Op werkdagen voor 23:00 besteld, morgen in huis Gratis verzending vanaf €20
010-4731397
William Stallings Meer over William Stallings

Information Privacy Engineering and Privacy by Design

Understanding Privacy Threats, Technology, and Regulations Based on Standards and Best Practices

 E-book Engels 2019 9780135278369
Verwachte levertijd ongeveer 9 werkdagen
68,19
In winkelwagen
 

Samenvatting

The Comprehensive Guide to Engineering and Implementing Privacy Best Practices

As systems grow more complex and cybersecurity attacks more relentless, safeguarding privacy is ever more challenging. Organizations are increasingly responding in two ways, and both are mandated by key standards such as GDPR and ISO/IEC 27701:2019. The first approach, privacy by design, aims to embed privacy throughout the design and architecture of IT systems and business practices. The second, privacy engineering, encompasses the technical capabilities and management processes needed to implement, deploy, and operate privacy features and controls in working systems.

In Information Privacy Engineering and Privacy by Design, internationally renowned IT consultant and author William Stallings brings together the comprehensive knowledge privacy executives and engineers need to apply both approaches. Using the techniques he presents, IT leaders and technical professionals can systematically anticipate and respond to a wide spectrum of privacy requirements, threats, and vulnerabilities—addressing regulations, contractual commitments, organizational policies, and the expectations of their key stakeholders.

• Review privacy-related essentials of information security and cryptography
• Understand the concepts of privacy by design and privacy engineering
• Use modern system access controls and security countermeasures to partially satisfy privacy requirements
• Enforce database privacy via anonymization and de-identification
• Prevent data losses and breaches
• Address privacy issues related to cloud computing and IoT
• Establish effective information privacy management, from governance and culture to audits and impact assessment
• Respond to key privacy rules including GDPR, U.S. federal law, and the California Consumer Privacy Act

This guide will be an indispensable resource for anyone with privacy responsibilities in any organization, and for all students studying the privacy aspects of cybersecurity.

Specificaties

ISBN13:9780135278369
Taal:Engels
Bindwijze:e-book
Uitgever:Pearson Education

Lezersrecensies

Wees de eerste die een lezersrecensie schrijft!
Uw cijfer
?

Inhoudsopgave

Preface&nbsp;&nbsp;&nbsp;&nbsp; xxii <br> PART I:&nbsp; OVERVIEW&nbsp;&nbsp;&nbsp;&nbsp; 1<br>Chapter 1:&nbsp; Security and Cryptography Concepts&nbsp;&nbsp;&nbsp;&nbsp; 2 <br>1.1 Cybersecurity, Information Security, and Network Security&nbsp;&nbsp;&nbsp;&nbsp; 2 <br>&nbsp;&nbsp;&nbsp; Security Objectives&nbsp;&nbsp;&nbsp;&nbsp; 3 <br>&nbsp;&nbsp;&nbsp; The Challenges of Information Security&nbsp;&nbsp;&nbsp;&nbsp; 5 <br>1.2 Security Attacks&nbsp;&nbsp;&nbsp;&nbsp; 6 <br>&nbsp;&nbsp;&nbsp; Passive Attacks&nbsp;&nbsp;&nbsp;&nbsp; 8 <br>&nbsp;&nbsp;&nbsp; Active Attacks&nbsp;&nbsp;&nbsp;&nbsp; 8 <br>1.3 Security Services&nbsp;&nbsp;&nbsp;&nbsp; 10 <br>&nbsp;&nbsp;&nbsp; Authentication&nbsp;&nbsp;&nbsp;&nbsp; 10 <br>&nbsp;&nbsp;&nbsp; Access Control&nbsp;&nbsp;&nbsp;&nbsp; 11 <br>&nbsp;&nbsp;&nbsp; Data Confidentiality&nbsp;&nbsp;&nbsp;&nbsp; 11 <br>&nbsp;&nbsp;&nbsp; Data Integrity&nbsp;&nbsp;&nbsp;&nbsp; 11 <br>&nbsp;&nbsp;&nbsp; Nonrepudiation&nbsp;&nbsp;&nbsp;&nbsp; 12 <br>&nbsp;&nbsp;&nbsp; Availability Service&nbsp;&nbsp;&nbsp;&nbsp; 12 <br>1.4 Security Mechanisms&nbsp;&nbsp;&nbsp;&nbsp; 12 <br>1.5 Cryptographic Algorithms&nbsp;&nbsp;&nbsp;&nbsp; 13 <br>&nbsp;&nbsp;&nbsp; Keyless Algorithms&nbsp;&nbsp;&nbsp;&nbsp; 14 <br>&nbsp;&nbsp;&nbsp; Single-Key Algorithms&nbsp;&nbsp;&nbsp;&nbsp; 14 <br>&nbsp;&nbsp;&nbsp; Two-Key Algorithms&nbsp;&nbsp;&nbsp;&nbsp; 15 <br>1.6 Symmetric Encryption&nbsp;&nbsp;&nbsp;&nbsp; 15 <br>1.7 Asymmetric Encryption&nbsp;&nbsp;&nbsp;&nbsp; 17 <br>1.8 Cryptographic Hash Functions&nbsp;&nbsp;&nbsp;&nbsp; 20 <br>1.9 Digital Signatures&nbsp;&nbsp;&nbsp;&nbsp; 22 <br>1.10 Practical Considerations&nbsp;&nbsp;&nbsp;&nbsp; 23 <br>&nbsp;&nbsp;&nbsp; Selection of Cryptographic Algorithms and Key Lengths&nbsp;&nbsp;&nbsp;&nbsp; 23 <br>&nbsp;&nbsp;&nbsp; Implementation Considerations&nbsp;&nbsp;&nbsp;&nbsp; 24 <br>&nbsp;&nbsp;&nbsp; Lightweight Cryptographic Algorithms&nbsp;&nbsp;&nbsp;&nbsp; 24 <br>&nbsp;&nbsp;&nbsp; Post-Quantum Cryptographic Algorithms&nbsp;&nbsp;&nbsp;&nbsp; 25 <br>1.11 Public-Key Infrastructure&nbsp;&nbsp;&nbsp;&nbsp; 25 <br>&nbsp;&nbsp;&nbsp; Public-Key Certificates&nbsp;&nbsp;&nbsp;&nbsp; 25 <br>&nbsp;&nbsp;&nbsp; PKI Architecture&nbsp;&nbsp;&nbsp;&nbsp; 27 <br>1.12 Network Security&nbsp;&nbsp;&nbsp;&nbsp; 29 <br>&nbsp;&nbsp;&nbsp; Communications Security&nbsp;&nbsp;&nbsp;&nbsp; 29 <br>&nbsp;&nbsp;&nbsp; Device Security&nbsp;&nbsp;&nbsp;&nbsp; 30 <br>1.13 Key Terms and Review Questions&nbsp;&nbsp;&nbsp;&nbsp; 30 <br>&nbsp;&nbsp;&nbsp; Key Terms&nbsp;&nbsp;&nbsp;&nbsp; 30 <br>&nbsp;&nbsp;&nbsp; Review Questions&nbsp;&nbsp;&nbsp;&nbsp; 31 <br>1.14 References&nbsp;&nbsp;&nbsp;&nbsp; 31 <br> Chapter 2:&nbsp; Information Privacy Concepts&nbsp;&nbsp;&nbsp;&nbsp; 32 <br>2.1 Key Privacy Terminology&nbsp;&nbsp;&nbsp;&nbsp; 32 <br>2.2 Privacy by Design&nbsp;&nbsp;&nbsp;&nbsp; 35 <br>&nbsp;&nbsp;&nbsp; Privacy by Design Principles&nbsp;&nbsp;&nbsp;&nbsp; 35 <br>&nbsp;&nbsp;&nbsp; Requirements and Policy Development&nbsp;&nbsp;&nbsp;&nbsp; 37 <br>&nbsp;&nbsp;&nbsp; Privacy Risk Assessment&nbsp;&nbsp;&nbsp;&nbsp; 37 <br>&nbsp;&nbsp;&nbsp; Privacy and Security Control Selection&nbsp;&nbsp;&nbsp;&nbsp; 39 <br>&nbsp;&nbsp;&nbsp; Privacy Program and Integration Plan&nbsp;&nbsp;&nbsp;&nbsp; 40 <br>2.3 Privacy Engineering&nbsp;&nbsp;&nbsp;&nbsp; 41 <br>&nbsp;&nbsp;&nbsp; Privacy Implementation&nbsp;&nbsp;&nbsp;&nbsp; 44 <br>&nbsp;&nbsp;&nbsp; System Integration&nbsp;&nbsp;&nbsp;&nbsp; 44 <br>&nbsp;&nbsp;&nbsp; Privacy Testing and Evaluation&nbsp;&nbsp;&nbsp;&nbsp; 45 <br>&nbsp;&nbsp;&nbsp; Privacy Auditing and Incident Response&nbsp;&nbsp;&nbsp;&nbsp; 45 <br>2.4 Privacy and Security&nbsp;&nbsp;&nbsp;&nbsp; 46 <br>&nbsp;&nbsp;&nbsp; Areas of Overlap Between Security and Privacy&nbsp;&nbsp;&nbsp;&nbsp; 46 <br>&nbsp;&nbsp;&nbsp; Trade-Offs Between Security and Privacy&nbsp;&nbsp;&nbsp;&nbsp; 48 <br>2.5 Privacy Versus Utility&nbsp;&nbsp;&nbsp;&nbsp; 48 <br>2.6 Usable Privacy&nbsp;&nbsp;&nbsp;&nbsp; 49 <br>&nbsp;&nbsp;&nbsp; Users of Privacy Services and Functions&nbsp;&nbsp;&nbsp;&nbsp; 50 <br>&nbsp;&nbsp;&nbsp; Usability and Utility&nbsp;&nbsp;&nbsp;&nbsp; 50 <br>2.7 Key Terms and Review Questions&nbsp;&nbsp;&nbsp;&nbsp; 50 <br>&nbsp;&nbsp;&nbsp; Key Terms&nbsp;&nbsp;&nbsp;&nbsp; 50 <br>&nbsp;&nbsp;&nbsp; Review Questions&nbsp;&nbsp;&nbsp;&nbsp; 51 <br>2.8 References&nbsp;&nbsp;&nbsp;&nbsp; 51 <br> PART II:&nbsp; PRIVACY REQUIREMENTS AND THREATS&nbsp;&nbsp;&nbsp;&nbsp; 53<br>Chapter 3:&nbsp; Information Privacy Requirements and Guidelines&nbsp;&nbsp;&nbsp;&nbsp; 54 <br>3.1 Personally Identifiable Information and Personal Data&nbsp;&nbsp;&nbsp;&nbsp; 55 <br>&nbsp;&nbsp;&nbsp; Sources of PII&nbsp;&nbsp;&nbsp;&nbsp; 57 <br>&nbsp;&nbsp;&nbsp; Sensitivity of PII&nbsp;&nbsp;&nbsp;&nbsp; 58 <br>3.2 Personal Information That Is Not PII&nbsp;&nbsp;&nbsp;&nbsp; 59 <br>3.3 Fair Information Practice Principles&nbsp;&nbsp;&nbsp;&nbsp; 63 <br>3.4 Privacy Regulations&nbsp;&nbsp;&nbsp;&nbsp; 66 <br>&nbsp;&nbsp;&nbsp; European Union&nbsp;&nbsp;&nbsp;&nbsp; 66 <br>&nbsp;&nbsp;&nbsp; U.S. Privacy Laws and Regulations&nbsp;&nbsp;&nbsp;&nbsp; 67 <br>3.5 Privacy Standards&nbsp;&nbsp;&nbsp;&nbsp; 68 <br>&nbsp;&nbsp;&nbsp; International Organization for Standardization (ISO)&nbsp;&nbsp;&nbsp;&nbsp; 69 <br>&nbsp;&nbsp;&nbsp; National Institute of Standards and Technology&nbsp;&nbsp;&nbsp;&nbsp; 77 <br>3.6 Privacy Best Practices&nbsp;&nbsp;&nbsp;&nbsp; 88 <br>&nbsp;&nbsp;&nbsp; Information Security Forum (ISF)&nbsp;&nbsp;&nbsp;&nbsp; 88 <br>&nbsp;&nbsp;&nbsp; Cloud Security Alliance (CSA)&nbsp;&nbsp;&nbsp;&nbsp; 90 <br>3.7 Key Terms and Review Questions&nbsp;&nbsp;&nbsp;&nbsp; 91 <br>&nbsp;&nbsp;&nbsp; Key Terms&nbsp;&nbsp;&nbsp;&nbsp; 91 <br>&nbsp;&nbsp;&nbsp; Review Questions&nbsp;&nbsp;&nbsp;&nbsp; 91 <br>3.8 References&nbsp;&nbsp;&nbsp;&nbsp; 92 <br> Chapter 4:&nbsp; Information Privacy Threats and Vulnerabilities&nbsp;&nbsp;&nbsp;&nbsp; 94 <br>4.1 The Evolving Threat Environment&nbsp;&nbsp;&nbsp;&nbsp; 95 <br>&nbsp;&nbsp;&nbsp; Overall Impact of Advances in Technology&nbsp;&nbsp;&nbsp;&nbsp; 95 <br>&nbsp;&nbsp;&nbsp; Repurposing Collected Data&nbsp;&nbsp;&nbsp;&nbsp; 96 <br>&nbsp;&nbsp;&nbsp; Means of Collection of PII&nbsp;&nbsp;&nbsp;&nbsp; 96 <br>4.2 Privacy Threat Taxonomy&nbsp;&nbsp;&nbsp;&nbsp; 97 <br>&nbsp;&nbsp;&nbsp; Information Collection&nbsp;&nbsp;&nbsp;&nbsp; 98 <br>&nbsp;&nbsp;&nbsp; Information Processing&nbsp;&nbsp;&nbsp;&nbsp; 98 <br>&nbsp;&nbsp;&nbsp; Information Dissemination&nbsp;&nbsp;&nbsp;&nbsp; 98 <br>&nbsp;&nbsp;&nbsp; Invasions&nbsp;&nbsp;&nbsp;&nbsp; 99 <br>4.3 NIST Threat Model&nbsp;&nbsp;&nbsp;&nbsp; 100 <br>4.4 Threat Sources&nbsp;&nbsp;&nbsp;&nbsp; 105 <br>4.5 Identifying Threats&nbsp;&nbsp;&nbsp;&nbsp; 106 <br>4.6 Privacy Vulnerabilities&nbsp;&nbsp;&nbsp;&nbsp; 108 <br>&nbsp;&nbsp;&nbsp; Vulnerability Categories&nbsp;&nbsp;&nbsp;&nbsp; 108 <br>&nbsp;&nbsp;&nbsp; Location of Privacy Vulnerabilities&nbsp;&nbsp;&nbsp;&nbsp; 109 <br>&nbsp;&nbsp;&nbsp; National Vulnerability Database and Common Vulnerability Scoring System&nbsp;&nbsp;&nbsp;&nbsp; 110 <br>4.7 Key Terms and Review Questions&nbsp;&nbsp;&nbsp;&nbsp; 114 <br>&nbsp;&nbsp;&nbsp; Key Terms&nbsp;&nbsp;&nbsp;&nbsp; 114 <br>&nbsp;&nbsp;&nbsp; Review Questions&nbsp;&nbsp;&nbsp;&nbsp; 115 <br>4.8 References&nbsp;&nbsp;&nbsp;&nbsp; 116 <br> PART III:&nbsp; TECHNICAL SECURITY CONTROLS FOR PRIVACY&nbsp;&nbsp;&nbsp;&nbsp; 117<br>Chapter 5:&nbsp; System Access&nbsp;&nbsp;&nbsp;&nbsp; 118 <br>5.1 System Access Concepts&nbsp;&nbsp;&nbsp;&nbsp; 119 <br>&nbsp;&nbsp;&nbsp; Privileges&nbsp;&nbsp;&nbsp;&nbsp; 119 <br>&nbsp;&nbsp;&nbsp; System Access Functions&nbsp;&nbsp;&nbsp;&nbsp; 120 <br>&nbsp;&nbsp;&nbsp; Privacy Considerations for System Access&nbsp;&nbsp;&nbsp;&nbsp; 121 <br>5.2 Authorization&nbsp;&nbsp;&nbsp;&nbsp; 122 <br>&nbsp;&nbsp;&nbsp; Privacy Authorization&nbsp;&nbsp;&nbsp;&nbsp; 123 <br>5.3 User Authentication&nbsp;&nbsp;&nbsp;&nbsp; 124 <br>&nbsp;&nbsp;&nbsp; Means of Authentication&nbsp;&nbsp;&nbsp;&nbsp; 125 <br>&nbsp;&nbsp;&nbsp; Multifactor Authentication&nbsp;&nbsp;&nbsp;&nbsp; 126 <br>&nbsp;&nbsp;&nbsp; A Model for Electronic User Authentication&nbsp;&nbsp;&nbsp;&nbsp; 127 <br>5.4 Access Control&nbsp;&nbsp;&nbsp;&nbsp; 129 <br>&nbsp;&nbsp;&nbsp; Subjects, Objects, and Access Rights&nbsp;&nbsp;&nbsp;&nbsp; 130 <br>&nbsp;&nbsp;&nbsp; Access Control Policies&nbsp;&nbsp;&nbsp;&nbsp; 131 <br>&nbsp;&nbsp;&nbsp; Discretionary Access Control&nbsp;&nbsp;&nbsp;&nbsp; 131 <br>&nbsp;&nbsp;&nbsp; Role-Based Access Control&nbsp;&nbsp;&nbsp;&nbsp; 133 <br>&nbsp;&nbsp;&nbsp; Attribute-Based Access Control&nbsp;&nbsp;&nbsp;&nbsp; 135 <br>5.5 Identity and Access Management&nbsp;&nbsp;&nbsp;&nbsp; 140 <br>&nbsp;&nbsp;&nbsp; IAM Architecture&nbsp;&nbsp;&nbsp;&nbsp; 140 <br>&nbsp;&nbsp;&nbsp; Federated Identity Management&nbsp;&nbsp;&nbsp;&nbsp; 142 <br>5.6 Key Terms and Review Questions&nbsp;&nbsp;&nbsp;&nbsp; 144 <br>&nbsp;&nbsp;&nbsp; Key Terms&nbsp;&nbsp;&nbsp;&nbsp; 144 <br>&nbsp;&nbsp;&nbsp; Review Questions&nbsp;&nbsp;&nbsp;&nbsp; 145 <br>5.7 Reference&nbsp;&nbsp;&nbsp;&nbsp; 145 <br> Chapter 6:&nbsp; Malicious Software and Intruders&nbsp;&nbsp;&nbsp;&nbsp; 146 <br>6.1 Malware Protection Activities&nbsp;&nbsp;&nbsp;&nbsp; 147 <br>&nbsp;&nbsp;&nbsp; Types of Malware&nbsp;&nbsp;&nbsp;&nbsp; 147 <br>&nbsp;&nbsp;&nbsp; The Nature of the Malware Threat&nbsp;&nbsp;&nbsp;&nbsp; 149 <br>&nbsp;&nbsp;&nbsp; Practical Malware Protection&nbsp;&nbsp;&nbsp;&nbsp; 150 <br>6.2 Malware Protection Software&nbsp;&nbsp;&nbsp;&nbsp; 153 <br>&nbsp;&nbsp;&nbsp; Capabilities of Malware Protection Software&nbsp;&nbsp;&nbsp;&nbsp; 153 <br>&nbsp;&nbsp;&nbsp; Managing Malware Protection Software&nbsp;&nbsp;&nbsp;&nbsp; 154 <br>6.3 Firewalls&nbsp;&nbsp;&nbsp;&nbsp; 155 <br>&nbsp;&nbsp;&nbsp; Firewall Characteristics&nbsp;&nbsp;&nbsp;&nbsp; 155 <br>&nbsp;&nbsp;&nbsp; Types of Firewalls&nbsp;&nbsp;&nbsp;&nbsp; 156 <br>&nbsp;&nbsp;&nbsp; Next-Generation Firewalls&nbsp;&nbsp;&nbsp;&nbsp; 163 <br>&nbsp;&nbsp;&nbsp; DMZ Networks&nbsp;&nbsp;&nbsp;&nbsp; 164 <br>&nbsp;&nbsp;&nbsp; The Modern IT Perimeter&nbsp;&nbsp;&nbsp;&nbsp; 165 <br>6.4 Intrusion Detection&nbsp;&nbsp;&nbsp;&nbsp; 166 <br>&nbsp;&nbsp;&nbsp; Basic Intrusion Detection Principles&nbsp;&nbsp;&nbsp;&nbsp; 167 <br>&nbsp;&nbsp;&nbsp; Approaches to Intrusion Detection&nbsp;&nbsp;&nbsp;&nbsp; 167 <br>&nbsp;&nbsp;&nbsp; Host-Based Intrusion Detection Techniques&nbsp;&nbsp;&nbsp;&nbsp; 169 <br>&nbsp;&nbsp;&nbsp; Network-Based Intrusion Detection Systems&nbsp;&nbsp;&nbsp;&nbsp; 169 <br>&nbsp;&nbsp;&nbsp; IDS Best Practices&nbsp;&nbsp;&nbsp;&nbsp; 171 <br>6.5 Key Terms and Review Questions&nbsp;&nbsp;&nbsp;&nbsp; 172 <br>&nbsp;&nbsp;&nbsp; Key Terms&nbsp;&nbsp;&nbsp;&nbsp; 172 <br>&nbsp;&nbsp;&nbsp; Review Questions&nbsp;&nbsp;&nbsp;&nbsp; 173 <br>6.6 References&nbsp;&nbsp;&nbsp;&nbsp; 174 <br> PART IV:&nbsp; PRIVACY ENHANCING TECHNOLOGIES&nbsp;&nbsp;&nbsp;&nbsp; 175<br>Chapter 7:&nbsp; Privacy in Databases&nbsp;&nbsp;&nbsp;&nbsp; 176 <br>7.1 Basic Concepts&nbsp;&nbsp;&nbsp;&nbsp; 178 <br>&nbsp;&nbsp;&nbsp; Personal Data Attributes&nbsp;&nbsp;&nbsp;&nbsp; 179 <br>&nbsp;&nbsp;&nbsp; Types of Data Files&nbsp;&nbsp;&nbsp;&nbsp; 180 <br>7.2 Re-Identification Attacks&nbsp;&nbsp;&nbsp;&nbsp; 183 <br>&nbsp;&nbsp;&nbsp; Types of Attacks&nbsp;&nbsp;&nbsp;&nbsp; 184 <br>&nbsp;&nbsp;&nbsp; Potential Attackers&nbsp;&nbsp;&nbsp;&nbsp; 186 <br>&nbsp;&nbsp;&nbsp; Disclosure Risks&nbsp;&nbsp;&nbsp;&nbsp; 186 <br>&nbsp;&nbsp;&nbsp; Applicability to Privacy Threats&nbsp;&nbsp;&nbsp;&nbsp; 187 <br>7.3 De-Identification of Direct Identifiers&nbsp;&nbsp;&nbsp;&nbsp; 188 <br>&nbsp;&nbsp;&nbsp; Anonymization&nbsp;&nbsp;&nbsp;&nbsp; 189 <br>&nbsp;&nbsp;&nbsp; Pseudonymization&nbsp;&nbsp;&nbsp;&nbsp; 189 <br>7.4 De-Identification of Quasi-Identifiers in Microdata Files&nbsp;&nbsp;&nbsp;&nbsp; 190 <br>&nbsp;&nbsp;&nbsp; Privacy-Preserving Data Publishing&nbsp;&nbsp;&nbsp;&nbsp; 192 <br>&nbsp;&nbsp;&nbsp; Disclosure Risk Versus Data Utility&nbsp;&nbsp;&nbsp;&nbsp; 193 <br>&nbsp;&nbsp;&nbsp; PPDP Techniques&nbsp;&nbsp;&nbsp;&nbsp; 194 <br>7.5 K-Anonymity, L-Diversity, and T-Closeness&nbsp;&nbsp;&nbsp;&nbsp; 196 <br>&nbsp;&nbsp;&nbsp; K-Anonymity&nbsp;&nbsp;&nbsp;&nbsp; 196 <br>&nbsp;&nbsp;&nbsp; L-Diversity&nbsp;&nbsp;&nbsp;&nbsp; 198 <br>&nbsp;&nbsp;&nbsp; T-Closeness&nbsp;&nbsp;&nbsp;&nbsp; 199 <br>7.6 Summary Table Protection&nbsp;&nbsp;&nbsp;&nbsp; 199 <br>&nbsp;&nbsp;&nbsp; Frequency Tables&nbsp;&nbsp;&nbsp;&nbsp; 200 <br>&nbsp;&nbsp;&nbsp; Magnitude Tables&nbsp;&nbsp;&nbsp;&nbsp; 203 <br>7.7 Privacy in Queryable Databases&nbsp;&nbsp;&nbsp;&nbsp; 204 <br>&nbsp;&nbsp;&nbsp; Privacy Threats&nbsp;&nbsp;&nbsp;&nbsp; 205 <br>&nbsp;&nbsp;&nbsp; Protecting Queryable Databases&nbsp;&nbsp;&nbsp;&nbsp; 206 <br>7.8 Key Terms and Review Questions&nbsp;&nbsp;&nbsp;&nbsp; 211 <br>&nbsp;&nbsp;&nbsp; Key Terms&nbsp;&nbsp;&nbsp;&nbsp; 211 <br>&nbsp;&nbsp;&nbsp; Review Questions&nbsp;&nbsp;&nbsp;&nbsp; 212 <br>7.9 References&nbsp;&nbsp;&nbsp;&nbsp; 212 <br> Chapter 8:&nbsp; Online Privacy&nbsp;&nbsp;&nbsp;&nbsp; 214 <br>8.1 The Online Ecosystem for Personal Data&nbsp;&nbsp;&nbsp;&nbsp; 215 <br>8.2 Web Security and Privacy&nbsp;&nbsp;&nbsp;&nbsp; 217 <br>&nbsp;&nbsp;&nbsp; Web Server Security and Privacy&nbsp;&nbsp;&nbsp;&nbsp; 218 <br>&nbsp;&nbsp;&nbsp; Web Application Security and Privacy&nbsp;&nbsp;&nbsp;&nbsp; 219 <br>&nbsp;&nbsp;&nbsp; Web Browser Security and Privacy&nbsp;&nbsp;&nbsp;&nbsp; 222 <br>8.3 Mobile App Security&nbsp;&nbsp;&nbsp;&nbsp; 224 <br>&nbsp;&nbsp;&nbsp; Mobile Ecosystem&nbsp;&nbsp;&nbsp;&nbsp; 224 <br>&nbsp;&nbsp;&nbsp; Mobile Device Vulnerabilities&nbsp;&nbsp;&nbsp;&nbsp; 225 <br>&nbsp;&nbsp;&nbsp; BYOD Policies&nbsp;&nbsp;&nbsp;&nbsp; 227 <br>&nbsp;&nbsp;&nbsp; Mobile Application Vetting&nbsp;&nbsp;&nbsp;&nbsp; 229 <br>&nbsp;&nbsp;&nbsp; Resources for Mobile Device Security&nbsp;&nbsp;&nbsp;&nbsp; 230 <br>8.4 Online Privacy Threats&nbsp;&nbsp;&nbsp;&nbsp; 231 <br>&nbsp;&nbsp;&nbsp; Web