This multiple choice assessment focuses on the new General Data Protection Regulation (GDPR).

The purpose of the assessment is to enable you to assess the extent and depth of your knowledge of the Data Protection Law in preparation for the CIPT.

Format: Multiple Choice

Time: 90 minutes

The result will be provided immediately, with details on all questions.

1) Which of the following may pose a “client side” privacy risk?

2) You are browsing the web and shopping for new patio furniture. You then open your favourite social media app and begin to scroll through the posts. While doing so, you start noticing ads for patio furniture.

This is an example of what?

3) Which of the following privacy practices would be most useful to users who are not knowledgeable about protecting their personal information?

4) Which of the following privacy-related principles would be the main concern during the data usage stage of the data life cycle?

5)  Under the EU’s General Data Protection Regulation (GDPR), which of the following types of information would NOT require notification to a supervisory authority in the event of a personal data breach?

6)  Authentication can be accomplished by a variety of mechanisms. Which are the four main categories?

7) The acronym PGP stands for:

8)  Julie needs to securely transfer a file containing personal data to Katlyn. Katlyn needs assurance that the file came from Julie. They decide to use asymmetric encryption. Select the correct steps that Julie and Katlyn should use.

9)  When purchasing a product from Tripe Type’s website, a customer must enter basic information into a purchase form. A link to Tripe Type’s privacy statement is provided on the purchase form. However, it does not disclose that it will use personal information for other purposes. The statement provides that Tripe Type will store the customer information in its database. A month later, Tripe Type’s sales team wants to generate new leads and decides to use the information collected from customers. This is an example of what?

10)  Which of the following explains why it is difficult to regulate what individually identifiable data is?

11)  Ubiquitous computing can raise significant concerns about the sheer volume of data that can be collected by a system. Each of the following are necessary considerations when utilizing a data collection process that falls into this category EXCEPT which?

12)  In creating a registration form for a mobile app directed at grade school children, what privacy engineering objective is addressed by asking for grade level instead of date of birth?

13)  Which of the following is NOT an example of automated decision-making?

14)  Which of the following circumstances would best be addressed by utilizing radio frequency identification (RFID) technology?

15)  What type of interference occurs when false or inaccurate information on a credit application results in denial of credit?

16)  Which of the following is an objective for privacy engineering? 

17)  Which of the following technologies allows individuals to participate in a salary survey without revealing the specific salary or personal information of any of the participants?

18)  An organization wants to enter into a contract with a third-party cloud provider for storage of client personal information. The business head is entering into this agreement to eliminate risk associated with a data breach by transferring the information to the third-party processor. She asks you if this is a good way to eliminate breach risk. Please choose the best response from the choices below.

19)  When creating a data inventory, it is important to include a range of detailed information on the company's data assets. This information should include how the data is accessed and by whom, how the data is managed, who owns it, where the data is stored, and the ________ that defines the individual data records and what they contain.

20)  Testing during software development generally consists of which two sets of activities?

21)  A marketing lead has collected a large data set of personal information and stored it in a shared folder. The marketing lead controls who has access to the shared folder. The type of access control being used is:

22)  Vulnerability is determined by what two factors?

23)  Low-level design concerns the details of the overall design of the system and focuses on improving the quality of programming practices through each of the following mechanisms EXCEPT:

24) Use the following to answer the question

SCENARIO

You have been tasked with developing an incident response process for your employer, BrandEnt Company, a media entertainment company.

 

As the senior manager of information privacy, you have been creating privacy-related procedures for the company. There has been an uptake in the number of privacy-related questions being sent to customer service through the website’s generic portal, and the customer service reps are unsure of what to do with the questions. This has led to the director of privacy asking that you work with the IT department to identify, track and resolve privacy-related incidents, as well as with the Information Security team to leverage their existing incident-management process.    

