CIPP Glossary Part 2 Flashcards
1
Q
Chapter 7 of the General Data Protection Regulation outlines the remedies available to data subjects and their right to compensation, the liability for damage caused by processing for both controllers and processors, and the penalties available to supervisory authorities for infringement of the law.
A
Remedies, Liability and Penalties
2
Q
Commercial conduct that intentionally causes substantial injury, without offsetting benefits, and that consumers cannot reasonably avoid.
A
Unfair Trade Practices
3
Q
The minimum level at which privacy should be protected in all new projects, applications and services. This includes the expectations of privacy in the new programs and guidelines for adherence to those standards. The standard is set based on both internal organizational policy and external regulations etc.
A
Privacy Standard
4
Q
A formula to calculate the impact of a new project on the privacy of the consumer base that will use the new systems. To evaluate the xxx, one must consider the likelihood of the threat occurring, multiplied by the potential impact if the threat occurs. It may be difficult to quantify, so a comparison between projects may be the best way to understand xxx.
A
Privacy Risk
5
Q
It is a term with particular meaning under the California Consumer Privacy Act, which defines it as information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer.
A
Personal Information (PI)
6
Q
Taking information collected for one purpose and using it for another purpose later on.
A
Repurposing
7
Q
Governs the release of customer financial information to federal government authorities.
The act defines both the circumstances under which a financial institution can volunteer information about customers financial records to federal government authorities and the applicable procedures and requirements to follow when the federal government is requesting customers financial information.
A
Right to Financial Privacy Act of 1978
8
Q
Technically Directive 2016/680, or the Directive on the Protection of Natural Persons with Regard to the Processing of Personal Data by Competent Authorities for the Purposes of Law Enforcement,
this is the EU law governing the handling of personal data by competent law enforcement authorities. Each member state has a law that translates this directive into national law. The directive covers the cross-border and national processing of data by member states’ competent authorities for the purpose of law enforcement.
This includes the prevention, investigation, detection and prosecution of criminal offences, as well as the safeguarding and prevention of threats to public security. It does not cover activities by EU institutions, bodies, offices and agencies, nor activities falling outside the scope of EU law.
A
Law Enforcement Directive
9
Q
The degree to which identifiers used to track an individual user can be paired with outside information to identify that individual.
For example, public record can be paired with date of birth, gender and zip code to identify an individual.
A
Linkability
10
Q
The individual who is mandated by PIPEDA to enforce the act.
The commissioner has broad power to examine documents, but some documents may be shielded by solicitor-client privilege.
The xxx conducts investigations under a cloak of confidentiality, but public reports with non-binding recommendations are ultimately issued. This individual is mandated by PIPEDA to enforce PIPEDA.
Aggrieved individuals also have a right to complain to the xxx.
A
Privacy Commissioner of Canada
11
Q
A U.S. federal agency that administers the National Labor Relations Act. The xxx conducts elections to determine if employees want union representation and investigates and remedies unfair labor practices by employers and unions.
A
The National Labor Relations Board
12
Q
A body enacted pursuant to an act under which a professional or occupational group or discipline is organized and that provides for the membership in the regulation of the members of the professional or occupation group or discipline, including the registration, competence, conduct, practice and discipline of its members.
A
Professional Regulatory Body
13
Q
A case in which the European Court of Justice (ECJ) ruled that a woman who identified and included information about fellow church volunteers on her website was in breach of the Data Protection Directive 95/46/EC.
The ECJ held that the creation of a personal website was not a personal activity allowing the woman to be exempted from the data protection rules.
Some observers wonder whether Recital 18 of the General Data Protection Regulation, which says the law does not apply to the processing of personal data by a natural person in the course of a purely personal or household activity and thus with no connection to a professional or commercial activity, might affect this precedential ruling.
Recital 18 says personal or household activities could include correspondence and the holding of addresses, or social networking and online activity undertaken within the context of such activities.
A
Lindqvist Judgement
14
Q
The principle that personal data must be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
Personal data may be stored for longer periods if it will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, subject to implementation of the appropriate technical and organizational measures required to safeguard the rights and freedoms of the data subject.
A
Storage Limitation
15
Q
The practice of identifying and removing or blocking information from documents being produced pursuant to a discovery request or as evidence in a court proceeding.
Specifically, attorneys are required to xxx documents so that no more than the following information is included in court filings: (1) The last four digits of the Social Security number and taxpayer-identification number; (2) the year of the individual s birth; (3) if the individual is a minor, only the minor s initials, and (4) the last four digits of the financial account number.
A
Redaction
16
Q
These events constitute triggers for an organization to conduct a xxx: Conversion of records from paper-based to electronic form; Conversion of information from anonymous to identifiable form;
- System management changes involving significant new uses and/or application of new technologies;
- Significant merging, matching or other manipulation of multiple databases containing PII;
- Application of user-authenticatingtechnology to a system accessed by members of the public;
- Incorporation into existing databases of PII obtained from commercial or public sources;
- Significant new inter-agency exchanges or uses of PII;
- Alteration of a business process resulting in significant new collection, use and/or disclosure of PII;
- Alteration of the character of PII due to the addition of qualitatively new types of PII.
A
Privacy Impact Assessment (PIA) Triggers
17
Q
An advertising strategy that leverages information learned from an initial consumer interaction to market to the same consumer multiple times in a digital or physical environment
A
Remarketing
18
Q
A formal documentation of a software system or product to be developed that includes both functional and nonfunctional requirements.
These are used so that the individual tasked with creating the system or product is aware of the needs of the individual seeking the creation.
A
Software Requirements Specification
19
Q
The 3rd of four phases of the privacy operational life cycle.
It provides privacy management through the monitoring, auditing, and communication aspects of the management framework
A
Sustain
20
Q
One of three requirements established by the General Data Protection Regulation for the processing of personal data.
Personal data shall be processed xxx, fairly and in a transparent manner in relation to the data subject.
Data subjects must be aware of the fact that their personal data will be processed, including how the data will be collected, kept and used, to allow them to make an informed decision about whether they agree with such processing and to enable them to exercise their data protection rights. The GDPR outlines six bases for the xxx processing of personal data.
A
Lawfulness
21
Q
Under the General Data Protection Regulation, a processor may not engage another processor without xxx of the data controller. This authorization may be general or specific. If it is general, the processor is required to give the controller an opportunity to object to the addition or replacement of other processors.
A
Prior Authorization
22
Q
The concept that personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by the law.
A
Limiting Use
23
Q
A telecommunications industry term for non-core services; i.e., services beyond voice calls and fax transmissions.
More broadly, the term is used in the service sector to refer to services, which are available at little or no cost, and promote their primary business. For mobile phones, while technologies like SMS, MMS and GPRS are usually considered xxx, a distinction may also be made between standard (peer-to-peer) content and premium-charged content. These are called mobile value-added services (MVAS), which are often simply referred to as VAS. Value-added services are supplied either in-house by the mobile network operator themselves or by a third-party value-added service provider (VASP), also known as a content provider (CP) such as Headline News or Reuters. VASPs typically connect to the operator using protocols like short message peer-to-peer protocol (SMPP), connecting either directly to the short message service centre (SMSC) or, increasingly, to a messaging gateway that gives the operator better control of the content.
A
Value-Added Services (VAS)
24
Q
The set of rules which govern the use of a service and must be agreed to, either implicitly through the use of that service or explicitly, in order to make use of that service.
A
Terms of Service
25
Phishing targeted at a specific individual or individuals known to be wealthy.
Whaling
26
A network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users an access to a central organizational network. xxx typically require remote users of the network to be authenticated and often secure data with encryption technologies to prevent disclosure of private information to unauthorized parties.
Virtual Private Network (VPN)
27
The European Parliament, the European Council, the European Commission, the Court of Justice of the European Union, the European Central Bank and the Court of Auditors.
Six Major European Union Institutions, The
28
A cryptographic key used with a secret key cryptographic algorithm, uniquely associated with one or more entities and which shall not be made public.
The use of the term "xxx" in this context does not imply a classification level, rather the term implies the need to protect the key from disclosure or substitution.
Secret Key
29
UnderHIPAA, the standard that the level of information that may be disclosed by healthcare providers to third parties is the minimum amount necessary to accomplish the intended purpose.
Minimum Necessary Requirement
30
An executive who serves as the privacy program sponsor and acts as an advocate to further foster privacy as a core organization concept.
Privacy Champion
31
A U.S. federal agency that oversees the welfare of the job seekers, wage earners and retirees of the United States by improving their working conditions, advancing their opportunities for profitable employment, protecting their retirement and healthcare benefits, helping employers find workers, strengthening free collective bargaining and tracking changes in employment, prices and other national economic measurements.
To achieve this mission, the department administers a variety of federal laws including, but not limited to, the Fair Labor Standards Act (FLSA), the Occupational Safety and Health Act (OSHA) and the Employee Retirement Income Security Act (ERISA).
U.S. Department of Labor
32
A resolution adopted in 2009 by the International Conference of Data Protection and Privacy Commissioners, consisting of 80 data protection authorities from 42 countries around the world.
The resolutions proposes international standards on the protection of privacy with regard to the processing of personal data, to include: lawfulness and fairness; purpose specification; proportionality; data quality; openness; and accountability.
Madrid Resolution
33
An authentication process that allows the user to enter a single set of credentials to access multiple applications.
Single-Sign-On (SSO)
34
Analogous to a demand side platform (DSP), an xxx enables publishers to access demand from a wide variety of networks, exchanges, and platforms via one interface.
Supply Side Platform (SSP)
35
Information collected and maintained by a government entity and available to the general public.
Public Records
36
"The jurisdictional reach of a law or regulation. In the case of the General Data Protection Regulation, it applies to organizations
established in the EU and to their third-party processors of personal data, wherever they happen to be located, and to those organizations that offer goods or services to, or monitor, individuals in the EU."
Territorial Scope
37
Also known as Secret Key Encryption is a form of encryption using a single secret key to both encrypt and decrypt data
Symmetric Key Encryption
38
Under OMB Memorandum M-05-08, each executive agency should identify the senior official who has agency-wide responsibility for information privacy.