Application Privacy&nbsp;&nbsp;&nbsp;&nbsp; 231 <br>&nbsp;&nbsp;&nbsp; Mobile App Privacy&nbsp;&nbsp;&nbsp;&nbsp; 232 <br>8.5 Online Privacy Requirements&nbsp;&nbsp;&nbsp;&nbsp; 234 <br>&nbsp;&nbsp;&nbsp; Online Privacy Principles&nbsp;&nbsp;&nbsp;&nbsp; 234 <br>&nbsp;&nbsp;&nbsp; Online Privacy Framework&nbsp;&nbsp;&nbsp;&nbsp; 236 <br>&nbsp;&nbsp;&nbsp; Simplified Consumer Choice&nbsp;&nbsp;&nbsp;&nbsp; 241 <br>&nbsp;&nbsp;&nbsp; Transparency of Data Practices&nbsp;&nbsp;&nbsp;&nbsp; 241 <br>8.6 Privacy Notices&nbsp;&nbsp;&nbsp;&nbsp; 242 <br>&nbsp;&nbsp;&nbsp; Notice Requirements&nbsp;&nbsp;&nbsp;&nbsp; 243 <br>&nbsp;&nbsp;&nbsp; Notice Content&nbsp;&nbsp;&nbsp;&nbsp; 243 <br>&nbsp;&nbsp;&nbsp; Notice Structure&nbsp;&nbsp;&nbsp;&nbsp; 246 <br>&nbsp;&nbsp;&nbsp; Mobile App Privacy Notices&nbsp;&nbsp;&nbsp;&nbsp; 246 <br>&nbsp;&nbsp;&nbsp; Privacy Notice Design Space&nbsp;&nbsp;&nbsp;&nbsp; 248 <br>8.7 Tracking&nbsp;&nbsp;&nbsp;&nbsp; 250 <br>&nbsp;&nbsp;&nbsp; Cookies&nbsp;&nbsp;&nbsp;&nbsp; 250 <br>&nbsp;&nbsp;&nbsp; Other Tracking Technologies&nbsp;&nbsp;&nbsp;&nbsp; 253 <br>&nbsp;&nbsp;&nbsp; Do Not Track&nbsp;&nbsp;&nbsp;&nbsp; 254 <br>8.8 Key Terms and Review Questions&nbsp;&nbsp;&nbsp;&nbsp; 254 <br>&nbsp;&nbsp;&nbsp; Key Terms&nbsp;&nbsp;&nbsp;&nbsp; 254 <br>&nbsp;&nbsp;&nbsp; Review Questions&nbsp;&nbsp;&nbsp;&nbsp; 255 <br>8.9 References&nbsp;&nbsp;&nbsp;&nbsp; 255 <br> Chapter 9:&nbsp; Other PET Topics&nbsp;&nbsp;&nbsp;&nbsp; 258 <br>9.1 Data Loss Prevention&nbsp;&nbsp;&nbsp;&nbsp; 258 <br>&nbsp;&nbsp;&nbsp; Data Classification and Identification&nbsp;&nbsp;&nbsp;&nbsp; 259 <br>&nbsp;&nbsp;&nbsp; Data States&nbsp;&nbsp;&nbsp;&nbsp; 260 <br>&nbsp;&nbsp;&nbsp; DLP for Email&nbsp;&nbsp;&nbsp;&nbsp; 262 <br>&nbsp;&nbsp;&nbsp; DLP Model&nbsp;&nbsp;&nbsp;&nbsp; 263 <br>9.2 The Internet of Things&nbsp;&nbsp;&nbsp;&nbsp; 266 <br>&nbsp;&nbsp;&nbsp; Things on the Internet of Things&nbsp;&nbsp;&nbsp;&nbsp; 266 <br>&nbsp;&nbsp;&nbsp; Components of IoT-Enabled Things&nbsp;&nbsp;&nbsp;&nbsp; 266 <br>&nbsp;&nbsp;&nbsp; IoT and Cloud Context&nbsp;&nbsp;&nbsp;&nbsp; 267 <br>9.3 IoT Security&nbsp;&nbsp;&nbsp;&nbsp; 270 <br>&nbsp;&nbsp;&nbsp; IoT Device Capabilities&nbsp;&nbsp;&nbsp;&nbsp; 270 <br>&nbsp;&nbsp;&nbsp; Security Challenges of the IoT Ecosystem&nbsp;&nbsp;&nbsp;&nbsp; 271 <br>&nbsp;&nbsp;&nbsp; IoT Security Objectives&nbsp;&nbsp;&nbsp;&nbsp; 273 <br>9.4 IoT Privacy&nbsp;&nbsp;&nbsp;&nbsp; 274 <br>&nbsp;&nbsp;&nbsp; An IoT Model&nbsp;&nbsp;&nbsp;&nbsp; 275 <br>&nbsp;&nbsp;&nbsp; Privacy Engineering Objectives and Risks&nbsp;&nbsp;&nbsp;&nbsp; 276 <br>&nbsp;&nbsp;&nbsp; Challenges for Organizations&nbsp;&nbsp;&nbsp;&nbsp; 278 <br>9.5 Cloud Computing&nbsp;&nbsp;&nbsp;&nbsp; 280 <br>&nbsp;&nbsp;&nbsp; Cloud Computing Elements&nbsp;&nbsp;&nbsp;&nbsp; 280 <br>&nbsp;&nbsp;&nbsp; Threats for Cloud Service Users&nbsp;&nbsp;&nbsp;&nbsp; 284 <br>9.6 Cloud Privacy&nbsp;&nbsp;&nbsp;&nbsp; 285 <br>&nbsp;&nbsp;&nbsp; Data Collection&nbsp;&nbsp;&nbsp;&nbsp; 286 <br>&nbsp;&nbsp;&nbsp; Storage&nbsp;&nbsp;&nbsp;&nbsp; 287 <br>&nbsp;&nbsp;&nbsp; Sharing and Processing&nbsp;&nbsp;&nbsp;&nbsp; 290 <br>&nbsp;&nbsp;&nbsp; Deletion&nbsp;&nbsp;&nbsp;&nbsp; 290 <br>9.7 Key Terms and Review Questions&nbsp;&nbsp;&nbsp;&nbsp; 290 <br>&nbsp;&nbsp;&nbsp; Key Terms&nbsp;&nbsp;&nbsp;&nbsp; 290 <br>&nbsp;&nbsp;&nbsp; Review Questions&nbsp;&nbsp;&nbsp;&nbsp; 291 <br>9.8 References&nbsp;&nbsp;&nbsp;&nbsp; 291 <br> PART V:&nbsp; INFORMATION PRIVACY MANAGEMENT&nbsp;&nbsp;&nbsp;&nbsp; 293<br>Chapter 10:&nbsp; Information Privacy Governance and Management&nbsp;&nbsp;&nbsp;&nbsp; 294 <br>10.1 Information Security Governance&nbsp;&nbsp;&nbsp;&nbsp; 295 <br>&nbsp;&nbsp;&nbsp; Information Security Management System&nbsp;&nbsp;&nbsp;&nbsp; 295 <br>&nbsp;&nbsp;&nbsp; Information Security Governance Concepts&nbsp;&nbsp;&nbsp;&nbsp; 295 <br>&nbsp;&nbsp;&nbsp; Security Governance Components&nbsp;&nbsp;&nbsp;&nbsp; 298 <br>&nbsp;&nbsp;&nbsp; Integration with Enterprise Architecture&nbsp;&nbsp;&nbsp;&nbsp; 303 <br>&nbsp;&nbsp;&nbsp; Policies and Guidance&nbsp;&nbsp;&nbsp;&nbsp; 307 <br>10.2 Information Privacy Governance&nbsp;&nbsp;&nbsp;&nbsp; 308 <br>&nbsp;&nbsp;&nbsp; Information Privacy Roles&nbsp;&nbsp;&nbsp;&nbsp; 308 <br>&nbsp;&nbsp;&nbsp; The Privacy Program Plan&nbsp;&nbsp;&nbsp;&nbsp; 312 <br>10.3 Information Privacy Management&nbsp;&nbsp;&nbsp;&nbsp; 315 <br>&nbsp;&nbsp;&nbsp; Key Areas of Privacy Management&nbsp;&nbsp;&nbsp;&nbsp; 316 <br>&nbsp;&nbsp;&nbsp; Privacy Planning&nbsp;&nbsp;&nbsp;&nbsp; 317 <br>&nbsp;&nbsp;&nbsp; Privacy Policy&nbsp;&nbsp;&nbsp;&nbsp; 319 <br>10.4 OASIS Privacy Management Reference