 

As you review the questions, you notice that many customers are asking what personal information BrandEnt has collected about them and, in many cases, requesting corrections to their information. You grow concerned as you notice that customer service representatives are not always responding to these inquiries. The website doesn’t have a portal dedicated to asking privacy-related questions, and instead a general customer service portal form is being used. This form only requests the customer’s name and their email address. The site does not require authentication to get to this portal. For responses that have been processed, the customer service representatives sent compressed files containing all data collected regarding the individual and sent it to the email provided.

 

You reach out to the Information Security team to request access to their incident ticketing system to determine if the existing process can be leveraged. As you review the incident tickets, you notice several security incidents related to data breaches. After speaking with the Information Security team lead, you learn that the tickets were closed after the vulnerabilities were patched and the system owners were notified.

Which common privacy principle is missing at BrandEnt?

 

25)  Use the following to answer the question

Scenario

You have been tasked with developing an incident response process for your employer, BrandEnt Company, a media entertainment company.

 

As the senior manager of information privacy, you have been creating privacy-related procedures for the company. There has been an uptake in the number of privacy-related questions being sent to customer service through the website’s generic portal, and the customer service reps are unsure of what to do with the questions. This has led to the director of privacy asking that you work with the IT department to identify, track and resolve privacy-related incidents, as well as with the Information Security team to leverage their existing incident-management process.    

 

As you review the questions, you notice that many customers are asking what personal information BrandEnt has collected about them and, in many cases, requesting corrections to their information. You grow concerned as you notice that customer service representatives are not always responding to these inquiries. The website doesn’t have a portal dedicated to asking privacy-related questions, and instead a general customer service portal form is being used. This form only requests the customer’s name and their email address. The site does not require authentication to get to this portal. For responses that have been processed, the customer service representatives sent compressed files containing all data collected regarding the individual and sent it to the email provided.

 

You reach out to the Information Security team to request access to their incident ticketing system to determine if the existing process can be leveraged. As you review the incident tickets, you notice several security incidents related to data breaches. After speaking with the Information Security team lead, you learn that the tickets were closed after the vulnerabilities were patched and the system owners were notified.

What follow up should be done regarding the data breaches that have already occurred?

26)  Use the following scenario to answer the next TWO questions.

 Scenario

HomeConnect has made quite a name for themselves in developing a range of smart solution “Internet of Things” technologies which range from remotely controlled security systems to thermostats that can be adjusted from our mobile devices, voice-activated peripherals that allow those less capable of living independently, and other cutting-edge innovations.

They have a very efficient order processing system. Smart devices are configured with default settings and shipped to customers within 24 hours of placing the order. The product box also includes a quick setup guide to save time for the customer. It is not a detailed setup guide, and certain steps, such as changing the password, are assumed to be common knowledge.

It is well known that every instance of the Internet of Things (IoT) in the consumer context will likely become a target to hackers. Compromised IoT devices could expose a vast amount of personal data about an individual’s home, work, and health. HomeConnect’s cyber-engineering team, in an effort to stay ahead of hackers, often runs real-time updates and patches on endpoints to increase the protection. Whenever a major product release is planned, the team invites interested customers to participate in beta testing to catch failures and usability issues before the final launch.

As part of their overall compliance and risk assessment, HomeConnect ensures that they maintain transparency with individuals about their processing activities to obtain any necessary consent.

Despite the security steps taken, a group of hackers were able to access live feeds from the cameras around customers’ homes by using a variety of weak, recycled and default credentials. They were even able to communicate using integrated devices. More than thirty families reported that hackers verbally harassed them.

What can HomeConnect do to reduce a customer’s exposure to threats?

 

 27) Use the following scenario to answer the question.

HomeConnect has made quite a name for themselves in developing a range of smart solution “Internet of Things” technologies which range from remotely controlled security systems to thermostats that can be adjusted from our mobile devices, voice-activated peripherals that allow those less capable of living independently, and other cutting-edge innovations.

They have a very efficient order processing system. Smart devices are configured with default settings and shipped to customers within 24 hours of placing the order. The product box also includes a quick setup guide to save time for the customer. It is not a detailed setup guide, and certain steps, such as changing the password, are assumed to be common knowledge.

