AIGP > Domain 2: AI and Privacy > Flashcards

Domain 2: AI and Privacy Flashcards

Explore how AI impacts personal data and key privacy principles. (53 cards)

Study These Flashcards
1
Q

What are Fair Information Practices?

(FIPs)

A

Guidelines for handling data with privacy, security, and fairness.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the origin of the FIPs?

A
  • U.S. HEW Report (1973)
  • OECD Guidelines (1980)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the 5 original HEW principles of FIPs?

A
  1. No secret collection
  2. Access and amendment
  3. Consent
  4. No secondary use
  5. Appropriate safeguards
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does ‘Access / Individual Participation’ mean in FIPs?

A
  • Individuals can access and amend their personal data
  • Data should be collected from the individual
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does ‘Purpose Specification’ mean in FIPs?

A

The reason for data collection must be specified at the time of collection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does ‘Data Minimization’ / ‘Collection Limitation’ mean?

A

Only collect necessary data and keep it only as long as needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does ‘Data Quality / Relevance’ mean?

A

Data must be accurate, complete, up to date, and relevant to the specified purpose.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does ‘Safeguards / Security’ mean?

A

Implement administrative, technical, and physical protections for data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does ‘Notice / Openness’ mean?

A

Provide advance notice of data collection and ensure transparency of policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does ‘Accountability’ mean in FIPs?

A

The organization must take responsibility for ensuring compliance with its policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does ‘Use Limitation’ mean in FIPs?

A

Data must only be used for the purpose specified at collection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How should ‘Notice’ be applied to AI systems?

A
  • Inform users that AI is used
  • Disclose if inputs and outputs are retained and used for training
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does ‘Choice and Consent’ mean in the context of AI?

A
  • Users should voluntarily and clearly consent to data collection
  • Consent must be informed and in plain language
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Privacy by Design?

(PbD)

A

A proactive approach embedding privacy into IT systems and processes from the start.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Who developed Privacy by Design?

A

Ann Cavoukian

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the goal of Privacy by Design?

A

Build privacy and data protection into design and operation of systems by default.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the 7 principles of Privacy by Design?

A
  1. Respect for users
  2. Proactive, not reactive
  3. Default setting
  4. Embedded into design
  5. Positive sum
  6. End-to-end security
  7. Transparent
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the mnemonic for the seven PbD principles?

A

Robot Pigs Devour Enormous Purple Eggplant Tacos.

Respect for users, proactive not reactive, default setting, embedded into design, positive sum, end-to-end security, transparent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is Privacy by Default?

A
  • Ensures highest level of privacy is automatically applied
  • Strict privacy settings enabled by default
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

How does Privacy by Default complement Privacy by Design?

A

It ensures privacy settings are automatically enforced without user intervention.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What does PbDD stand for and what does it mean?

A

Privacy by Design and Default

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is a PIA or DPIA?

Study These Flashcards
A

Assessment tool to identify, assess, mitigate privacy risks; done during design and before deployment.

PIA: Privacy Impact Assessment; DPIA: Data Protection Impact Assessment

23
Q

What is the role of human oversight in AI systems?

Study These Flashcards
A

Humans review inputs and outputs.

E.g., ‘human in the loop’ process

24
Q

What is data governance?

Study These Flashcards
A

Management of data throughout its lifecycle.

Ensures availability, usability, integrity, and security.