Model&nbsp;&nbsp;&nbsp;&nbsp; 322 <br>&nbsp;&nbsp;&nbsp; Privacy Management Reference Model and Methodology (PMRM)&nbsp;&nbsp;&nbsp;&nbsp; 322 <br>&nbsp;&nbsp;&nbsp; Privacy by Design Documentation for Software Engineers&nbsp;&nbsp;&nbsp;&nbsp; 328 <br>10.5 Key Terms and Review Questions&nbsp;&nbsp;&nbsp;&nbsp; 331 <br>&nbsp;&nbsp;&nbsp; Key Terms&nbsp;&nbsp;&nbsp;&nbsp; 331 <br>&nbsp;&nbsp;&nbsp; Review Questions&nbsp;&nbsp;&nbsp;&nbsp; 331 <br>10.6 Reference&nbsp;&nbsp;&nbsp;&nbsp; 332 <br> Chapter 11:&nbsp; Risk Management and Privacy Impact Assessment&nbsp;&nbsp;&nbsp;&nbsp; 334 <br>11.1 Risk Assessment&nbsp;&nbsp;&nbsp;&nbsp; 335 <br>&nbsp;&nbsp;&nbsp; Risk Assessment Process&nbsp;&nbsp;&nbsp;&nbsp; 335 <br>&nbsp;&nbsp;&nbsp; Risk Assessment Challenges&nbsp;&nbsp;&nbsp;&nbsp; 339 <br>&nbsp;&nbsp;&nbsp; Quantitative Risk Assessment&nbsp;&nbsp;&nbsp;&nbsp; 340 <br>&nbsp;&nbsp;&nbsp; Qualitative Risk Assessment&nbsp;&nbsp;&nbsp;&nbsp; 342 <br>11.2 Risk Management&nbsp;&nbsp;&nbsp;&nbsp; 346 <br>&nbsp;&nbsp;&nbsp; NIST Risk Management Framework&nbsp;&nbsp;&nbsp;&nbsp; 347 <br>&nbsp;&nbsp;&nbsp; ISO 27005: Information Security Risk Management&nbsp;&nbsp;&nbsp;&nbsp; 348 <br>&nbsp;&nbsp;&nbsp; Risk Evaluation&nbsp;&nbsp;&nbsp;&nbsp; 351 <br>&nbsp;&nbsp;&nbsp; Risk Treatment&nbsp;&nbsp;&nbsp;&nbsp; 352 <br>11.3 Privacy Risk Assessment&nbsp;&nbsp;&nbsp;&nbsp; 353 <br>&nbsp;&nbsp;&nbsp; Privacy Impact&nbsp;&nbsp;&nbsp;&nbsp; 356 <br>&nbsp;&nbsp;&nbsp; Likelihood&nbsp;&nbsp;&nbsp;&nbsp; 361 <br>&nbsp;&nbsp;&nbsp; Assessing Privacy Risk&nbsp;&nbsp;&nbsp;&nbsp; 363 <br>11.4 Privacy Impact Assessment&nbsp;&nbsp;&nbsp;&nbsp; 365 <br>&nbsp;&nbsp;&nbsp; Privacy Threshold Analysis&nbsp;&nbsp;&nbsp;&nbsp; 365 <br>&nbsp;&nbsp;&nbsp; Preparing for a PIA&nbsp;&nbsp;&nbsp;&nbsp; 366 <br>&nbsp;&nbsp;&nbsp; Identify PII Information Flows&nbsp;&nbsp;&nbsp;&nbsp; 367 <br>&nbsp;&nbsp;&nbsp; Identify Potential User Behavior&nbsp;&nbsp;&nbsp;&nbsp; 367 <br>&nbsp;&nbsp;&nbsp; Determine Relevant Privacy Safeguarding Requirements&nbsp;&nbsp;&nbsp;&nbsp; 368 <br>&nbsp;&nbsp;&nbsp; Assess Privacy Risk&nbsp;&nbsp;&nbsp;&nbsp; 368 <br>&nbsp;&nbsp;&nbsp; Determine Risk Treatment&nbsp;&nbsp;&nbsp;&nbsp; 368 <br>&nbsp;&nbsp;&nbsp; The PIA Report&nbsp;&nbsp;&nbsp;&nbsp; 369 <br>&nbsp;&nbsp;&nbsp; Implement Risk Treatment&nbsp;&nbsp;&nbsp;&nbsp; 370 <br>&nbsp;&nbsp;&nbsp; Review/Audit Implementation&nbsp;&nbsp;&nbsp;&nbsp; 370 <br>&nbsp;&nbsp;&nbsp; Examples&nbsp;&nbsp;&nbsp;&nbsp; 371 <br>11.5 Key Terms and Review Questions&nbsp;&nbsp;&nbsp;&nbsp; 371 <br>&nbsp;&nbsp;&nbsp; Key Terms&nbsp;&nbsp;&nbsp;&nbsp; 371 <br>&nbsp;&nbsp;&nbsp; Review Questions&nbsp;&nbsp;&nbsp;&nbsp; 372 <br>11.6 References&nbsp;&nbsp;&nbsp;&nbsp; 372 <br> Chapter 12:&nbsp; Privacy Awareness, Training, and Education&nbsp;&nbsp;&nbsp;&nbsp; 374 <br>12.1 Information Privacy Awareness&nbsp;&nbsp;&nbsp;&nbsp; 376 <br>&nbsp;&nbsp;&nbsp; Awareness Topics&nbsp;&nbsp;&nbsp;&nbsp; 377 <br>&nbsp;&nbsp;&nbsp; Awareness Program Communication Materials&nbsp;&nbsp;&nbsp;&nbsp; 378 <br>&nbsp;&nbsp;&nbsp; Awareness Program Evaluation&nbsp;&nbsp;&nbsp;&nbsp; 379 <br>12.2 Privacy Training and Education&nbsp;&nbsp;&nbsp;&nbsp; 380 <br>&nbsp;&nbsp;&nbsp; Cybersecurity Essentials&nbsp;&nbsp;&nbsp;&nbsp; 380 <br>&nbsp;&nbsp;&nbsp; Role-Based Training&nbsp;&nbsp;&nbsp;&nbsp; 381 <br>&nbsp;&nbsp;&nbsp; Education and Certification&nbsp;&nbsp;&nbsp;&nbsp; 383 <br>12.3 Acceptable Use Policies&nbsp;&nbsp;&nbsp;&nbsp; 384 <br>&nbsp;&nbsp;&nbsp; Information Security Acceptable Use Policy&nbsp;&nbsp;&nbsp;&nbsp; 384 <br>&nbsp;&nbsp;&nbsp; PII Acceptable Use Policy&nbsp;&nbsp;&nbsp;&nbsp; 386 <br>12.4 Key Terms and Review Questions&nbsp;&nbsp;&nbsp;&nbsp; 386 <br>&nbsp;&nbsp;&nbsp; Key Terms&nbsp;&nbsp;&nbsp;&nbsp; 386 <br>&nbsp;&nbsp;&nbsp; Review Questions&nbsp;&nbsp;&nbsp;&nbsp; 387 <br>12.5 References&nbsp;&nbsp;&nbsp;&nbsp; 387 <br> Chapter 13:&nbsp; Event Monitoring, Auditing, and Incident Response&nbsp;&nbsp;&nbsp;&nbsp; 388 <br>13.1 Event Monitoring&nbsp;&nbsp;&nbsp;&nbsp; 388 <br>&nbsp;&nbsp;&nbsp; Security Event Logging&nbsp;&nbsp;&nbsp;&nbsp; 389 <br>&nbsp;&nbsp;&nbsp; Security Event Management&nbsp;&nbsp;&nbsp;&nbsp; 391 <br>&nbsp;&nbsp;&nbsp; Event Logging Related to PII&nbsp;&nbsp;&nbsp;&nbsp; 392 <br>13.2 Information Security Auditing&nbsp;&nbsp;&nbsp;&nbsp; 393 <br>&nbsp;&nbsp;&nbsp; Data to Collect for Auditing&nbsp;&nbsp;&nbsp;&nbsp; 394 <br>&nbsp;&nbsp;&nbsp; Internal and External Audits&nbsp;&nbsp;&nbsp;&nbsp; 395 <br>&nbsp;&nbsp;&nbsp; Security Audit Controls&nbsp;&nbsp;&nbsp;&nbsp; 396 <br>13.3 Information Privacy Auditing&nbsp;&nbsp;&nbsp;&nbsp; 398 <br>&nbsp;&nbsp;&nbsp; Privacy