It is well known that every instance of the Internet of Things (IoT) in the consumer context will likely become a target to hackers. Compromised IoT devices could expose a vast amount of personal data about an individual’s home, work, and health. HomeConnect’s cyber-engineering team, in an effort to stay ahead of hackers, often runs real-time updates and patches on endpoints to increase the protection. Whenever a major product release is planned, the team invites interested customers to participate in beta testing to catch failures and usability issues before the final launch.

As part of their overall compliance and risk assessment, HomeConnect ensures that they maintain transparency with individuals about their processing activities to obtain any necessary consent.

Despite the security steps taken, a group of hackers were able to access live feeds from the cameras around customers’ homes by using a variety of weak, recycled and default credentials. They were even able to communicate using integrated devices. More than thirty families reported that hackers verbally harassed them.


What best practice can the HomeConnect cyber-engineering team adopt for running software updates and patches?

28) Information technology has great value across all facets of an organization. Which of the following is a strong business case for holistic data protection, inclusive of privacy, protection and security?

29) Which statement below is FALSE with respect to the beta testing of a product?

30) Value-source analysis involves which of the following?

31) Which of the following would be considered part of software vulnerability management?

32) Which of the following is NOT an example of the usefulness of conducting a record of processing activity (RoPA) to all types and sizes of organizations?

33) Transport Layer Security (TLS) is established using asymmetric cryptography and symmetric encryption and is used primarily to?

34) What must a hiring organization assess while using a third-party service for testing its software?

35) What are some of the key principles under the Digital Advertising Alliance’s (DAA) Self-Regulatory Principles for Online Behavioral Advertising?

36) Please use the following scenario to answer the next THREE questions.

 

During a period of heightened COVID awareness, a large grocery retailer introduced various occupational and customer-related health and safety initiatives in their stores to help reduce virus spread and increase the ability to contact trace. One such initiative was to ask that all customers entering their physical stores provide their names, email addresses and/or mobile phone numbers. The prescribed method to enable this was through a ballot-box system, where prior to entering a store, customers would complete appropriate forms and then submit them into a secured ballot-box. However, some stores were struggling to keep up with customer demand, and in the interest of expediency, simply provided paper forms on clipboards outside their stores for people to complete. Each new customer would append their details below the previous customer with the details being publicly visible.

 

The retailer’s customer service center received a call from a customer complaining that she was contacted by someone she didn’t know. The man stated he had obtained her information from a list outside one of the stores she visited. He said he would only delete her information if she agreed to meet him in person; otherwise, he would post her personal data on social media.

 

 

Which of the following privacy threats and violations is the man’s action an example of?

37) Please use the following scenario to answer the next  question.

 

During a period of heightened COVID awareness, a large grocery retailer introduced various occupational and customer-related health and safety initiatives in their stores to help reduce virus spread and increase the ability to contact trace. One such initiative was to ask that all customers entering their physical stores provide their names, email addresses and/or mobile phone numbers. The prescribed method to enable this was through a ballot-box system, where prior to entering a store, customers would complete appropriate forms and then submit them into a secured ballot-box. However, some stores were struggling to keep up with customer demand, and in the interest of expediency, simply provided paper forms on clipboards outside their stores for people to complete. Each new customer would append their details below the previous customer with the details being publicly visible.

 

The retailer’s customer service center received a call from a customer complaining that she was contacted by someone she didn’t know. The man stated he had obtained her information from a list outside one of the stores she visited. He said he would only delete her information if she agreed to meet him in person; otherwise, he would post her personal data on social media.

 

Which type of privacy threat and violation did the retailer enable through unsecured lists outside its store?

38) Please use the following scenario to answer the next question.

 

During a period of heightened COVID awareness, a large grocery retailer introduced various occupational and customer-related health and safety initiatives in their stores to help reduce virus spread and increase the ability to contact trace. One such initiative was to ask that all customers entering their physical stores provide their names, email addresses and/or mobile phone numbers. The prescribed method to enable this was through a ballot-box system, where prior to entering a store, customers would complete appropriate forms and then submit them into a secured ballot-box. However, some stores were struggling to keep up with customer demand, and in the interest of expediency, simply provided paper forms on clipboards outside their stores for people to complete. Each new customer would append their details below the previous customer with the details being publicly visible.

 

The retailer’s customer service center received a call from a customer complaining that she was contacted by someone she didn’t know. The man stated he had obtained her information from a list outside one of the stores she visited. He said he would only delete her information if she agreed to meet him in person; otherwise, he would post her personal data on social media.


If the store that adopted this questionable practice also used the list to engage in email or SMS marketing to customers, what type of privacy threat and violation would this be?

39) Which of the following is an example of the use of a privacy pattern?

40) Which of the following protects information while it is in use by multiple parties?

41) Other than when new privacy laws or regulations are enacted, how often, at a minimum, should an organization update its privacy standards to ensure they are meeting expectations and requirements?

42) To prevent the identity of employees from being exposed when analyzing data for potential automation opportunities, the compliance team requires that information captured to perform capacity diagnostics on employee screen time usage be?

43) Which of the following is an example of applying transient storage to information?

44) BitHealth has recently implemented an electronic medical record (EMR) system. All patient information is now stored in the EMR. Only those who have gone through an approval process by the privacy team have access to the EMR. Lea, a member of the BitHealth IT team, has received a request from Stony Surgery requesting access to the EMR for their case management team to approve/authorize inpatient interactions. How should Lea respond to the request from Stony Surgery?

45) Please use the following scenario to answer the next SIX questions.

 

EdMed Inc. is one of the largest U.S. digital training companies fulfilling educational needs of many of the world’s healthcare professionals. Using high-resolution interactive video, they provide the finest educational experience, focusing on the secure and effective use of real-life surgery recordings for state-of-the-art medical products and techniques.

Recently, the customer care department received a notice from the American Hospital surgical team in Rome, Italy about post-operation details found in certain case study educational materials. They included the patient’s name and Massachusetts Official Hospital details on an x-ray that was shown on video as a part of the EdMed Inc. training set.

EdMed’s privacy network expert team reviewed the content. They then organized an urgent meeting with all stakeholders—Mark, Peter and Jane—to evaluate the risk of the incident and to analyze how to avoid this situation in the future.

Mark and Peter are both privacy technologists responsible for acquiring and preparing raw data collected from different hospital sources by following EdMed’s privacy-by-design process. Jane is a project manager from TristarGlobe Inc., a specialized media company that develops training materials on behalf of EdMed Inc.

Mark uses internally developed software, called DONAT, to parse the raw data collected and to identify any personal data that should be removed from training materials before they are released to the market. Peter then forwards raw data, including a change notice, to Jane, who then manages the production and release of the final training materials.

Jane determines that they had received the x-ray containing personal data but there was no request to remove any details from it. Mark confirms that there was no change notice sent for the x-rays because Massachusetts Official Hospital is using a new x-ray format that was not recognized by DONAT.

Mark, Peter and Jane all agree TristarGlobe Inc. must take a more proactive role to determine the least amount of personal data needed on the training materials. Peter also proposed a DONAT request for change notice that will introduce an auditability quality attribute, which will have the ability to examine and review how the system parses raw data during production. These new procedures will require approval from additional stakeholders to provide an appropriate budget, staff, and additional approvals for the process, as well as proper training for those affected by the new procedure.

Mark reported feedback from the legal department indicating that the case study materials constituted a data breach and that they have no documented output of a privacy risk assessment in this situation. They discuss meeting with the appropriate team members to develop privacy risk assessments for all processes that potentially involve personal data moving forward.

Closing the meeting, all three agree that they must enforce any new processes and demonstrate that all parties involved are compliant with privacy policies and processes in the future.

 

To help Jane to take a more proactive role and to comply with standards, Peter and Mark will need to send her standard operating procedures (SOP) covering which of EdMed’s privacy-by-design process activities?