The agency's chief information officer (CIO) may perform this role, or it may be performed by another senior official at the assistant secretary or equivalent level. Agencies are also advised that the official given this role should have the authority to address information privacy policy issues at a national and agency-wide level. The official has overall responsibility and accountability for ensuring the agency s implementation of information privacy protections, including full compliance with federal laws, regulations and policies relating to information security, such as thePrivacy Act.
Senior Agency Official for Privacy
39
Among the exception to the Privacy Act of 1974 are:
(1) Performance of regular duties of an agency employee;
(2) FOI A disclosures;
(3) Routine uses as specified in the applicable SORN;
(4) Census Bureau census or survey functions;
(5) Statistical research if not individually identifiable;
(6) Data held by the National Archives;
(7) Law enforcement activity;
(8) Compelling health or safety circumstances;
(9) Congressional committee with appropriate jurisdiction;
(10) GAO duties;
(11) Court order, and
(12) Consumer reporting agencies.
Privacy Act Exceptions
40
An indicator used to measure the financial gain/loss (or value ) of a project in relation to its cost. Privacy xxx defines metrics to measure the effectiveness of investments to protect investments in assets.
Return on Investment (ROI)
41
Criminalizes cyber bullying and loosens restraints on police to obtain warrants for telecommunications and internet data, as well as allows police to compel the preservation of electronic evidence.
Protecting Canadians from Online Crime Act
42
Used to distinguish from sectorial laws (see Sectorial Laws), to mean laws that cover a broad spectrum of organizations or natural persons, rather than simply a certain market sector or population.
Omnibus Laws
43
An individual s right to request and receive their personal data from a business or other organization.
Right of Access
44
The following constitute risk assessment factors: Number of breaches; number of outages; unauthorized access; lost assets; software viruses; investigations.
Risk Assessment Factors
45
An individual s right to have personal data about them corrected or amended by a business or other organization if it is inaccurate.
Rectification
46
To make (something) more difficult to understand; to hide the true meaning.
Obfuscation
47
Individual executives within an organization who lead and own the responsibility of privacy activities.
Stakeholders
48
Under theBank Secrecy Act, the log of transactions a financial institution must retain a record for cash purchases of monetary instruments (e.g., money orders, cashier s checks, travelers checks) ranging from $3,000 to $10,000.
Monetary Instrument Log
49
The General Data Protection Regulation requires that supervisory authorities assist each other in performing their tasks and provide mutual assistance to one another so as to ensure the consistent application and enforcement (see Consistency Mechanism). In certain cases, supervisory authorities can go forward without mutual assistance if request for assistance is not answered within 30 days or other time periods. The GDPR also requires international mutual assistance with third countries and international organizations in the enforcement of legislation for the protection of personal data, including through notification, complaint referral, investigative assistance and information exchange, subject to appropriate safeguards for the protection of personal data and other fundamental rights and freedoms.
Mutual Assistance
50
Fourteen generic information security practice competency areas, including: Digital Security; Digital Forensics; Enterprise Continuity; Incident Management; IT Security and Training Awareness; IT Systems Operation and Maintenance; Network and Telecommunications Security; Personnel Security; Physical and Environmental Security; Procurement; Regulatory and Standards Compliance; Security Risk Management; Strategic Security Management; and System and Application Security.
US-CERT IT Security Essential Body of Knowledge
51
A special-purpose programming language that allows for the creation of interactive forms which users can insert, alter and delete data they have input, and the system administrators can easily transfer information into usable data banks of user information. Originally developed by IBM, SQL has become an international standard for data collection and use.
Structured Query Language
52
The movement of personal data from one organization to another.
Transfer
53
A member state of the European Union, formally created by the Maastricht Treaty in 1992. As of the last addition of member states in 2013, the EU consists of: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the United Kingdom. The U.K. submitted a notice of withdrawal under Article 50 of the Treaty of Lisbon in 2016 and will leave the European on March 29, 2019, unless the European Council decides to extend the two-year negotiating period by unanimous vote.
Member State
54
PCLOBis an independent, bipartisan agency within the executive branch established by the Implementing Recommendations of the 9/11 Commission Act, Pub. L. 110-53, signed into law in August 2007. Comprised of four part-time members and a full-time chairman, PCLOBis vested with two fundamental authorities: (1) To review and analyze actions the executive branch takes to protect the Nation from terrorism, ensuring the need for such actions is balanced with the need to protect privacy and civil liberties and (2) To ensure that liberty concerns are appropriately considered in the development and implementation of laws, regulations, and policies related to efforts to protect the Nation against terrorism.
Privacy and Civil Liberties Oversight Board
55
Most legislation recognizes thatdata breachnotifications involving thousands of impacteddata subjectscould place an undue financial burden on the organization and therefore allow substitute notification methods. In Connecticut, for example, Substitute notice shall consist of the following: (A) Electronic mail notice when the person, business or agency has an electronic mail address for the affected persons; (B) conspicuous posting of the notice on the website of the person, business or agency if the person maintains one, and (C) notification to major state-wide media, including newspapers, radio and television.
Substitute Notice
56
Protecting "vital interests" refers to circumstances of life or death in other words, where the processing of personal data contemplated is vital to an individual s survival. For example, under the European General Data Protection Regulation, processing of personal data that necessary in order to protect the vital interests of the data subject or of another natural person is one of the six legal bases for processing personal data. This criterion will be relevant only in rare emergency situations such as health care settings, humanitarian response, and law enforcement.
Vital Interests
57
Technologies and processes that are designed to secure an entire network environment by preventing penetration from the outside.
Perimeter Controls
58
A general term in many organizations for the head of privacy compliance and operations. In the United States federal government, however, it is a more specific term for the official responsible for the coordination and implementation of all privacy and confidentiality efforts within a department or component. This official may be statutorily mandated as a political appointment, as in the Department of Homeland Security, or a career professional
Privacy Officer
59
A unique string of numbers that identifies a computer on the Internet or otherTCP/IP network. The IP address is expressed in four groups of up to three numbers, separated by periods. For example: 123.123.23.2. An address may be "dynamic," meaning that it is assigned temporarily whenever a device logs on to a network or anInternet service providerand consequently may be different each time a device connects. Alternatively, an address may be "static," meaning that it is assigned to a particular device and does not change, but remains assigned to one computer or device.
Internet Protocol Address
60
TheGETand POST HTML method attributes specify how form data is sent to a web page. The POST method is more secure than GET as the GET method appends the form data to theURLallowing passwords and othersensitive informationcollectedin a form to be visible in the browser s address bar.
POST Method
61
A type of network security that protects data traffic by providingencryptionat the network transfer layer. This form of encryption operates independently of other security measures and is invisible to the ender user as data is only encrypted while in transit.
Network Encryption
62
Contracting business processes, which may include the processing of personal information, to a third party. The General Data Protection Regulation establishes direct legal obligations applicable to service providers acting as "processors" and places an increased emphasis to the contractual obligations that must be established between organizations and their data processing service providers.
Outsourcing (EU-specific)
63
The main establishment of a controller in the Union should be the place of its central administration in the European Union, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the controller in the EU in which case that other establishment should be considered to be the main establishment. The main establishment of the processor should be the place of its central administration in the EU or, if it has no central administration in the EU the place where the main processing activities take place in the EU. The member state location of the main establishment determines the controller or processor's lead supervisory authority
Main Establishment
64
A case recognized as establishing the "knock-and-announce rule," an important concept relating to privacy in one's home and Fourth Amendment search and seizure jurisprudence in the U.S.
Semayne s Case
65
One of two central concepts of choice. It means an individual s lack of action implies that a choice has been made; i.e., unless an individual checks or unchecks a box, their information will be shared with third parties. The General Data Protection Regulation's definition of consent as requiring a "clear affirmative act" makes opt-out unacceptable for the acquisition of consent.
Opt-Out (EU Specific)
66
The culture and desire of a business that seeks to use information collected by a company in every way possible to improve services and products. This needs to be balanced with privacy considerations.
Information Utility
67
This memorandum provides agencies with specific implementation guidance for conductingPIAs and developing website privacy policies. It applies to all executive branch agencies and departments, contractors and cross-agency initiatives that use websites or other information technology for interacting with the public. It requires agencies to: conduct PIAs and make them publicly available; postprivacy policieson agency websites; translate privacy policies into a standardized machine-readable format; ensure privacy responsibilities are properly executed for information in identifiable form (IIF) processed by information technology; report annually toOMBonSection 208compliance.
OMB Memorandum M-03-22
68
Provide management, technical and operational controls to reduce probable damage, loss, modification or unauthorized data access.
Information Security Practices
69
Concerns in software development that cannot be alleviated with a single design element or function. Privacy is an example of a quality attribute that can be divided up into further quality attributes (think about theFair Information Practices). UsingPrivacy by Designin all software development allows these quality attributes to be accounted for in all system functions as they are being developed.
Quality Attributes
70
The most expensive and most visible type of web advertising, typically on the homepage of a website and priced so that only big name companies/products use them.
Premium Advertising
71
A statement made to a data subject that describes how an organization collects, uses, retains and discloses personal information. A privacy notice may be referred to as a privacy statement, a fair processing statement or, sometimes, a privacy policy. Numerous global privacy and data protection laws require privacy notices.
Privacy Notice
72
Short lifespan data storage such as a sessioncookiestored on a browser that is purged from the system when the browser is closed
Transient Storage
73
A superior government s ability to have its law(s) supersede those of an inferior government. For example, the U.S. federal government has mandated that no state government can regulate consumer credit reporting.
Preemption
74
A computer scripting language used to produce interactive and dynamic web content.
Javascript
75
A non-localized telecommunications network that can be used to transmit data across large regions.
Wide Area Network
76
Adata storage device in which information, once written, cannot be modified. This protection offersassurance that the data originally written to the device has not beentampered with. The only way to remove data written to a WORM device is to physically destroy the device.
Write Once Read Many
77
A trade association representing advertising businesses. The IAB develops industry standards, conducts research, and provides legal support for the online advertising industry.
Interactive Advertising Bureau
78
A technology that allows telephone calls to be made over aLANor the Internet itself. Skype is a well-known example. VoIP poses the same risk as network-connected PBX systems but also poses the additional risk of data interception when such data travel over an unsecured connection. VoIP functionality should beencryptedwhere possible and equipment monitored with intrusion-detection systems.
Voice Over Internet Protocol
79
Information or records obtained, with theconsentof the individual to whom it relates, from licensed physicians or medical practitioners, hospitals, clinics or other medical or medically related facilities.
Medical Information
80
A system of digital certificates, authorities and other registration entities that verifies the authenticity of each party involved in an electronic transaction through the use of cryptography.
Public Key Infrastructure
81
Phishingtargeted at a particular group of people with a known affiliation to some organization.
Spear Phishing
82
Data acquired from a source other than directly from the subject of the data.
Third-Party Collection
83
Requirements of new software systems or products as they are implemented in anAgile Development Model. Usually they consist of a few sentences that describe how a consumer would interact with the system or product and what the ideal functionality would look like. These are used to inform the developers of how a system or product should work while they are designing a given portion of the system.
User Stories
84
Professionals and departments within an organization who have ownership of privacy activities, e.g., human resources, marketing, information technology.
Internal Partners
85
A document established between two or more parties to define their respective responsibilities in accomplishing a particular goal or mission. In this guide [NIST SP 800-47], an MOU/A defines the responsibilities of two or more organizations in establishing, operating and securing a system interconnection. For the proposed transmission of PII among federal agencies, a memorandum will govern the purpose, methods of transmission, relevant authorities, specific responsibilities of the organizations transmitting and receiving the PII, and risks associated with its transmission.
Memorandum of Understanding/Agreement
86
According to the General Data Protection Regulation, in exceptional cases where there is an urgent need to protection individuals rights and freedoms, a supervisory authority can bypass the cooperation procedures and consistency mechanism (see Consistency Mechanism) to adopt provisional measures in its country, after which it should notify other regulators who have an interest in the matter, the Commission and the European Data Protection Board. The supervisory authority can apply to the EDPB for an urgent opinion or decision where it feels that final measures are needed, and any regulator can apply for an urgent opinion or decision where it feels that another regulator has failed to take appropriate action in a case of urgency.
Urgency Procedure
87
The guidelines for privacy breach responses were drafted in 2007 and consist of four steps: (1) Containment of the breach and preliminary assessment; (2) evaluating the associated risks; (3) notifying affected parties; (4) taking adequate steps to prevent future breaches.
Privacy Breach Response (Canadian)
88
An individual s right to have their personal data deleted by a business or other organization possessing or controlling that data.
Right to Deletion
89
A layered approach defines three levels of security policies. The top layer is a high-level document containing the controller s policy statement. The next layer is a more detailed document that sets out the controls that will be implemented to achieve the policy statements. The third layer is the most detailed and contains the operating procedures, which explain how the policy statements will be achieved in practice
Layered Security Policy
90
Data that describes other data. Meta is a prefix meaning an underlying description in information technology usage.
Metadata
91
Any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly in particular by reference to an identification number or to one or more factors specific to their physical, physiological, mental, economic, cultural or social identity.
Personal Data (EU specific)
92
The PRA concerns information that is created, collected, disclosed, maintained, used, shared, and disseminated by or for the federal government, regardless of whether it isPII. The primary goal is to calculate and reduce as much as possible the burden of providing information to the government while maintaining the quality of that information. The requirements of the PRA cover collections of information, which may exist in any format, and could include surveys, applications, questionnaires, and reports or any scenario in which 10 or more persons are asked to provide the same information within a 12-month period.
Paperwork Reduction Act
93
One of the four classes of privacy, along withterritorial privacy,bodily privacy, andcommunications privacy. The claim of individuals, groups or institutions to determine for themselves when, how and to what extent information about them is communicated to others.
Information Privacy
94
A subfield of, or building block for, artificial intelligence (see Artificial Intelligence), machine learning is a problem-solving technique that trains a computer to identify new patterns. It implements various algorithms in a problem-solving process that includes data cleansing, feature selection, training, testing, and validation. Companies and government agencies increasingly deploy machine learning algorithms for tasks such as fraud detection, speech recognition, image classification and other pattern-recognition applications.
Machine Learning
95
Overseeing the intelligence community is the Office of the Director of National Intelligence. The IRTPA established the director of National Intelligence as the head of the intelligence community and the principal advisor to the president and theNational Security Council.
Office of the Director of National Intelligence
96
A body sanctioned by local, regional or national governments to enforce laws and apprehend those who break them. In Europe, public law enforcement authorities are governed by strict rules of criminal procedure designed to protect the fundamental human right to privacy enshrined in Article 8 of the European Convention on Human Rights (ECHR). In the arena of data protection, law enforcement is governed by the Directive on the Protection of Natural Persons with Regard to the Processing of Personal Data by Competent Authorities for the Purpose of Law Enforcement (Directive 2016/680), which came into force in April 2016 (see Law Enforcement Directive).
Law Enforcement Authority (EU specific)
97
The right for individuals to correct or amend information about themselves that is inaccurate.
Right To Correct
98
Buying through automated means, for example, by setting up a campaign in an RTB exchange or other automated system.
Programmatic Buying
99
Focused on refining and improving privacy processes, this model continuously monitors and improves the privacy program, with the added benefits of a life cycle approach to measure (assess), improve (protect), evaluate (sustain) and support (respond), and then start again.
Privacy Operational Life Cycle
100
An individual s right to limit or prohibit a business or other organization from processing their personal data.
Right to Restriction
101
The ISO (International Organization for Standardization) 27001 standard is a code of practice for implementing an information security management system, against which organizations can be certified.
ISO 27001
102
Colloquial term for Schrems v. Data Protection Commission (Ireland). See "Max Schrems." After revelations by Edward Snowden of NSA surveillance in the U.S. allegedly involving Facebook s cooperation, Schrems complained to the Irish DPC that Facebook Ireland, the company s European subsidiary, was improperly transferring his data to the U.S. where it could be accessed by the NSA. The data transfers from Facebook Ireland to the U.S. were allowed under the Safe Harbor adequacy decision. However, because Safe Harbor did not limit such U.S. government access for national security purposes, the CJEU (see "CJEU") struck down the Safe Harbor agreement as inconsistent with the European right to privacy. As a result, adequacy is based on the concept of essential equivalence: There must be an adequate level of protection of personal data essentially equivalent to the protection of personal data in the EU.
Schrems I
103
Used to distinguish from omnibus laws (see Omnibus Laws), to mean laws that cover a a specific market sector or population, rather than a broad portion of the market or citizenry.
Sectorial Laws
104
Taking appropriate measures to provide any information relating to processing to the data subject in a concise, intelligible and easily accessible form, using clear and plain language
Transparency
105
Websites or online advertising services that engage in the tracking or analysis of search terms, browser or user profiles, preferences, demographics, online activity, offline activity, location data, etc., and offer advertising based on that tracking.
Online Behavioral Advertising
106
Where actions by a data subject lead to an unmistakable conclusion that consent has been provided; where consent meets the standard of being a "freely given, specific and informed" indication of an individual s wishes. This is the baseline standard for consent in the General Data Protection Regulation.
Unambiguous Consent
107
A written court order issued in an administrative, civil or criminal action that requires the person named in the subpoena to appear in court in order to testify under oath on a particular matter which is the subject of an investigation, proceeding or lawsuit. A subpoena may also require the production of a paper, document or other object relevant to an investigation, proceeding or lawsuit that disclosespersonal information.
Subpoena
108
The predominant term for Personal Information in the European Union, defined broadly in the General Data Protection Regulation as any information relating to an identified or identifiable natural person.
Personal Data
109
A form of malware in which bad software masquerades as beneficial software.
Trojan Horse
110
A synonym for "personal data," which is any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly in particular by reference to an identification number or to one or more factors specific to their physical, physiological, mental, economic, cultural or social identity.
Personal Information (EU specific)
111
The General Data Protection Regulation permits "visualisation" to be used to provide fair processing information to data subjects where appropriate and makes provision for the use of standardized icons to give an easily visible, understandable and meaningful overview of the processing.
Standardized Icons
112
Anaccess controlsystem by which access to data, by the owner or user, is constrained by the operating system itself.
Mandatory Access Control
113
An energy system that manages electricity consumption through continuous monitoring, remote computerization and automation. The traditional electric transmission system required physically sending workers into the field to periodically read customer meters and find where problems existed in the grid. Smart grid operators; however, can remotely monitor and control the use of electricity to each home or business
Smart Grid
114
An important source of standards and best practices for managingelectronic discoverycompliance through data retention policies. Regarding email retention, the Sedona Conference offers four key guidelines:
1. Email retention policies should be administered by interdisciplinary teams composed of participants across a diverse array of business units;
2. such teams should continually develop their understanding of the policies and practices in place and identify the gaps between policy and practice;
3. interdisciplinary teams should reach consensus as to policies while looking to industry standards;
technical solutions should meet and parallel the functional requirements of the organization.
Sedona Conference
115
Section 208 requires agency website privacy policies to include the following information: what information is to be collected through use of the website; why the information is being collected; the intended use by the agency of the information; with whom the information will be shared; what notices or opportunities for consent will be provided; how the information will be secured; the rights of individuals under thePrivacy Actand other privacy laws.
Section 208 of the E-Government Act
116
E-mails or other communications that are designed to trick a user into believing that he or she should provide a password, account number or other information. The user then typically provides that information to a website controlled by the attacker. Spear phishing is a phishing attack that is tailored to the individual user, such as when an e-mail appears to be from the user s boss, instructing the user to provide information.
Phishing
117
Data files created on a computer s hard drive by a domain to track user preferences and used by all versions of Adobe Flash Player. They are often calledflashcookies. LSOs differ fromHTTPcookiesin that they are saved to a computer s hard drive rather than the web
Local Shared Objects
118
Closely intertwined with access, rectification is the right or ability of a data subject to correct erroneous information that is stored about them. Under the General Data Protection Regulation, data subjects have the right to rectification of inaccurate personal data, and controllers must ensure that inaccurate or incomplete data is erased, amended or rectified.
Rectification (EU specific)
119
Within the information life cycle, the concept that organizations should retain personal information only as long as necessary to fulfill the stated purpose.
Retention
120
Data indicating the geographical position of a device, including data relating to the latitude, longitude, or altitude of the device, the direction of travel of the user, or the time the location information was recorded.
Location Data
121
A machine-readable language that helps to express a website s data management practices in an automated fashion.
Platform for Privacy Preferences
122
Defined by the U.S. Office of Management and Budget Memorandum M-03-22, [a] statement about site privacy practices written in a standard computer language (not English text) that can be read automatically by a web browser.
Privacy Policy in Standardized Machine-Readable Format
123
Groups of information on individuals that have been altered or suppressed in some way to anonymize the data, protecting individuals from being identified.
Microdata Sets
124
One tool used to determine whether a PIA should be conducted.
Privacy Threshold Analysis
125
The only directly elected body of the European Union, the Parliament represents one half of the legislative arm of the EU, alongside the Council of the European Union. Members of Parliament are elected by citizens of the member states, in proportion to the size of each country, every five years. Those MEPs then elect the president of the European Commission. Its three primary responsibilities are legislative development, supervisory oversight of the other institutions, and development of the budget. As of 2018, the Parliament had 751 members.
Members of the European Parliament
126
A protocol which enables two devices to establish a connection and exchange data. A combination of TCP andIPis used to send data over the Internet. Data are sent in the form of a packet, which is a portion of a message sent over the TCP/IP network. It contains content and a heading that specifies the destination.
Transmission Control Protocol
127
A notation language that is used to describe system design elements in software development
Unified Modeling Language
128
Is defined by GLBA as personally identifiable financial information (i) provided by a consumer to a financial institution, (ii) resulting from a transaction or service performed for the consumer, or (iii) otherwise obtained by the financial institution. Excluded from the definition are (i) publicly available information and (ii) any consumer list that is derived without using personally identifiable financial information.
Non-Public Personal Information
129
Any computerized comparison of two or more automated systems of records or a system of records with non-Federal records for the purpose of establishing or verifying the eligibility of, or continuing compliance by, applicants for, recipients or beneficiaries of, participants in, or providers of services with respect to, cash or in-kind assistance or payments under Federal benefit programs, or (any computerized comparison of) two or more automated Federal personnel or payroll systems of records or (any such system) with non-Federal records.
Matching Program (from The Privacy Act of 1974)
130
The REAL ID Act of 2005 is a nationwide effort intended to prevent terrorism, reduce fraud and improve the reliability and accuracy of identification documents issued by U.S. state governments. The act has many varying provisions, but the one generating the most interest and controversy concerns the establishment and implementation of national standards for state-issued driver s licenses and non-driver ID cards. On January 11, 2008, theU.S. Department of Homeland Securityissued a final rule establishing the minimum-security standards for state-issued identification cards. The new standards purportedly enhance the card s integrity and reliability, strengthen issuance capabilities, increase security at card-production facilities and reduce state implementation costs.
REAL ID Act
131
Information collected and maintained by a government entity and available to the general public. In the General Data Protection Regulation, one of the derogations left to member states is an allowance for restrictions on certain data subject rights, such as the right to erasure, for the keeping of public records kept for reasons of general public interest.
Public Records (EU specific)
132
Requires that the parties are prohibited from using or disclosing protectedhealth information for any purpose other than the litigation and that the PHI will be returned or destroyed at the end of the litigation.
Qualified Protective Order
133
Listed within the General Data Protection Regulation as a form of personal information, a unique string of numbers that identifies a computer on the Internet or other TCP/IP network. The IP address is expressed in four groups of up to three numbers, separated by periods. For example: 123.123.23.2. An address may be "dynamic," meaning that it is assigned temporarily whenever a device logs on to a network or an Internet service provider and consequently may be different each time a device connects. Alternatively, an address may be "static," meaning that it is assigned to a particular device and does not change, but remains assigned to one computer or device.
Internet Protocol Address (EU specific)
134
A notice required when a federal agency creates, modifies or destroys a system of records. When the agency collects and stores Personally Identifiable Information in records, the agency is required to establish the statutory need for the collection, disclose the collection, describe its contents and declare the routine uses for that agency or any other agency that will use the information. This disclosure must be made to theOffice of Management and Budgetand Congress and must be published in the Federal Register in advance of the system becoming operational.
System of Records Notice
135
Repositories ofpersonal informationthat are kept by the Canadian government to comply with thePrivacy Act.
Information Banks
136
Provides a standardized reference for companies to use in assessing the level of maturity of their privacy programs.
Privacy Maturity Model
137
A category of subpoena.The USA PATRIOT Actexpanded the use of national security letters. Separate and sometimes differing statutory provisions now govern access, without a court order, to communication providers, financial institutions, consumer credit agencies and travel agencies.
National Security Letter
138
The fourth of four phases of the privacy operational life cycle. It includes the respond principles of information requests, legal compliance, incident-response planning and incident handling. The respond phase aims to reduce organizational risk and bolster compliance to regulations.
Respond
139
The General Data Protection Regulation requires data controllers to demonstrate one of these six legal bases for processing: consent, necessity, contract requirement, legal obligation, protection of data subject, public interest, or legitimate interest of the controller. The controller is required to provide a privacy notice, specify in the privacy notice the legal basis for the processing personal data in each instance of processing, and when relying on the legitimate interest ground must describe the legitimate interests pursued.
Legal Basis for Processing
140
A body sanctioned by local, regional or national governments to enforce laws and apprehend those who break them.
Law Enforcement Authority
141
An organization will be liable for damages if it breaches a legal duty to protectpersonal informationand an individual is harmed by that breach.
Negligence
142
The ISO (International Organization for Standardization) 27002 standard is a code of practice for information security with hundreds of potential controls and control mechanisms. The standard is intended to provide a guide for the development of "organizational security standards and effective security management practices and to help build confidence in inter-organizational activities". It can be considered a guide to implementing ISO 27001 (see ISO 27001).
ISO 27002
143
The actions covered by a particular law or regulation. The material scope of the General Data Protection Regulation, for example, is the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system, other than that processing that falls outside of the scope of EU law, is done for personal or household use, or is done for law enforcement purposes.
Material Scope (EU specific)
144
A determining factor in substance testing where testing is allowed as a condition of continued employment if there is reasonable suspicion of drug or alcohol use based on specific facts as well as rational inferences from those facts; i.e., appearance, behavior, speech, odors.
Reasonable Suspicion
145
The most basic, stripped down form of web advertising that occurs when no data about the user or webpage is available. Advertising of this sort has no personalization.
Remnant Advertising
146
The Stored Communications Act was enacted as part ofElectronic Communications Privacy Actin 1986 in the United States. It generally prohibits the unauthorized acquisition, alteration or blocking of electronic communications while in electronic storage in a facility through which an electronic communications service is provided.
Stored Communications Act
147
Within the information life cycle the concept that organizations should retain personal information only as long as necessary to fulfill the stated purpose. Under the General Data Protection Regulation, the "right to be forgotten" exists where the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed, where a data subject has withdrawn their consent or objects to the processing of personal data concerning them, or where the processing of their personal data does not otherwise comply with the GDPR, unless there are other legal obligations or reasons of the public interest to retain their personal data.
Retention (EU specific)
148
An individual s right to prohibit or restrict the transfer of information for value from a business to a third party.
Right to No Sale
149
Creates the Existing Business Relationship exception to the U.S.Telephone Consumer Protection Act sban of fax-based marketing withoutconsentbut contains a requirement that all marketing faxes be accompanied by instructions on how toopt outof further unsolicited communications.
Junk Fax Prevention Act of 2005
150
The technology-based model for data protection utilizes technological security measures to protect individual spersonal data. While it is commonplace for companies to utilize technology to protect data, developments in commercially available hardware and software have enabled consumers to establish privacy protections for their own online activity.
Technology-Based Model
151
Also known as decentralized governance, this governance model involves the delegation of decision-making authority down to the lower levels in an organization, away from and lower than a central authority. There are fewer tiers in the organizational structure, wider span of control and bottom-to-top flow of decision-making and ideas.
Local Governance
152
If illegal or improper activity is taking place within an organization, employees may first observe it and report it to individuals with more authority or an agency outside of the organization. In setting up procedures to make it possible for an employee to report such activity, per laws in a variety of jurisdictions that protect the rights of these so-called whistleblowers, an organization will want to be sure that appropriate privacy safeguards are put in place.
Whistleblowing
153
The address of content located on a web server. Specifically, it is the letter and number coordinates that an end user submits to the web browser to instruct it to connect with the desired website. An example of a URL is https://iapp.org.
Uniform Resource Locator
154
Article 30 of the General Data Protection Regulation specifies circumstances that will trigger the record-keeping obligation. These include, for organizations of 250 or more employees, all processing of personal data. Or, regardless of the organization s size, controllers and processors are obligated to keep records of the processing if it is likely to result in a risk to the rights and freedoms of data subjects; is not occasional; or includes special categories of data or data relating to criminal convictions and offences.
Record-Keeping Obligation
155
The first enactment of laws limiting unsolicited and automated telemarketing for both telephone and fax communications. Most notably the act creates a private right of action for those receiving unsolicited faxes, carrying a $500 fine per violation and any damages sustained because of the fax. TheTelephone Consumer Protection Act also gives rule-making authority to theFederal Communications Commission, allowing it to make further regulations in this area. Among other provisions, the act prevents faxing without consent from the recipient (this requirement was amended by theJunk Fax Prevention Act of 2005to not include customers with an existing business relationship) and requires companies to create and honor internal do-not-call registries (in 2003 the National Registry was created by theFederal Trade Commission).
Telephone Consumer Protection Act of 1991
156
A partnership between the Department of Homeland Security and the public and private sectors intended to coordinate the response to security threats from the Internet. As such, it releases information about current security issues, vulnerabilities and exploits via the National Cyber Alert System and works with software vendors to create patches for security vulnerabilities.
US-CERT
157
[W]ritten in a standard computer language (not English text) that can be read automatically by a web browser.
Machine-readable Formats
158
is a policy-based approach to managing the flow of information through a life cycle from creation to final disposition. ILM provides a holistic approach to the processes, roles, controls and measures necessary to organize and maintain data, and has 11 elements: Enterprise objectives; minimalism; simplicity of procedure and effective training; adequacy of infrastructure;information security; authenticity and accuracy of one s own records; retrievability; distribution controls; auditability; consistency of policies; and enforcement.
Information Life Cycle Management
159
is the set of policies (standards and guidelines), principles, services, and products used by IT providers.
IT Architecture
160
A security control where access is granted at the lowest possible level required to perform the function.
Least Privilege
161
A U.S. law that regulates the federal government s use of computerized databases of information about U.S. citizens and permanent legal residents. It also establishesfair information practicesthat each agency must follow when collecting, using or disclosingpersonal information, including rights of citizen action and redress for violations. It guarantees that U.S. citizens and lawful permanent residents have: (1) the right to see records about themselves that are maintained by the federal government (provided that information is not subject to one or more of the Privacy Act's exemptions); (2) the right to amend inaccurate, irrelevant, untimely or incomplete records; and (3) the right to sue the government for failure to comply with its requirements. It also contains fair information practices that: (1) require that information about a person be collected from that person to the greatest extent practicable; (2) require agencies to ensure that their records are relevant, accurate, timely and complete, and (3) prohibit agencies from maintaining information describing how an individual exercises his or her First Amendment rights (unless the individualconsentsto it, it is permitted by statute or is within the scope of an authorized law enforcement investigation).
Privacy Act of 1974
162
The components used to link computers and other devices so they may share files and utilize other electronic resources, e.g. printers and fax machines. The most common network devices are those used to createLocal Area Networks(LAN), which require a hub, router, cable or radio connection devices, network cards, and (for access to the internet) a modem.
Network Devices
163
In light of the increased use of the Internet by federal agencies as an easy, inexpensive and expedient way to disseminate information to the public, Congress passed the Data Quality Act of 2000. This act was designed to ensure the quality of information released by federal agencies. The DQA s impact on individual privacy is limited and indirect, as its principal focus is on the quality, and not the confidentiality, of information intended for publication. That said, DQA data quality procedures overlap with the data quality and integrity requirements of thePrivacy Actwhen an agency collects, generates or uses individual-level data in an agency system of records to prepare or support published studies or research covered by the DQA.
The Data Quality Act
164
A colloquial description of the EU s General Data Protection Regulation s consistency mechanism that allows a specific Data Protection Authority (see DPA) to function as a business s single point of contact or lead supervisory authority for a complaint or investigation. This saves businesses from the need to potentially engage with DPAs from 28 EU Member States.
One-stop Shop
165
Contracting business processes, which may include the processing ofpersonal information, to a third party.
Outsourcing
166
Based on a user s interest as accounted for by their preferences online. Different from behavioral because it simply accounts for known preferences rather than taking into account different interactions with web pages and advertisements.
Psychographic Advertising
167
The actions covered by a particular law or regulation.
Material Scope
168
A form of access control. An IPS is much like an application firewall. Its intent is not only to detect a network attack but to prevent it. It neither requires nor involves human intervention in order to respond to a system attack.
Intrusion Prevention System
169
A statement made to a data subject that describes how an organization collects, uses, retains and discloses personal information. A privacy notice may be referred to as a privacy statement, a fair processing statement or, sometimes, a privacy policy. The General Data Protection Regulation requires a controller to provide a privacy notice prior to processing and to specify in the privacy notice the legal basis for the processing, in addition to other details, such as the contact information for the organization's Data Protection Officer. When relying on the legitimate interest ground, the controller must describe the legitimate interests pursued.
Privacy Notice (EU specific)
170
A company that provides Internet access to homes and businesses through modem dial-up, DSL, cable modem broadband, dedicated T1/T3 lines or wireless connections.
Internet Service Provider
171
Created by theAmerican Institute of Certified Public Accountants(AICPA) and theCanadian Institute of Chartered Accountants(CICA). It is a self-regulating seal program which licenses qualifying certified public accountants.
WebTrust
172
Technologies that use radio waves to identify people or objects carrying encoded microchips
Radio-Frequency Identification
173
A computer program or algorithm that replicates itself over a computer network, usually performing malicious actions.
Worm
174
A privacy notice designed to respond to problems with a excessively long notices. A short notice the top layer provides a user with the key elements of the privacy notice. The full notice the bottom layer covers all the intricacies in full. In its guidance on complying with the General Data Protection Regulation, the Article 29 Working Party, which has now been replaced by the European Data Protection Board, recommended a layered notice in order to meet requirements of the GDPR that privacy notices be easily accessible and easy to understand, and that clear and plain language be used.
Layered Notice
175
An implementation roadmap that provides the structure or checklists (documented privacy procedures and processes) to guide the privacy professional through privacy management and prompts them for the details to determine all privacy-relevant decisions for the organization.
Privacy Program Framework
176
A consumer reporting agency thatregularly assembles, evaluates, and maintains consumer files on consumers who reside nationwide using public record information and credit account information from persons who furnish that information regularly and in the ordinary course of business. Such agencies compile such information to create and disseminate reports about consumer credit worthiness, credit standing, or credit capacity.
Nationwide Consumer Reporting Agency
177
As defined in Article 9 of the General Data Protection Regulation, personal information that reveals, for example, racial origin, political opinions or religious or other beliefs, as well as personal data that concerns health or sexual life or criminal convictions is considered to be in a special category and cannot be processed except under specific circumstances.
Special Categories of Data
178
Services that utilize information about location to deliver, in various contexts, a wide array of applications and services, including social networking, gaming and entertainment. Such services typically rely upon GPS, RFID, Wi-Fi, or similar technologies in which geolocation is used to identify the real-world geographic location of an object, such as a mobile device or an internet-connected computer terminal.-
Location-Based Service
179
Privacy technology standards developed solely to be used for the transmission, storage and use of privacy data. Examples includePlatform for Privacy Preferences(P3P) and Enterprise
Privacy-Enhancing Technologies
180
Abstracted concepts of the operation of a new software system or product being developed that inform functional requirements. These requirements describe how a system should work rather than specific technical processes the system completes. For example the system shall be able to create user profiles for individuals using the system.
Non-Functional System Requirements
181
A record of both normal and suspect events by a computer system (typically an operating system). The application log contains events logged by applications or programs. For example, a database program might record a file error in the application log. The program developer decides which events to record. The system log contains events logged by the operating system components; for example, the failure of a driver or other system component to load during startup is recorded in the system log. The event types logged by system components are predetermined for the operating system. The security log can record security events, such as valid and invalid log-in attempts as well as events related to resource use, such as creating, opening, or deleting files. An administrator can specify what events are recorded in the security log. For example, if you have enabled log-in auditing, attempts to log in to the system are recorded in the security log.
Logs
182
Any individually identifiable health information transmitted or maintained in any form or medium that is held by an entity covered by the Health Insurance Portability and Accountability Act or its business associate; identifies the individual or offers a reasonable basis for identification; is created or received by a covered entity or an employer; and relates to a past, present or future physical or mental condition, provision of healthcare or payment for healthcare to that individual.
Protected Health Information
183
A protocol for establishing a secure connection for transmission that facilitates much of the online commerce that occurs on the Internet today. For example, HTTPS, a secure form ofHTTP, is an SSL application used in password exchanges or e-commerce. The primary goal of the SSL protocol is to provide privacy and reliability between two communicating applications. The protocol has three main properties: (1) The connection is private; (2) the peer s identity can beauthenticatedusing asymmetric, or public key,cryptography, and (3) the connection is reliable.
Secure Sockets Layer
184
A privacy breach occurs when there is unauthorized access, collection, use or disclosure ofpersonal information. Such activity is unauthorized if it occurs in contravention of applicable privacy legislation, such asPIPEDAor similar provincial privacy legislation.
Privacy Breach (Canadian)
185
A consumer reporting agency that compiles information about consumers on a nationwide basis related to (1) medical records or payments; (2) residential or tenant history; (3) check writing history; (4) employment history; or (5) insurance claims.
Nationwide Specialty Consumer Reporting Agency
186
An 1890 law review article by Louis Brandeis and Samuel Warren arguing that privacy is the right to be left alone, and that the violation of this right should give rise to a tort.
Right to Privacy, The
187
Colloquial term for Data Protection Commission (Ireland) v. Facebook & Schrems. See "Max Schrems." Being considered by the CJEU (see "CJEU") at the time of this writing, the case challenges the validity of standard contractual clauses for the transfer of personal data from the EU to the United States, on the same grounds Schrems used to challenge the Safe Harbor adequacy agreement (see "Schrems I").
Schrems II (aka Schrems 2.0)
188
An individual s right to have their personal data deleted by a business or other organization possessing or controlling that data.
Right To Be Forgotten
189
An independent public authority established by an EU member state, responsible for monitoring the application of the General Data Protection Regulation.
Supervisory Authority
190
In the General Data Protection Regulation, the right not to be subject to automated decision-making applies if such a decision is based solely on automated processing and produces legal effects concerning the data subject or similarly significantly affects them. If a decision-making process falls within these parameters, the underlying processing of personal data is only allowed if it is authorized by law, necessary for the preparation and execution of a contract, or done with the data subject s explicit consent, provided that the controller has put sufficient safeguards in place
Right To Object to Automated Decision-Making
191
A transfer of personal data to a fourth party or beyond. For instance, the first party is the data subject, the second party is the controller, the third party is the processor, and the fourth party is a sub-contractor of the processor. In the context of binding corporate rules, this might mean the third party is another unit of the controller organization outside of the EEA and the fourth party is a processor. If an onward transfer occurs, the controller remains accountable for processing of the personal data.
Onward Transfer
192
Data points which are not directly associated with a specific individual. The identity of the person is not known but multiple appearances of that person can be linked together. Uses an ID rather than PII to identify data as coming from the same source. IP address,GUIDand ticket numbers are forms of pseudonymous values.
Pseudonymous Data
193
An authentication process that requires more than one verification method (see Authentication), such as a password and biometric identifier, or log-in credentials and a code sent to an email address or phone number supplied by a data subject.
Multi-Factor Authentication
194
Also known as the C-I-A triad ; consists of three common information security principles:Confidentiality,integrity, andavailability.
Information Security Triad
195
An individual s right to object to the processing of their personal data by a business or other organization. An entity is obligated to review an individual s objection and respond to it.
Right to Object
196
Access policies that espouse the view that no employee should have greater information access than is necessary to capably perform his or her job function.
Role-Based Access Controls
197
NARA is charged with providing guidance and assistance with respect to records management and maintaining those records that are of sufficient value to warrant permanent preservation. Further, NARA establishes general records schedules, which provide mandatory disposal authorization for temporary administrative records common to several or all agencies of the federal government. These include records relating to civilian personnel, fiscal accounting, procurement, communications, printing and other common functions and certain nontextual records.
National Archives and Records Administration
198
A system that inspects network activity and identifies suspicious patterns that may someone is attempting to penetrate or compromise a system or network. An IDS: may be network-based or host-based; signature-base or anomaly-based, and requires human intervention in order to respond to the attack.
Intrusion Detection System
199
The division or component of an organization responsible for all forms of technology used to create, store, exchange and use information in its various forms.
IT Department
200
A conceptual model used to describe the stages in an information system development project.
Systems Development Life Cycle (SDLC)
201
Works councils, primarily in the European Union, are bodies that represent employees and have certain rights under local law that affect the use of employee data by employers. Works councils can have a role in deciding whether employees personal data can be processed because they typically have an obligation to safeguard employee rights, which include data protection and privacy rights. They are most likely to be encountered in a data protection setting in Germany.
Works Councils
202
One of the six legal bases for processing personal data outlined by the General Data Protection Regulation is processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Public Interest
203
Under Article 15 of the Data Protection Directive, individuals are entitled to object to being subject to fully automated decisions. The right, however, does not allow an individual to object to automated processing that then leads to a human decision.
Right Not To Be Subject to Fully Automated Decisions
204
A tracking mechanism that persists even after allcookieshave been deleted, usually using several varying types of storage to remain within a device.
Super Cookie
205
A coalition composed of numerous online companies and trade associations specifically established to encourage the self-regulation of online privacy. The OPA introduced the Online Privacy Guidelines.
Online Privacy Alliance
206
The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT) Act of 2001 is a broad-ranging act designed to counter terrorism that expanded U.S. law enforcement authority to surveillance and capturing communications and records. Commonly referred to as the Patriot Act
USA PATRIOT Act
207
The Canadian government requires all government institutions subject to thePrivacy Actto conduct these assessments. The purpose behind a PIA is to evaluate whether program and service delivery initiatives that involve the collection, use or disclosure ofpersonal informationare in compliance with statutory obligations.
Privacy Impact Assessments (Canadian)
208
An analysis of all new projects for their compliance with theprivacy standardandprivacy policyof an organization. Reviews should be performed multiple times beginning at the early stages of new project development to minimize potentialprivacy risks.
Privacy Review
209
Unless otherwise restricted by law, any individual that is harmed by a violation of the law can file a lawsuit against the violator.
Private Right of Action
210
The ability to withstand and recover from threats. The General Data Protection Regulation requires that controllers and processors, in proportion to risk, be able to ensure the resilience of processing systems and services.
Resilience
211
The General Data Protection Regulation requires that controllers and processors implement measures to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services. Integrity refers to the consistency, accuracy and trustworthiness of the data (see Accuracy).
Integrity
212
A project with the goal of designing web protocols with user privacy in mind. Several protocols have been developed out of this project including the most successful, XACML.
Platform for Privacy Preferences Project
213
Signed in 2007, and effective in 2009, its main aim was to strengthen and improve the core structures of theEuropean Unionto enable it to function more efficiently. The Lisbon Treaty amends the EU s two core treaties, the Treaty on European Union and the Treaty Establishing the European Community. The treaty ensures that all institutions of the European Union must protect individuals when processingpersonal data. It also established aEuropean Data Protection Supervisorwhose role is to regulate compliance with data protection law within the institutions of the European Union, but its references to authorities implies that the national data protection authorities may also have jurisdiction in such matters.
Treaty of Lisbon
214
A U.S. common law tort that states: One who gives publicity to a matter concerning the private life of another is subject to liability to the other for invasion of his privacy, if the matter publicized is of a kind that (a) would be highly offensive to a reasonable person and (b) is not of legitimate concern to the public. (Restatement (Second) of Torts 652D)
Publicity Given to Private Life
215
Information that is generally available to a wide range of persons. Some traditional examples include names and addresses in telephone books and information published in newspapers or other public media. Today, search engines are a major source of publicly available information.
Publicly Available Information
216
A regulation created by theFederal Trade Commission(FTC) under the authority of theFair and Accurate Credit Transactions Act of 2003. This regulation requires financial institutions and creditors to implement measures to detect and prevent identity theft. The original FTC rule was circumscribed by the Red Flag Program Clarification Act of 2010, which limited the definition of creditors to exclude any creditor that advances funds on the behalf of a person for expenses incidental to a service. The act in effect allowed lawyers, some doctors and other service type companies to avoid implementing Red Flag credit measures.
Red Flags Rule
217
An analysis of how information is handled: (i) to ensure handling conforms to applicable legal, regulatory and policy requirements regarding privacy; (ii) to determine the risks and effects of collecting, maintaining and disseminating information inidentifiableform in an electronic information system, and (iii) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks. PIAs should disclose what PII is being collected, why it is being collected, what the intended uses of the PII are, whom the PII will be shared with, what opportunities individuals will have toopt-outof PII collection or use, how the PII will be secured, whether a system of records is being created under the Privacy Act and an analysis of the information life cycle. Checklists or tools used to ensure that the system used to collectpersonal informationis evaluated for privacy risks, designed with lifecycle principles in mind and made to ensure that effective and required privacy protection measures are used. A PIA should be completed pre-implementation of the privacy project, product, or service and should be ongoing through its deployment. The PIA should identifythese attributes of the data collected: what information is collected; why it is collected; the intended use of the information; with whom the information is shared, and theconsentand choice rights of thedata subjects. The PIA should be used to assess new systems, significant changes to existing systems, operational policies and procedures and intended use of the information. PIAs should also be used before, during, and after mergers and acquisitions. An effective PIA evaluates the sufficiency of privacy practices and policies with respect to existing legal, regulatory and industry standards, and maintains consistency between policy and operational practices.
Privacy Impact Assessment
218
A Canadian term referring to information about an individual that is related to that individual s position, functions and/or performance of his or her job. A term that is undefined byPIPEDA, theprivacy commissionerhas decided that work product may at times fall under the definition ofpersonal information. Access to such information by the commissioner is addressed on a case-by-case basis. Not to be confused with the American legal term "work product," which refers to legal materials prepared in anticipation of litigation.
Work Product Information
219
Proportionality, along with necessity (seeNecessity), is one of two factors data controllers should consider as they apply the principle of data minimization (seeData Minimization), as required by the General Data Protection Regulation. Proportionality considers the amount of data to be collected and whether it is adequate and relevant in relation to the purposes for which it is being processed. Is the processing suitable and reasonably likely to achieve the stated objectives Are any adverse consequences that the processing creates justified in view of the importance of the objective pursued
Proportionality
220
A protocol that ensures privacy between client-server applications and Internet users of the applications. When a server and client communicate, TLS secures the connection to ensure that no third party can eavesdrop on or corrupt the message. TLS is a successor to SSL.
Transport Layer Security
221
Disclosure of specific information practices posted, usually accompanied by a consent request, at the point of information collection
Just-in-Time Notification
222
The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Pseudonymisation
223
The ability to ensure that neither the originator nor the receiver in a transaction can dispute the validity of the transaction or access request. An independent verification takes place which allows the sender s identity to be verified, typically by a third party, and also allows the sender to know that the intended recipient of the message actually received it. Non-repudiation of origin proves that data has been sent and non-repudiation of delivery proves that the data has been received.
Non-Repudiation
224
UnderHIPAA, this rule establishes U.S. national standards to protect individuals medical records and other personal health information and applies to health plans, healthcare clearinghouses and those healthcare providers that conduct certain healthcare transactions electronically. The rule requires appropriate safeguards to protect the privacy of personal health information and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records and to request corrections.
Privacy Rule, The
225
A Canadian act with two goals: (1) to instill trust in electronic commerce and private sector transactions for citizens, and (2) to establish a level playing field where the same marketplace rules apply to all businesses.
Personal Information Protection and Electronic Documents Act
226
Allows U.S. consumers to place their phone number on a national list, preventing calls from unsolicited telemarketers. This registration is now permanent and can be enforced by theFederal Trade Commission,Federal Communication Commissionand state attorneys general with up to a $16,000 fine per violation. Cell phones are protected from any unsolicited automatic-dialed calls through other FCC regulations.
National Do-Not-Call Registry (U.S.)
227
With a protective order, a judge determines what information should not be made public and what conditions apply to who may access the protected information.
Protective Order
228
A set of privacy principles developed by theCanadian Standards Association, that parallel the OECD's Guidelines Governing the Protection of Privacy and Transborder Data Flows of Personal Data and espouse 10 principles:Accountability,Identifying Purpose,Consent, Limiting Collection,Limiting Use, Disclosure, &Retention, Accuracy, Safeguards,Openness,Individual Accessand Challenging Compliance.
Model Code for the Protection of Personal Information
229
Collecting data from adata subjectthat is unaware of such collection.
Passive Collection
230
First released in 1980, and then updated in 2013, these guidelines represent perhaps the most widely accepted and circulated set of internationally agreed upon privacy principles along with guidance for countries as they develop regulations surrounding cross-border data flows and law-enforcement access to personal data. The principles, widely emulated in national privacy laws, includeCollection Limitation,Data Quality,Purpose Specification,Use Limitation,Security Safeguards,Openness,Individual Participation, andAccountability(see entries for each principle under their own listing elsewhere in the glossary).
OECD Guidelines
231
Direct marketing (seeDirect Marketing) to postal addresses. Just as with other forms of direct marketing, marketers must ensure they establish the lawful basis for processing personal data when postal marketing to those in the EEA under the General Data Protection Regulation.
Postal Marketing (EU specific)
232
A hardware identification number that uniquely identifies each device connected to a network. The MAC address is manufactured into every network card in each device and therefore it cannot be changed and remains constant no matter what network the device is connected to.
Media Access Control Address
233
A code offair information practicesthat contains five principles:
1. There must be nopersonal datarecord keeping systems whose very existence is secret.
2. There must be a way for an individual to find out what information about him (or her) is in a record and how it is used.
3. There must be a way for an individual to prevent information about him (or her) that was obtained for one purpose from being used or made available for other purposes without his (or her)consent.
4. There must be a way for an individual to correct or amend a record of identifiable information about him (or her).
Any organization creating, maintaining, using or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuse of the data.