25
What is **data disposition**?
* Policies for **data retention** and **disposal** * Defines **how long to retain data** and how to **sanitize** or **purge** it
26
What are **safeguards** in the context of AI and data privacy?
**Controls** to prevent **unauthorized access** or modification. ## Footnote Includes administrative, technical, physical measures
27
Why is **documentation** important for AI privacy compliance?
**Demonstrates compliance** and lawfulness. ## Footnote Includes records like PIAs and DPIAs.
28
What is the **GDPR**?
* General Data Protection Regulation (2018) * **Comprehensive privacy legislation** covering the European Union (EU) and European Economic Area (EEA)
29
Which **regions** are **covered** by the GDPR?
* European Union (27 states) * European Economic Area (EU + Norway, Iceland, Liechtenstein)
30
What are the **7 principles** of the GDPR?
1. Lawfulness, fairness, and transparency 2. Purpose limitation 3. Data minimization 4. Accuracy 5. Storage limitation 6. Integrity and confidentiality 7. Accountability ## Footnote Mnemonic: Llamas parade drowsily as smurfs implode accidentally
31
Which **GDPR articles** are **relevant to AI**?
* Article 22 (ADM) * Article 35 (DPIAs) * Recital 26 (anonymization/pseudonymization)
32
What does **Article 22 of the GDPR** cover?
Automated decision-making | (ADM)
33
What are the **3 exceptions to ADM restrictions** under GDPR?
1. Contract fulfillment 2. Explicit consent 3. Legal necessity
34
What **rights** do data subjects have under **GDPR**?
Right to: 1. Informed 2. Access 3. Rectification 4. Erasure / be forgotten 5. Restrict processing 6. Data portability 7. Object to processing 8. Automated decision-making and profiling (not be subject to) ## Footnote Mnemonic: I always remember every right data owners acquire
35
What are the GDPR requirements for **general consent**?
Consent must be: 1. Specific 2. Informed 3. Freely given 4. Unambiguous
36
What is the **redress process** under GDPR?
Data subjects may file a complaint with local Data Protection Authority.
37
What is **anonymized data** under GDPR?
* Data that is unlinkable to a natural person * Truely anonymized data not considered personal data * GDPR does not apply to anonymized data
38
What is **pseudonymized data** under GDPR?
* Direct identifiers have been **removed** * However, **reidentification is still possible** when pseudonymized data is combined with other data
39
What are **special categories** of data under GDPR?
Subset of personal data requiring **enhanced protection**. ## Footnote Includes: race, ethnicity, political opinions, religion, union membership, genetic, biometric, health and sexuality
40
Why might organizations **collect** sensitive PII for AI systems?
To satisfy legal **bias-testing requirements**. ## Footnote For example, as required by NYC Local Law 144.
41
When is processing of **special categories of data allowed** under the GDPR?
Only when an **exception** under **Article 9** applies.
42
Concerning the lawfulness of processing personal data under the GDPR, what must organizations identify?
* Lawful basis under **Article 6** for all data * Exception under **Article 9** required for special categories of data
43
What **safeguards** are recommended for **processing sensitive data**?
* Organizational and technical controls * DPIAs, policy documentation * Comply with member state rules
44
What are the **6 legal bases** under GDPR Article 6?
1. Consent 2. Contract 3. Vital interest 4. Legal claim/obligation 5. Public interest 6. Legitimate interest ## Footnote Mnemonic: crazed clowns vandalize long purple limo.
45
What are the **exceptions** under **Article 9** for processing special categories of data?
1. Explicit consent 2. Employment, social security, social protection law 3. Vital interest 4. Not-for-profit 5. Made publicly available by data subject 6. Legal obligation 7. Substantive public interest 8. Health, social care 9. Public health 10. Archiving, historical research, statistics ## Footnote Mnemonic: Cats eat very nice pizza; lions share honey providing aid.
46
What are **best practices** for processing sensitive data?
* Collect with consent * Infer from proxies * Use commercially available info
47
What is a **data controller** under GDPR?
Entity that determines purposes and means of processing personal data.
48
What does a DPIA **evaluate**?
* Necessity * Proportionality * Privacy risks * Data sources * FIPs compliance
49
What are **data controller obligations** for third-party processors?
* Assess risk * Ensure compliance * Perform vendor due diligence * Implement contracts * Obtain consent
50
Under the **GDPR**, what must be done when **transferring data internationally**?
* Determine whether **adequacy decision** is in place * Identify **appropriate safeguards** * Identify **derogation**
51
What is required of an **incident management** program?
* Detect incident * Contain incident * Mitigate harms * Investigate impact * Notify affected individuals and appropriate regulators
52
What must be included in **data controller record keeping**?
Compliance documents such as: * Records of processing activities (RoPA) * DPIAs * System documentation * System/data inventories * Data maps / flow diagrams
53
What **3 topics** are covered in **EDPB Opinion 28/2024**?
1. When can models be considered **anonymous**? 2. Is **legitimate interest** a valid basis for developing models? 3. If **training data is processed unlawfully**, is the trained model unlawful?
AIGP
flashcards
Decks in class (8)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions