Privacy Concepts and Data Rights
Key Takeaways
- Privacy programs define how personal data is collected, used, shared, retained, protected, and deleted.
- A controller determines the purpose and means of processing, while a processor handles data on behalf of the controller.
- A data subject is the person the personal data describes.
- Retention schedules help prevent keeping personal data longer than business, legal, or regulatory needs justify.
- The right to be forgotten may require deletion or de-identification unless legal holds, statutory duties, or other exceptions apply.
Privacy Concepts and Data Rights
Privacy focuses on responsible handling of information about people. Security protects data from unauthorized access, alteration, and loss. Privacy adds questions about purpose, consent, notice, minimization, sharing, retention, deletion, and individual rights.
Core Roles
| Role | Meaning | Example |
|---|---|---|
| Data subject | Person the data is about | A customer whose email address and purchase history are stored |
| Controller | Entity that decides why and how personal data is processed | A retailer deciding to use customer data for order fulfillment |
| Processor | Entity that processes data for the controller | A shipping platform that receives addresses to print labels |
A company can be a controller in one relationship and a processor in another. A payroll provider may be a processor for an employer's employee records, but a controller for its own employee data.
Privacy Principles
| Principle | Security+ meaning | Scenario |
|---|---|---|
| Data minimization | Collect only what is needed | Do not request birth dates for a newsletter if email is enough |
| Purpose limitation | Use data only for stated purposes | Do not reuse support chat logs for advertising without proper basis |
| Consent and notice | Tell people what happens and collect required permission | Explain marketing tracking before enabling it |
| Retention | Keep data only as long as justified | Delete inactive trial account data after the retention period |
| De-identification | Reduce identifiability where possible | Aggregate survey results before analytics |
| Data sovereignty | Account for where data is stored or processed | Confirm regional hosting commitments in the contract |
Retention and Deletion Scenario
A fitness app collects names, email addresses, workout history, device identifiers, and optional location data. The product team wants to keep all records forever because long-term data is useful for analytics. The privacy team rejects that plan.
The final retention schedule keeps account data while the account is active, billing records for the required accounting period, security logs for the approved investigation window, and aggregated usage metrics without direct identifiers. Optional location history is deleted after a shorter period because it is more sensitive and not required for the core service.
Right to Be Forgotten
The right to be forgotten generally means an individual can request deletion of personal data when continued processing is no longer justified. The organization must identify where the data exists, verify the request as appropriate, delete or de-identify eligible records, and preserve records that must be kept for valid legal or compliance reasons.
Example response workflow:
- Confirm the requestor is the data subject or an authorized representative.
- Locate personal data in production systems, support tools, analytics platforms, and vendor systems.
- Check exceptions such as legal hold, fraud investigation, tax record retention, or active contract need.
- Delete, anonymize, or restrict processing for eligible data.
- Record completion evidence without retaining unnecessary personal details.
Compliance Traps
- Keeping personal data indefinitely because storage is cheap.
- Sharing data with a processor without contract terms for deletion and return.
- Treating encrypted personal data as nonpersonal data in all circumstances.
- Deleting records that are under legal hold.
- Fulfilling deletion in the main application but forgetting backups, exports, tickets, and vendors.
- Using collected data for a new purpose without checking notice, consent, or legal basis.
A university decides why student records are collected and how they will be used. A cloud platform stores the records under the university instructions. What are the likely roles?
A team wants to keep optional location history forever in case it becomes useful later. Which privacy principle is most directly at issue?
Which steps may be part of a right-to-be-forgotten workflow? Select three.
Select all that apply