United States Department of Health, Education and Welfare Fair Information Practice Principles (1973), The
234
One of the four classes of privacy, along withinformation privacy,bodily privacyandcommunications privacy. It is concerned with placing limitations on the ability of one to intrude into another individual s environment. Environment is not limited to the home; it may be defined as the workplace or public space and environmental considerations can be extended to an international level. Invasion into an individual s territorial privacy typically comes in the form of video surveillance, ID checks and use of similar technology and procedures.
Territorial Privacy
235
Unsolicited commercial e-mail.
SPAM
236
A screening to identify drug use. Substance testing can be used in a variety of settings such as preemployment, reasonable suspicion, routine testing, post-accident testing or randomly.
Substance Testing
237
Generally regarded as a synonym for Data Protection by Design (seeData Protection by Design). However, Privacy by Design as a specific term was first outlined in a framework in the mid-1990s by then-Information and Privacy Commissioner of Ontario, Canada, Ann Cavoukian, with seven foundational principles.
Privacy by Design
238
An international organization that promotes policies designed to achieve the highest sustainable economic growth, employment and a rising standard of living in both member and non-member countries, while contributing to the world economy.
Organization for Economic Cooperation and Development
239
One of two central concepts of choice. It means an individual makes an active affirmative indication of choice; i.e., checking a box signaling a desire to share his or her information with third parties.
Opt-In
240
Data collection in which information is gathered automatically often without the end user s knowledge as the user navigates from page to page on a website. This is typically accomplished through the use ofcookies,web beaconsor other types of identification mechanisms.
Passive Data Collection
241
The predominant term for Personal Information in the European Union, defined broadly in the General Data Protection Regulation as any information relating to an identified or identifiable natural person.
Persistent Storage
242
NIST is an agency within the Department of Commerce. NIST has the lead responsibility for the development and issuance of security standards and guidelines for the federal government, contractors, and the United States critical information infrastructure.
National Institute of Standards and Technology
243
Taking advantage ofSQLforms by inserting commands in information entry boxes. SQL is transferred in such a way that commands placed in forms can be seen as valid commands and affect the system in whatever way that command operates. Hackers can use SQL Injections to erase data banks, over load servers, etc. if the SQL isn t properly set up to avoid such attacks.
SQL Injection
244
A device used for the purpose of rendering a diagnostic opinion regarding an individual s honesty.
Polygraph
245
Any information about an individual, including any information that can be used to distinguish or trace an individual s identity, such as name, social security number, date and place of birth, mother s maiden name, or biometric records; and any other information that is linkable to an individual, such as medical, educational, financial, and employment information.
Personally Identifiable Information
246
The repository of all an organization s rules and procedures for implementing policies surrounding, for example, privacy and security. It is the natural reference point for anyone, such as a regulator or auditor, who wants to understand an organization s position regarding a particular policy area.
Policy Framework
247
Afair information practicesprinciple, it is the principle thatpersonal datashould be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data.
Security Safeguards
248
The authority of a court to hear a particular case. Courts must have jurisdiction over both the parties to the dispute (personal jurisdiction) and the type of dispute (subject matter jurisdiction). The term is also used to denote the geographical area or subject-matter to which such authority applies.
Jurisdiction
249
The ISE is a conceptual framework for facilitating the sharing of terrorism-related information among federal, state, local and tribal agencies, the private sector, and foreign partners. The ISE was mandated by theIntelligence Reform and Terrorism Prevention Act of 2004(IRTPA). ISE guidance includes steps that ensure the information privacy and other legal rights of Americans are protected in the development and use of the information-sharing environment. The ISE privacy guidelines provide high-level direction on protecting privacy. The guidelines apply to information about U.S. citizens and lawful permanent residents.
Information Sharing Environment
250
As defined in the U.S.Fair Credit Reporting Act: Aconsumer report or portion thereof in which information on a consumer s character, general reputation, personal characteristics, or mode of living is obtained through personal interviews with neighbors, friends, or associates of the consumer reported on or with others with whom he is acquainted or who may have knowledge concerning any such items of information. However, such information shall not include specific factual information on a consumer s credit record obtained directly from a creditor of the consumer or from a consumer reporting agency when such information was obtained directly from a creditor of the consumer or from the consumer.
Investigative Consumer Report
251
Data which is more significantly related to the notion of a reasonable expectation of privacy, such as medical or financial information. However, data may be considered more or less sensitive depending on context or jurisdiction. Recently the U.S. Federal Trade Commission classified TV-viewing data as "sensitive."
Sensitive Personal Information
252
The supervisory authority (see Supervisory Authority) of the main establishment (see Main Establishment) or of the single establishment of the controller or processor shall be competent to act as lead supervisory authority for the cross-border processing carried out by that controller or processor. The lead supervisory authority shall be the sole interlocutor of the controller or processor for the cross-border processing carried out by that controller or processor.
Lead Supervisory Authority
253
Various opinions of the Article 29 Working Party (see Article 29 Working Party) continue to be relevant even after the body's transition into the European Data Protection Board (EDPB). They continue to provide guidance and context as to the stance of European Union member state regulators in how data protection law should be interpreted.
Opinions of the Article 29 Working Party
254
Protects bodily integrity, and in particular the right not to have our bodies touched or explored to disclose objects or matters we wish to conceal.
Privacy of the Person
255
A United States law, passed in 2002, regulating the transparency of publicly held companies. In particular, public companies must establish a way for the company to confidentially receive and deal with complaints about actual or potential fraud from misappropriation of assets and/or material misstatements in financial reporting from so-called "whistle-blowers."
Sarbanes-Oxley Act
256
Content that is not actually created by the host site, but is developed, purchased or licensed from a third party. A concern associated with this content is that it can contain malicious code that is then unwittingly incorporated into the organization s own website source code. For example,cross-site scripting(XSS) attacks attempt to take advantage of the trust that users have for a given site.
Syndicated Content
257
Guidelines discouraging video as an initial security option with the following constraints: (1) Video should be taken only in the absence of less intrusive alternatives; (2) the use should be disclosed to the public; (3) individuals should have access to theirpersonal information; (4) video surveillance should be subject to independent audit, and (5)fair information practicesshould be respected.
Video Surveillance Guidelines
258
Networks that exist within an operational facility. They are considered within local operational control and are relatively easy to manage.
Local Area Network
259
The processes and methods to sustain ametricto match the ever-changing needs of an organization. Consists of a 5-step process: (1) Identification of the intended audience; (2) Definition of data sources; (3) Selection of privacy metrics; (4) Collection and refinement of systems/application collection points; and (5) Analysis of the data/metrics to provide value to the organization and provide a feedback quality mechanism.
Metric Life Cycle
260
he second of four phases of theprivacy operational life cycle. It provides the data life cycle,information security practicesandPrivacy by Designprinciples to protect personal information.
Protect
261
The PCI Security Standards Council is a council that is responsible for the development and management of the Payment Card Industry Security Standards, most notably thePCI Data Security Standard. The council is made up of American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. and other affiliate members.
PCI Security Standards Council
262
Recordings that do not have sound.
Video Surveillance
263
The action of reattaching identifying characteristics to pseudonymized or de-identified data (see De-identification and Pseudonymization) . Often invoked as a risk of re-identification or re-identification risk, which refers to nullifying the de-identification actions previously applied to data (see De-identification).
Re-identification
264
Enacted in 1983, the Act sets out rules for how institutions of the federal government must deal with personal information of individuals. It has been revised by many minor amendments, but remains substantially unaltered.
Privacy Act, The (Canadian)
265
A reference to joint investigations and joint enforcement measures in which members or staff from the supervisory authorities of multiple member states are involved. The General Data Protection Regulation requires supervisory authorities to work with one another when processing operations affect data subjects in multiple member states (see Consistency Mechanism).
Joint Operations
266
The information life cycle recognizes that data has different value, and requires approaches, as it moves through an organization from collection to deletion. The stages are generally considered to be: Collection, processing, use, disclosure, retention, and destruction.
Information Life Cycle
267
Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects, in particular to analyze or predict aspects concerning that person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements
Profiling
268
Also known as a web bug, pixel tag or clear GIF, a web beacon is a clear graphic image (typically one pixel in size) that is delivered through a web browser orHTMLe-mail. The web beacon operates as a tag that records an end user s visit to a particular web page or viewing of a particular e-mail. It is also often used in conjunction with a webcookieand provided as part of a third-party tracking service. Web beacons provide an ability to produce specific profiles of user behavior in combination with web server logs. Common usage scenarios for web beacons include online ad impression counting, file download monitoring, and ad campaign performance management. Web beacons also can report to the sender about which e-mails are read by recipients. Privacy considerations for web beacons are similar to those for cookies. Some sort of notice is important because the clear pixel of a web beacon is quite literally invisible to the end user.
Web Beacon
269
Substance testingsometimes required by law, prohibited in certain jurisdictions, but acceptable where used on existing employees in specific, narrowly defined jobs, such as those in highly regulated industries where the employee has a severely diminished expectation of privacy or where testing is critical to public safety or national security.
Random Testing
270
The standardauthenticationmechanism that requires a user name and password for access.
Single-Factor Authentication
271
The PAA restoredFISAto its original focus of protecting the rights of persons in the United States, while not acting as an obstacle to gathering foreign intelligence on targets located in foreign countries. The act also modernized FISA in four important ways: It clarifies FISA s definition of electronic surveillance; It provides a role for the FISA court in reviewing the procedures the intelligence community uses to ensure that collection remains direct at persons located overseas; It provides a mechanism for the FISA court to direct third parties to assist the intelligence community in its collection efforts, and; it protects third parties from private lawsuits arising from assistance they provide the government in authorized foreign intelligence activities targeting individuals located outside the United States.
Protect America Act, The
272
Attacks that exploit the basic network protocol in order to gain any available advantage. These attacks generally involve spoofing a network address so that a computer sends data to an intruder rather than their proper recipient or destination. Other attacks can involve service disruptions through a denial of service (DOS) attack a brute force method that overloads the capacity of a website s domain to respond to incoming requests such that it renders the server inoperable.