46) Please use the following scenario to answer the next questions.

 

EdMed Inc. is one of the largest U.S. digital training companies fulfilling educational needs of many of the world’s healthcare professionals. Using high-resolution interactive video, they provide the finest educational experience, focusing on the secure and effective use of real-life surgery recordings for state-of-the-art medical products and techniques.

Recently, the customer care department received a notice from the American Hospital surgical team in Rome, Italy about post-operation details found in certain case study educational materials. They included the patient’s name and Massachusetts Official Hospital details on an x-ray that was shown on video as a part of the EdMed Inc. training set.

EdMed’s privacy network expert team reviewed the content. They then organized an urgent meeting with all stakeholders—Mark, Peter and Jane—to evaluate the risk of the incident and to analyze how to avoid this situation in the future.

Mark and Peter are both privacy technologists responsible for acquiring and preparing raw data collected from different hospital sources by following EdMed’s privacy-by-design process. Jane is a project manager from TristarGlobe Inc., a specialized media company that develops training materials on behalf of EdMed Inc.

Mark uses internally developed software, called DONAT, to parse the raw data collected and to identify any personal data that should be removed from training materials before they are released to the market. Peter then forwards raw data, including a change notice, to Jane, who then manages the production and release of the final training materials.

Jane determines that they had received the x-ray containing personal data but there was no request to remove any details from it. Mark confirms that there was no change notice sent for the x-rays because Massachusetts Official Hospital is using a new x-ray format that was not recognized by DONAT.

Mark, Peter and Jane all agree TristarGlobe Inc. must take a more proactive role to determine the least amount of personal data needed on the training materials. Peter also proposed a DONAT request for change notice that will introduce an auditability quality attribute, which will have the ability to examine and review how the system parses raw data during production. These new procedures will require approval from additional stakeholders to provide an appropriate budget, staff, and additional approvals for the process, as well as proper training for those affected by the new procedure.

Mark reported feedback from the legal department indicating that the case study materials constituted a data breach and that they have no documented output of a privacy risk assessment in this situation. They discuss meeting with the appropriate team members to develop privacy risk assessments for all processes that potentially involve personal data moving forward.

Closing the meeting, all three agree that they must enforce any new processes and demonstrate that all parties involved are compliant with privacy policies and processes in the future.

 

To check that the raw data media format is always recognized by the parsing application, Mark has decided to improve DONAT testing and validation for new formats on the market. What would be his best approach?

 

47) Please use the following scenario to answer the next questions.

 

EdMed Inc. is one of the largest U.S. digital training companies fulfilling educational needs of many of the world’s healthcare professionals. Using high-resolution interactive video, they provide the finest educational experience, focusing on the secure and effective use of real-life surgery recordings for state-of-the-art medical products and techniques.

Recently, the customer care department received a notice from the American Hospital surgical team in Rome, Italy about post-operation details found in certain case study educational materials. They included the patient’s name and Massachusetts Official Hospital details on an x-ray that was shown on video as a part of the EdMed Inc. training set.

EdMed’s privacy network expert team reviewed the content. They then organized an urgent meeting with all stakeholders—Mark, Peter and Jane—to evaluate the risk of the incident and to analyze how to avoid this situation in the future.

Mark and Peter are both privacy technologists responsible for acquiring and preparing raw data collected from different hospital sources by following EdMed’s privacy-by-design process. Jane is a project manager from TristarGlobe Inc., a specialized media company that develops training materials on behalf of EdMed Inc.

Mark uses internally developed software, called DONAT, to parse the raw data collected and to identify any personal data that should be removed from training materials before they are released to the market. Peter then forwards raw data, including a change notice, to Jane, who then manages the production and release of the final training materials.

Jane determines that they had received the x-ray containing personal data but there was no request to remove any details from it. Mark confirms that there was no change notice sent for the x-rays because Massachusetts Official Hospital is using a new x-ray format that was not recognized by DONAT.

