of the data controller.
Individual Participation Principle
FIPPS Principle: An individual should have the right: (a) to obtain from a data controller, or otherwise,
confirmation of whether or not the data controller has data relating to him; (b) to have communicated
to him, data relating to him within a reasonable time; at a charge, if any, that is not excessive; in a
reasonable manner; and in a form that is readily intelligible to him; (c) to be given reasons if a request
made under subparagraphs (a) and (b) is denied, and to be able to challenge such denial; and (d) to
challenge data relating to him and, if the challenge is successful to have the data erased, rectified,
completed or amended.
Accountability Principle
FIPPS Principle: A data controller should be accountable for complying with measures which give effect
to the principles stated above observes data streams produced by the data subject without interfering
with the subject's normal behavior; (3) repurposing, which occurs when the previously collected data is
now assigned to be used for a different purpose, e.g., reusing a customer's shipping address for
marketing and (4) third-party collection, when previously collected information is transferred to a third-
party to enable a new data collection
