COMM 226 Lecture Notes - Lecture 12: Personal Information Protection And Electronic Documents Act, Adware
This preview shows pages 1-2. to view the full 7 pages of the document.
Managing Information Security & Privacy
1. What is identity theft?
Identity theft : vital information such as a person’s name, address, date of birth, social insurance number, and mother’s
maiden name are acquired to complete impersonation. With this information, the identity thief can take over a victim’s
financial accounts; open new bank accounts; transfer bank balances; apply for loans, credit cards, and other services.
2. What is PIPEDA?
PIPEDA: Personal Information Protection and Electronic Documents Act.
The Act is intended to balance an individual’s right to the privacy of his or her personal information, which
organizations need to collect, use, or share for business purposes. The Privacy Commissioner of Canada oversees this
Act. PIPEDA governs how data are collected and used.
- Personal information: is defined under this Act as information about an identifiable individual, but does not include
the name, title, business address, or telephone number of an employee of an organization. The Act gives individuals
the right to know why an organization collects, uses, or discloses their personal information. So organizations are
required to identify why they are collecting information and how they will use it. PIPEDA also requires organizations
to identify anyone in the organization who is responsible for keeping personal information private and secure and
allows other individuals to have access to this information, as necessary, to check its accuracy. PIPEDA creates some
protection of personal privacy.
3. What types of security threats do organizations face?
Only pages 1-2 are available for preview. Some parts have been intentionally blurred.
Organizations face security threats as well. Three sources of them are:
1. Human errors and mistakes
Human errors and mistakes include accidental problems caused by both employees and others outside the organization
(procedural/physical accidents, incorrect procedures).
•Poorly written programs
•Poorly designed procedures
•Malicious human activity
•Intentional destruction of data
•Destroying system components
•Virus and worm writers
You're Reading a Preview
Unlock to view full version