Mark, Peter and Jane all agree TristarGlobe Inc. must take a more proactive role to determine the least amount of personal data needed on the training materials. Peter also proposed a DONAT request for change notice that will introduce an auditability quality attribute, which will have the ability to examine and review how the system parses raw data during production. These new procedures will require approval from additional stakeholders to provide an appropriate budget, staff, and additional approvals for the process, as well as proper training for those affected by the new procedure.

Mark reported feedback from the legal department indicating that the case study materials constituted a data breach and that they have no documented output of a privacy risk assessment in this situation. They discuss meeting with the appropriate team members to develop privacy risk assessments for all processes that potentially involve personal data moving forward.

Closing the meeting, all three agree that they must enforce any new processes and demonstrate that all parties involved are compliant with privacy policies and processes in the future.


The type of requirement that Peter proposed related to the upgrade of the technological system that parses the raw input data for TristarGlobe Inc. processing is known as what?

 

48) Please use the following scenario to answer the next questions.

 

EdMed Inc. is one of the largest U.S. digital training companies fulfilling educational needs of many of the world’s healthcare professionals. Using high-resolution interactive video, they provide the finest educational experience, focusing on the secure and effective use of real-life surgery recordings for state-of-the-art medical products and techniques.

Recently, the customer care department received a notice from the American Hospital surgical team in Rome, Italy about post-operation details found in certain case study educational materials. They included the patient’s name and Massachusetts Official Hospital details on an x-ray that was shown on video as a part of the EdMed Inc. training set.

EdMed’s privacy network expert team reviewed the content. They then organized an urgent meeting with all stakeholders—Mark, Peter and Jane—to evaluate the risk of the incident and to analyze how to avoid this situation in the future.

Mark and Peter are both privacy technologists responsible for acquiring and preparing raw data collected from different hospital sources by following EdMed’s privacy-by-design process. Jane is a project manager from TristarGlobe Inc., a specialized media company that develops training materials on behalf of EdMed Inc.

Mark uses internally developed software, called DONAT, to parse the raw data collected and to identify any personal data that should be removed from training materials before they are released to the market. Peter then forwards raw data, including a change notice, to Jane, who then manages the production and release of the final training materials.

Jane determines that they had received the x-ray containing personal data but there was no request to remove any details from it. Mark confirms that there was no change notice sent for the x-rays because Massachusetts Official Hospital is using a new x-ray format that was not recognized by DONAT.

Mark, Peter and Jane all agree TristarGlobe Inc. must take a more proactive role to determine the least amount of personal data needed on the training materials. Peter also proposed a DONAT request for change notice that will introduce an auditability quality attribute, which will have the ability to examine and review how the system parses raw data during production. These new procedures will require approval from additional stakeholders to provide an appropriate budget, staff, and additional approvals for the process, as well as proper training for those affected by the new procedure.

Mark reported feedback from the legal department indicating that the case study materials constituted a data breach and that they have no documented output of a privacy risk assessment in this situation. They discuss meeting with the appropriate team members to develop privacy risk assessments for all processes that potentially involve personal data moving forward.

Closing the meeting, all three agree that they must enforce any new processes and demonstrate that all parties involved are compliant with privacy policies and processes in the future.


Following the report from the legal department, Mark should require which of the following be performed?

49). Please use the following scenario to answer the next questions.

 

EdMed Inc. is one of the largest U.S. digital training companies fulfilling educational needs of many of the world’s healthcare professionals. Using high-resolution interactive video, they provide the finest educational experience, focusing on the secure and effective use of real-life surgery recordings for state-of-the-art medical products and techniques.

Recently, the customer care department received a notice from the American Hospital surgical team in Rome, Italy about post-operation details found in certain case study educational materials. They included the patient’s name and Massachusetts Official Hospital details on an x-ray that was shown on video as a part of the EdMed Inc. training set.

EdMed’s privacy network expert team reviewed the content. They then organized an urgent meeting with all stakeholders—Mark, Peter and Jane—to evaluate the risk of the incident and to analyze how to avoid this situation in the future.