Audit Checklist&nbsp;&nbsp;&nbsp;&nbsp; 398 <br>&nbsp;&nbsp;&nbsp; Privacy Controls&nbsp;&nbsp;&nbsp;&nbsp; 400 <br>13.4 Privacy Incident Management and Response&nbsp;&nbsp;&nbsp;&nbsp; 401 <br>&nbsp;&nbsp;&nbsp; Objectives of Privacy Incident Management&nbsp;&nbsp;&nbsp;&nbsp; 401 <br>&nbsp;&nbsp;&nbsp; Privacy Incident Response Team&nbsp;&nbsp;&nbsp;&nbsp; 402 <br>&nbsp;&nbsp;&nbsp; Preparing for Privacy Incident Response&nbsp;&nbsp;&nbsp;&nbsp; 403 <br>&nbsp;&nbsp;&nbsp; Detection and Analysis&nbsp;&nbsp;&nbsp;&nbsp; 405 <br>&nbsp;&nbsp;&nbsp; Containment, Eradication, and Recovery&nbsp;&nbsp;&nbsp;&nbsp; 406 <br>&nbsp;&nbsp;&nbsp; Notification to Affected Individuals&nbsp;&nbsp;&nbsp;&nbsp; 407 <br>&nbsp;&nbsp;&nbsp; Post-Incident Activity&nbsp;&nbsp;&nbsp;&nbsp; 408 <br>13.5 Key Terms and Review Questions&nbsp;&nbsp;&nbsp;&nbsp; 409 <br>&nbsp;&nbsp;&nbsp; Key Terms&nbsp;&nbsp;&nbsp;&nbsp; 409 <br>&nbsp;&nbsp;&nbsp; Review Questions&nbsp;&nbsp;&nbsp;&nbsp; 410 <br>13.6 References&nbsp;&nbsp;&nbsp;&nbsp; 410 <br> Part VI:&nbsp; Legal and Regulatory Requirements&nbsp;&nbsp;&nbsp;&nbsp; 411<br>Chapter 14:&nbsp; The EU General Data Protection Regulation&nbsp;&nbsp;&nbsp;&nbsp; 412 <br>14.1 Key Roles and Terms in the GDPR&nbsp;&nbsp;&nbsp;&nbsp; 413 <br>14.2 Structure of the GDPR&nbsp;&nbsp;&nbsp;&nbsp; 415 <br>14.3 GDPR Objectives and Scope&nbsp;&nbsp;&nbsp;&nbsp; 417 <br>&nbsp;&nbsp;&nbsp; Objectives&nbsp;&nbsp;&nbsp;&nbsp; 417 <br>&nbsp;&nbsp;&nbsp; Scope of the GDPR&nbsp;&nbsp;&nbsp;&nbsp; 418 <br>14.4 GDPR Principles&nbsp;&nbsp;&nbsp;&nbsp; 420 <br>&nbsp;&nbsp;&nbsp; Fairness421 <br>&nbsp;&nbsp;&nbsp; Lawful&nbsp;&nbsp;&nbsp;&nbsp; 422 <br>&nbsp;&nbsp;&nbsp; Transparency&nbsp;&nbsp;&nbsp;&nbsp; 423 <br>14.5 Restrictions on Certain Types of Personal Data&nbsp;&nbsp;&nbsp;&nbsp; 423 <br>&nbsp;&nbsp;&nbsp; Children’s Personal Data&nbsp;&nbsp;&nbsp;&nbsp; 423 <br>&nbsp;&nbsp;&nbsp; Special Categories of Personal Data&nbsp;&nbsp;&nbsp;&nbsp; 424 <br>14.6 Rights of the Data Subject&nbsp;&nbsp;&nbsp;&nbsp; 426 <br>14.7 Controller, Processor, and Data Protection Officer&nbsp;&nbsp;&nbsp;&nbsp; 428 <br>&nbsp;&nbsp;&nbsp; Data Protection by Design and Default&nbsp;&nbsp;&nbsp;&nbsp; 428 <br>&nbsp;&nbsp;&nbsp; Records of Processing Activities&nbsp;&nbsp;&nbsp;&nbsp; 429 <br>&nbsp;&nbsp;&nbsp; Security of Processing&nbsp;&nbsp;&nbsp;&nbsp; 431 <br>&nbsp;&nbsp;&nbsp; Data Protection Officer&nbsp;&nbsp;&nbsp;&nbsp; 431 <br>14.8 Data Protection Impact Assessment&nbsp;&nbsp;&nbsp;&nbsp; 433 <br>&nbsp;&nbsp;&nbsp; Risk and High Risk&nbsp;&nbsp;&nbsp;&nbsp; 433 <br>&nbsp;&nbsp;&nbsp; Determining Whether a DPIA Is Needed&nbsp;&nbsp;&nbsp;&nbsp; 434 <br>&nbsp;&nbsp;&nbsp; DPIA Process&nbsp;&nbsp;&nbsp;&nbsp; 436 <br>&nbsp;&nbsp;&nbsp; GDPR Requirements&nbsp;&nbsp;&nbsp;&nbsp; 438 <br>&nbsp;&nbsp;&nbsp; Criteria for an Acceptable DPIA&nbsp;&nbsp;&nbsp;&nbsp; 439 <br>14.9 Key Terms and Review Questions&nbsp;&nbsp;&nbsp;&nbsp; 441 <br>&nbsp;&nbsp;&nbsp; Key Terms&nbsp;&nbsp;&nbsp;&nbsp; 441 <br>&nbsp;&nbsp;&nbsp; Review Questions&nbsp;&nbsp;&nbsp;&nbsp; 441 <br>14.10 References&nbsp;&nbsp;&nbsp;&nbsp; 442 <br> Chapter 15:&nbsp; U.S. Privacy Laws&nbsp;&nbsp;&nbsp;&nbsp; 444 <br>15.1 A Survey of Federal U.S. Privacy Laws&nbsp;&nbsp;&nbsp;&nbsp; 445 <br>15.2 Health Insurance Portability and Accountability Act&nbsp;&nbsp;&nbsp;&nbsp; 449 <br>&nbsp;&nbsp;&nbsp; HIPAA Overview&nbsp;&nbsp;&nbsp;&nbsp; 449 <br>&nbsp;&nbsp;&nbsp; HIPAA Privacy Rule&nbsp;&nbsp;&nbsp;&nbsp; 450 <br>15.3 Health Information Technology for Economic and Clinical Health Act&nbsp;&nbsp;&nbsp;&nbsp; 456 <br>&nbsp;&nbsp;&nbsp; Breach Notification&nbsp;&nbsp;&nbsp;&nbsp; 456 <br>&nbsp;&nbsp;&nbsp; Encryption of PHI&nbsp;&nbsp;&nbsp;&nbsp; 457 <br>&nbsp;&nbsp;&nbsp; Data Destruction&nbsp;&nbsp;&nbsp;&nbsp; 459 <br>15.4 Children’s Online Privacy Protection Act&nbsp;&nbsp;&nbsp;&nbsp; 460 <br>&nbsp;&nbsp;&nbsp; General Provisions&nbsp;&nbsp;&nbsp;&nbsp; 460 <br>&nbsp;&nbsp;&nbsp; The COPPA Final Rule&nbsp;&nbsp;&nbsp;&nbsp; 461 <br>15.5 California Consumer Privacy Act&nbsp;&nbsp;&nbsp;&nbsp; 462 <br>&nbsp;&nbsp;&nbsp; Basic Concepts&nbsp;&nbsp;&nbsp;&nbsp; 462 <br>&nbsp;&nbsp;&nbsp; Rights of Consumers&nbsp;&nbsp;&nbsp;&nbsp; 466 <br>&nbsp;&nbsp;&nbsp; Comparison with the GDPR&nbsp;&nbsp;&nbsp;&nbsp; 468 <br>15.6 Key Terms and Review Questions&nbsp;&nbsp;&nbsp;&nbsp; 470 <br>&nbsp;&nbsp;&nbsp; Key Terms&nbsp;&nbsp;&nbsp;&nbsp; 470 <br>&nbsp;&nbsp;&nbsp; Review Questions&nbsp;&nbsp;&nbsp;&nbsp; 470 <br>15.7 References&nbsp;&nbsp;&nbsp;&nbsp; 471 <br> Index&nbsp;&nbsp;&nbsp;&nbsp; 472<br>Appendix (Online Only): Answers to Review Questions <br>

