CS406 Study Guide

Unit 9: Privacy Laws, Penalties, and Privacy Issues

9a. Discuss the need for electronic data privacy protection

  • What type of data is private information?
  • What are some ways that technology has intruded on the privacy of individuals?
  • Why is there a need for electronic data privacy protection?

Information about an individual may be privacy information if an individual can be identified by the information. Some types of private information are names, social security numbers, address, biometric data, date or place of birth, educational information, and more. Information that cannot be used to identify a person, such as statistical data, is not considered to be private information.

As technology has advanced to make life easier, technology has also intruded on individual privacy. The use of smartphones can identify the location of the owner, the internet of things (IoT) such as a thermostat can indicate that a homeowner is out of town. Cameras now use facial recognition to track the location of individuals.

Electronic data privacy protection is needed to prevent harm from coming to a person. Harm can be nefarious such as a burglar entering a home while the owner is away, or it can be to prevent the use of services that can be costly to a company. For instance, if a company insures a person for cancer but then learns from medical data that the individual is prone to have cancer, then the insurance company may elect to cancel the insured's policy.

To review, see Data and Protecting the Right to Privacy and The Right to Privacy.

 

9b. Identify key global laws that protect privacy, such as the US Privacy Act of 1974 and the European General Data Protection Regulation (GDPR)

  • Who is protected under the European Union's (EU's) General Data Protection Regulation (GDPR)?
  • How does the European Union's (EU's) General Data Protection Regulation (GDPR) compare to the California Consumer Privacy Act (CCPA)?
  • What information is protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA)?

The European Union's (EU's) General Data Protection Regulation (GDPR) protects the personal data of all EU citizens and its residents. Whether the business that collects the data resides in the EU or not, the business must adhere to the protection requirements of the GDPR when collecting data from EU citizens and residents.

The California Consumer Privacy Protection Act (CCPA) was written based on the European Union's General Data Protection Regulation (GDPR). Therefore, the CCPA is very similar to the GDPR. Both the CCPA and the GDPR have monetary punishments, but that imposed by the CCPA is less than the GDPR.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) has two sections that include a privacy rule and a security rule. The privacy rule contains the standards for protecting health information and the security rule sets the standards for how electronic health information is protected while being stored or in transit. HIPAA protects the individually identifiable health information collected, held, or transmitted by a business.

To review, see section 9.2: Global Privacy Laws.

 

Unit 9 Vocabulary

This vocabulary list includes the terms you will need to know to successfully complete the final exam.

  • artificial intelligence (AI)
  • California Consumer Privacy Act (CCPA)
  • Children's Online Privacy Act (COPPA) of 2000
  • European General Data Protection Regulation (GDPR)
  • European Union (EU)
  • Health Information Technology for Economic and Clinical Health (HITECH) Act
  • Health Insurance Portability and Accountability Act of 1996 (HIPAA)
  • Protected Health Information (PHI)
  • US Privacy Act