Mark and Peter are both privacy technologists responsible for acquiring and preparing raw data collected from different hospital sources by following EdMed’s privacy-by-design process. Jane is a project manager from TristarGlobe Inc., a specialized media company that develops training materials on behalf of EdMed Inc.

Mark uses internally developed software, called DONAT, to parse the raw data collected and to identify any personal data that should be removed from training materials before they are released to the market. Peter then forwards raw data, including a change notice, to Jane, who then manages the production and release of the final training materials.

Jane determines that they had received the x-ray containing personal data but there was no request to remove any details from it. Mark confirms that there was no change notice sent for the x-rays because Massachusetts Official Hospital is using a new x-ray format that was not recognized by DONAT.

Mark, Peter and Jane all agree TristarGlobe Inc. must take a more proactive role to determine the least amount of personal data needed on the training materials. Peter also proposed a DONAT request for change notice that will introduce an auditability quality attribute, which will have the ability to examine and review how the system parses raw data during production. These new procedures will require approval from additional stakeholders to provide an appropriate budget, staff, and additional approvals for the process, as well as proper training for those affected by the new procedure.

Mark reported feedback from the legal department indicating that the case study materials constituted a data breach and that they have no documented output of a privacy risk assessment in this situation. They discuss meeting with the appropriate team members to develop privacy risk assessments for all processes that potentially involve personal data moving forward.

Closing the meeting, all three agree that they must enforce any new processes and demonstrate that all parties involved are compliant with privacy policies and processes in the future.

Which control will be used to implement the final statement on which Peter, Mark and Jane agree?

 

50) Please use the following scenario to answer the next question.

 

EdMed Inc. is one of the largest U.S. digital training companies fulfilling educational needs of many of the world’s healthcare professionals. Using high-resolution interactive video, they provide the finest educational experience, focusing on the secure and effective use of real-life surgery recordings for state-of-the-art medical products and techniques.

Recently, the customer care department received a notice from the American Hospital surgical team in Rome, Italy about post-operation details found in certain case study educational materials. They included the patient’s name and Massachusetts Official Hospital details on an x-ray that was shown on video as a part of the EdMed Inc. training set.

EdMed’s privacy network expert team reviewed the content. They then organized an urgent meeting with all stakeholders—Mark, Peter and Jane—to evaluate the risk of the incident and to analyze how to avoid this situation in the future.

Mark and Peter are both privacy technologists responsible for acquiring and preparing raw data collected from different hospital sources by following EdMed’s privacy-by-design process. Jane is a project manager from TristarGlobe Inc., a specialized media company that develops training materials on behalf of EdMed Inc.

Mark uses internally developed software, called DONAT, to parse the raw data collected and to identify any personal data that should be removed from training materials before they are released to the market. Peter then forwards raw data, including a change notice, to Jane, who then manages the production and release of the final training materials.

Jane determines that they had received the x-ray containing personal data but there was no request to remove any details from it. Mark confirms that there was no change notice sent for the x-rays because Massachusetts Official Hospital is using a new x-ray format that was not recognized by DONAT.

Mark, Peter and Jane all agree TristarGlobe Inc. must take a more proactive role to determine the least amount of personal data needed on the training materials. Peter also proposed a DONAT request for change notice that will introduce an auditability quality attribute, which will have the ability to examine and review how the system parses raw data during production. These new procedures will require approval from additional stakeholders to provide an appropriate budget, staff, and additional approvals for the process, as well as proper training for those affected by the new procedure.

Mark reported feedback from the legal department indicating that the case study materials constituted a data breach and that they have no documented output of a privacy risk assessment in this situation. They discuss meeting with the appropriate team members to develop privacy risk assessments for all processes that potentially involve personal data moving forward.

Closing the meeting, all three agree that they must enforce any new processes and demonstrate that all parties involved are compliant with privacy policies and processes in the future.

Peter and Mark’s first step was to collect all the facts about the reported situation, which included software, procedures and vendors. What is this process known as?