Managementboek Top 100

Bekijk de volledige Managementboek Top 100

Rubrieken

Uw cookie-instellingen
Deze website maakt gebruik van verschillende soorten cookies. Sommige cookies worden geplaatst door diensten van derden die op onze pagina's worden weergegeven. Om deze externe content te kunnen tonen is nodig dat u toestemming geeft voor het zetten van persoonlijke en marketingcookies. U kunt uw toestemming op elk moment wijzigen of intrekken. In onze cookieverklaring vindt u meer informatie.

Populaire producten

    Personen

      Trefwoorden

        Information Privacy Engineering and Privacy by Design

        Recensiebeleid
        Noordhoff terugkoopgarantie

        Noordhoff koopt jouw boek terug, zonder zorgen!

        Heb je jouw boeken niet meer nodig?

        Als je jouw studieboeken gekocht hebt bij hanzestudybook.nl, kun je geselecteerde titels moeiteloos terugverkopen aan Noordhoff. Geen vragen, geen gedoe en lekker duurzaam.

        Volledige informatie op Noordhoff.nl

        AI-book

        Wat is een AI-book?

        Een AI-book is niet een boek dat geschreven is door AI maar een boek dat verrijkt is met AI. Het maakt de inhoud van een boek interactief via WhatsApp, zodat je ermee kunt chatten. Zie het als een razend slimme assistent die het boek perfect begrijpt en er alles uit onthouden heeft. Jij kunt deze assistent alles vragen. Vraag bijvoorbeeld hoe je iets kunt toepassen op jouw persoonlijke situatie, om een korte samenvatting, of wat de belangrijkste inzichten zijn. AI-books zijn alleen te gebruiken via WhatsApp, je hoeft er geen aparte app voor te installeren.
        Meer informatie over AI-books

        ?

        Geef uw beoordeling

        Information Privacy Engineering and Privacy by Design

        Verwijder uw beoordeling