SCENARIO
Looking back at your first two years as the Director of Personal Information Protection and Compliance for the Berry Country Regional Medical Center in Thorn Bay, Ontario, Canada, you see a parade of accomplishments, from developing state-of-the-art simulation based training for employees on privacy protection to establishing an interactive medical records system that is accessible by patients as well as by the medical personnel. Now, however, a question you have put off looms large: how do we manage all the data-not only records produced recently, but those still on hand from years ago? A data flow diagram generated last year shows multiple servers, databases, and work stations, many of which hold files that have not yet been incorporated into the new records system. While most of this data is encrypted, its persistence may pose security and compliance concerns. The situation is further complicated by several long-term studies being conducted by the medical staff using patient information. Having recently reviewed the major Canadian privacy regulations, you want to make certain that the medical center is observing them.
You also recall a recent visit to the Records Storage Section, often termed ''The Dungeon'' in the basement of the old hospital next to the modern facility, where you noticed a multitude of paper records. Some of these were in crates marked by years, medical condition or alphabetically by patient name, while others were in undifferentiated bundles on shelves and on the floor. The back shelves of the section housed data tapes and old hard drives that were often unlabeled but appeared to be years old. On your way out of the dungeon, you noticed just ahead of you a small man in a lab coat who you did not recognize. He carried a batch of folders under his arm, apparently records he had removed from storage.
Which data lifecycle phase needs the most attention at this Ontario medical center?
In the scenario provided, the major concern is the large amount of old and potentially unmanaged data still present in the medical center's system, including multiple servers, databases, and unorganized paper records. Managing the retention phase of the data lifecycle is critical here because:
Retention Policies: Appropriate retention policies ensure that data is kept only as long as necessary for its intended purpose, reducing risks associated with data breaches and non-compliance with privacy regulations.
Compliance: Canadian privacy laws, such as the Personal Information Protection and Electronic Documents Act (PIPEDA), mandate that personal information should not be retained longer than necessary.
Security Risks: Unmanaged and outdated data can pose security risks. If data is not properly archived or disposed of, it becomes vulnerable to unauthorized access.
Audit and Accountability: Proper retention management facilitates better audit trails and ensures accountability.
Thus, addressing the retention phase is paramount for ensuring that the medical center complies with regulations and secures sensitive data effectively. Reference: IAPP Certification Textbooks, Section on Data Lifecycle Management and Retention Policies.
SCENARIO
Please use the following to answer the next questions:
Your company is launching a new track and trace health app during the outbreak of a virus pandemic in the US. The developers claim the app is based on privacy by design because personal data collected was considered to ensure only necessary data is captured, users are presented with a privacy notice, and they are asked to give consent before data is shared. Users can update their consent after logging into an account, through a dedicated privacy and consent hub. This is accessible through the 'Settings' icon from any app page, then clicking 'My Preferences', and selecting 'Information Sharing and Consent' where the following choices are displayed:
* "I consent to receive notifications and infection alerts";
* "I consent to receive information on additional features or services, and new products";
* "I consent to sharing only my risk result and location information, for exposure and contact tracing purposes";
* "I consent to share my data for medical research purposes"; and
* "I consent to share my data with healthcare providers affiliated to the company".
For each choice, an ON* or OFF tab is available The default setting is ON for all
Users purchase a virus screening service for USS29 99 for themselves or others using the app The virus screening
service works as follows:
* Step 1 A photo of the user's face is taken.
* Step 2 The user measures their temperature and adds the reading in the app
* Step 3 The user is asked to read sentences so that a voice analysis can detect symptoms
* Step 4 The user is asked to answer questions on known symptoms
* Step 5 The user can input information on family members (name date of birth, citizenship, home address, phone number, email and relationship).)
The results are displayed as one of the following risk status "Low. "Medium" or "High" if the user is deemed at "Medium " or "High" risk an alert may be sent to other users and the user is Invited to seek a medical consultation and diagnostic from a healthcare provider.
A user's risk status also feeds a world map for contact tracing purposes, where users are able to check if they have been or are in dose proximity of an infected person If a user has come in contact with another individual classified as "medium' or 'high' risk an instant notification also alerts the user of this. The app collects location trails of every user to monitor locations visited by an infected individual Location is collected using the phone's GPS functionary, whether the app is in use or not however, the exact location of the user is "blurred' for privacy reasons Users can only see on the map circles
What is likely to be the biggest privacy concern with the current 'Information Sharing and Consent' page?
The biggest privacy concern with the current 'Information Sharing and Consent' page is that all consent options are set to ON by default. According to privacy by design principles and data protection regulations, such as the General Data Protection Regulation (GDPR), consent should be freely given, specific, informed, and unambiguous. Pre-ticked boxes do not constitute valid consent because they do not provide a clear affirmative action from the user. The default ON setting could lead to unintentional data sharing and potential privacy breaches, making this a significant concern. (Reference: IAPP CIPT Study Guide, Chapter on Privacy by Design and Default)
What is a main benefit of data aggregation?
Data aggregation involves combining data from multiple sources to create a comprehensive dataset. One of the main benefits of data aggregation is that it can help achieve de-identification and unlinkability. By aggregating data, individual data points are merged into broader categories or summaries, reducing the risk that specific individuals can be identified from the dataset. This is particularly useful in privacy contexts where protecting individual identities is paramount. Aggregated data can provide valuable insights while maintaining privacy and security standards.
SCENARIO
Tom looked forward to starting his new position with a U.S ---based automobile leasing company (New Company), now operating in 32 states. New Company was recently formed through the merger of two prominent players, one from the eastern region (East Company) and one from the western region (West Company). Tom, a Certified Information Privacy Technologist (CIPT), is New Company's first Information Privacy and Security Officer. He met today with Dick from East Company, and Harry, from West Company. Dick and Harry are veteran senior information privacy and security professionals at their respective companies, and continue to lead the east and west divisions of New Company. The purpose of the meeting was to conduct a SWOT (strengths/weaknesses/opportunities/threats) analysis for New Company. Their SWOT analysis conclusions are summarized below.
Dick was enthusiastic about an opportunity for the New Company to reduce costs and increase computing power and flexibility through cloud services. East Company had been contemplating moving to the cloud, but West Company already had a vendor that was providing it with software-as-a-service (SaaS). Dick was looking forward to extending this service to the eastern region. Harry noted that this was a threat as well, because West Company had to rely on the third party to protect its data.
Tom mentioned that neither of the legacy companies had sufficient data storage space to meet the projected growth of New Company, which he saw as a weakness. Tom stated that one of the team's first projects would be to construct a consolidated New Company data warehouse. Tom would personally lead this project and would be held accountable if information was modified during transmission to or during storage in the new data warehouse.
Tom, Dick and Harry agreed that employee network access could be considered both a strength and a weakness. East Company and West Company had strong performance records in this regard; both had robust network access controls that were working as designed. However, during a projected year-long transition period, New Company employees would need to be able to connect to a New Company network while retaining access to the East Company and West Company networks.
When employees are working remotely, they usually connect to a Wi-Fi network. What should Harry advise for maintaining company security in this situation?
In the scenario, New Company needs to maintain security for employees connecting remotely, primarily over Wi-Fi networks.
Detailed Explanation:
Option A (Hiding SSID): Hiding the SSID (Service Set Identifier) can provide a basic level of security by making the network less visible to casual users. While not foolproof, it can deter unauthorized access to some extent.
Option B (Retaining assigned password): Retaining the default or assigned password is not advisable as these are often well-known and can easily be breached. Changing to strong, unique passwords is crucial.
Option C (WEP Encryption): Wired Equivalent Privacy (WEP) is outdated and has significant security vulnerabilities. It is not recommended for securing modern networks.
Option D (Tokens through HTTP): Using tokens for verification is important, but sending them through HTTP (an unsecured protocol) is not safe. HTTPS should be used instead.
Best practices for Wi-Fi security, including the use of WPA2 or WPA3 encryption, which offer much stronger security compared to WEP.
The importance of using strong, unique passwords for network security.
Recommendations for network security from organizations such as NIST and ISO.
Conclusion: Hiding the wireless SSID (Option A) is a basic security measure that can help improve the security of Wi-Fi networks used by employees connecting remotely, though it should be complemented with stronger measures such as WPA2/WPA3 encryption.
Which activity would best support the principle of data quality?
Ensuring that information remains accurate is the activity that best supports the principle of data quality. Data quality principles emphasize the importance of keeping personal information correct, complete, and up-to-date to prevent harm and ensure reliability. Maintaining accuracy involves regular updates, validation, and correction processes to avoid using outdated or incorrect data (IAPP, Certified Information Privacy Technologist (CIPT) materials).