Network-Layer Attacks
273
Assessment of a third-party vendor for the vendor s privacy and information security policies, access controls, where the personal information will be held and who has access to it. Privacy/security questionnaires, privacy impact assessments and other checklists can be used to assess this risk
Vendor Management
274
One of two central concepts of choice. It means an individual makes an active affirmative indication of choice; i.e., checking a box signaling a desire to share his or her information with third parties. The General Data Protection Regulation's definition of consent as requiring a "clear affirmative act" makes opt-in the default standard for consent acquisition.
Opt-In (EU specific)
275
Programs that require participants to abide by codes of information practices and submit to monitoring to ensure compliance. In return, companies that abide by the terms of the seal program are allowed to display the programs seal on their website.
Seal Programs
276
A self-regulatory system that provides an enforceable security standard for payment card data. The rules were drafted by thePayment Card Industry Security Standards Council, which built on previous rules written by the various credit card companies. Except for small companies, compliance with the standard requires hiring a third party to conduct security assessments and detect violations. Failure to comply can lead to exclusion from Visa, MasterCard or other major payment card systems, as well as penalties.
PCI Data Security Standard
277
This refers to any data processed for the purpose of the conveyance of a communication on anElectronic Communications Networkor for the billing thereof. Traffic data includes information about the type, format, time, duration, origin, destination, routing, protocol used and the originating and terminating network of a communication. For example, in relation to a telephone call, traffic data includes, among other information, the phone numbers of the caller and call recipient; in relation to an e-mail, the e-mail addresses of the sender and recipient and the size of any attachments.
Traffic Data
278
Laws that exist only in areas where the legislative body has found a particular need
Sectoral Laws/Model
279
One of two chambers of the Canadian Parliament, along with the House of Commons. Unlike the House of Commons, whose members are elected, the Senate is appointed by the governor in council based upon the recommendations of the prime minister.
Senate (Canadian)
280
The use ofencryptionto protect stored or backed-up data both in transit and in the storage medium to provide an additional layer of security.
Storage Encryption
281
The automatic forwarding of data packets from one server to another.
Transit
282
The first high-level task necessary to implementing proactive privacy management through three subtasks: Define your organization s privacy vision and privacy mission statements; develop privacy strategy; and structure your privacy team.
Strategic Management
283
RSA (Rivest-Shamir-Adleman) is the most common internetencryptionandauthenticationsystem. The system used an algorithm that involves multiplying two large prime numbers to generate apublic key, used to encrypt data and decrypt an authentication, and a private key, used to decrypt the data and encrypt an authentication.
RSA Encryption
284
Refers to the storage of data by a third-party vendor made accessible through the Internet.(Hosted storage, Internet storage, cloud storage) This is a common data storage alternative to local storage, such as on a hard drive, and portable storage, such as a flash drive.
Online Data Storage
285
When President Obama entered into office he issued a memorandum calling for an unprecedented level ofopennessin government, which launched the Open Government Initiative. In December 2009, the Director of theOMBissued the Open Government Directive, which set forth detailed requirements focused on implementing the president s vision. The president required the OMB to issue a directive to federal departments and agencies to take certain steps to implement the underlying principles oftransparency, participation and collaboration discussed in the president s memorandum.
Open Government Directive
286
A fair information practices principle. There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available to establish the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller. Closely linked with transparency.
Openness
287
Necessity along with proportionality (seeProportionality), is one of two factors data controllers should consider as they apply the principle of data minimization (seeData Minimization), as required by the General Data Protection Regulation. Necessity considers the amount of data to be collected and whether it is necessary in relation to the stated purposes for which it is being processed.
Necessity
288
One of the six legal bases for processing personal data in the General Data Protection Regulation, the legitimate interests of a controller, including those of a controller to which the personal data may be disclosed, or of a third party, may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding, taking into consideration the reasonable expectations of data subjects based on their relationship with the controller.
Legitimate Interests of Controller
289
A standard form label intended to make privacy policies easily and quickly understandable. Privacy Nutrition Labels where developed by the Cylab Usable Privacy and Security Laboratory (CUPS) at Carnegie Mellon University.
Privacy Nutrition Label
290
Four main areas of privacy are of particular interest with regard to data protection and privacy laws and practices:information privacy,bodily privacy,territorial privacy, andcommunications privacy.
Privacy
291
A type of online advertising where visitors to a website are targeted with ads related to that website as they browse elsewhere. The most common form of retargeting is a digital advertising network, which leverages retargeting to display advertisements to a user related to a website previously visited by the user across all third-party websites in a network.
Retargeting
292
Self-regulation refers to stakeholder-based models for ensuring privacy. The term self-regulation can refer to any or all of three pieces: legislation, enforcement and adjudication. Legislation refers to question of who defines privacy rules. For self-regulation, this typically occurs through the privacy policy of a company or other entity, or by an industry association. Enforcement refers to the question of who should initiate enforcement action. Actions may be brought bydata protection authorities, other government agencies, industry code enforcement or, in some cases, the affected individuals. Finally, adjudication refers to the question of who should decide whether an organization has violated a privacy rule. The decision maker can be an industry association, a government agency or a judicial officer. These examples illustrate that the term self-regulation covers a broad range of institutional arrangements. For a clear understanding of data privacy responsibilities, privacy professionals should consider who defines the requirements, which organization brings enforcement action and who actually makes the judicial decisions.
Self-Regulation Model, The
293
The process of formulating or selectingmetricsto evaluate implementation, efficiency or effectiveness; gathering data and producing quantifiable output that describes performance.
Performance Measurement
294
A strategy used when creating new software products and systems. Plan-driven models focus on designing the entirety of the system and system functions before actual creation of the system, as opposed to theAgile Development Model. An example of a plan-driven model is the Spiral model.
Plan-Driven Development Model
295
Also called the Human Rights Declaration, the declaration recognized the universal values and traditions of inherent dignity, freedom, justice and peace. It was adopted by the General Assembly of the United Nations on 10 December 1948. In December 1948, the General Assembly of the United Nations adopted and proclaimed the Universal Declaration of Human Rights. This declaration formally announced that [n]o one shall be subjected to arbitrary interference with his privacy, family, home or correspondence [.] The statement was intended to encompass a wide range of conduct, as evidenced by Article 12 of the Declaration, which describes both the territorial and the communications notions of privacy.
Universal Declaration of Human Rights
296
Collection by way of observing the data stream produced by a givendata subjectwithout interference in the data subject s activity.
Surveillance Collection
297
MDM refers to software solutions that allow administrators to oversee the use of mobile devices for productivity and security reasons. MDM solutions usually allow an organization to control mobile apps, networks and data used by the mobile device from a single centralized software product, thereby assuring better control of company information on personal devices. MDM solutions also present challenges in theBYODcontext because they allow for greater monitoring of employees' personal use of their devices. Some MDM solutions enable organizations to remotely wipe a mobile device if it is suspected of being lost or compromised, which raises additional concerns if personalemployee informationis deleted.
Mobile Device Management (MDM)
298
Under thePrivacy Act, the OMB is charged with the responsibility to supervise agencies implementation of the act s provisions. In order to perform this task, the act provides that the director of the OMB shall develop and prescribe guidelines and regulations, as well as provide assistance and oversight of their implementation by agencies.
Office of Management and Budget (OMB)
299
Chairman and founder of noyb, a "privacy enforcement platform" that brings data protection cases to the courts under the General Data Protection Regulation. Schrems first came notoriety as an Austrian law student, who complained to the Irish Data Commissioner that Facebook Ireland was illegally sharing his personal data with the U.S. government, following the revelations of Edward Snowden. The case, known as "The Schrems case" or "Schrems I," eventually caused the invalidation of the Safe Harbor data-transfer agreement between the EU and U.S. (see "Safe Harbor" and "Privacy Shield"). At the time of this writing, a second case brought by Schrems, known as Schrems 2.0 or Schrems II, seeks to invalidate standard contratual clauses when used to transfer data to the United States from the EU.
Max Schrems
300
One of two central concepts of choice. It means an individual s lack of action implies that a choice has been made; i.e., unless an individual checks or unchecks a box, their information will be shared with third parties.
Opt-Out
301
An internal statement that governs an organization or entity s handling of personal information. It is directed at those members of the organization who might handle or make decisions regarding the personal information, instructing them on the collection, use, storage and destruction of the data, as well as any specific rights the data subjects may have. May also be referred to as a data protection policy.
Privacy Policy
302
The protection of information for the purposes of preventing loss, unauthorized access and/or misuse. It is also the process of assessing threats and risks to information and the procedures and controls to preserveconfidentiality, integrity and availability of information.
Information Security
303
A general term for how attackers can try to persuade a user to provide information or create some other sort of security vulnerability.
Social Engineering
304
A fair information practices principle, part of the original OECD Guidelines, and a piece of many privacy and data protection regulations, this is the principle that the purposes for which personal data are collected should be specified no later than at the time of data collection and the subsequent use of that personal data is limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified to the individual on each occasion of change of purpose, or for which there is a further legal basis that would not require notification.
Purpose Limitation
305
Tools that facilitate decision-making andaccountabilitythrough collection, analysis, and reporting of data. They must be measurable, meaningful, clearly defined (with boundaries), indicate progress, and answer a specific question to be valuable and practical.
Metrics
306
A United States law, passed in 2002, regulating the transparency of publicly held companies. In particular, public companies must establish a way for the company to confidentially receive and deal with complaints about actual or potential fraud from misappropriation of assets and/or material misstatements in financial reporting from so-called "whistle-blowers." U.S. companies with EU subsidiaries or affiliates are bound by both SOX and EU data protection law, thus potentially leading to conflicting obligations, specifically in regards to protecting the identity of the whistle-blower (SOX) vs. protecting the personal data of the employee accused of wrongdoing (EU data protection law).
Sarbanes-Oxley Act (EU specific)
307
An assessment of an organization s compliance with its privacy policies and procedures, applicable laws, regulations, service-level agreements, standards adopted by the entity and other contracts. The assessment or audit measures how closely the organization s practices align with its legal obligations and stated practices and may rely on subjective information such as employee interviews/questionnaires and complaints received, or objective standards, such as information system logs or training and awareness attendance and test scores. Audits and assessments may be conducted internally by an audit function or by external third parties. It is also common in some jurisdictions for the privacy/data protection officer to conduct assessments. The results of the assessment or audit are documented for management sign-off, and analyzed to develop recommendations for improvement and a remediation plan. Resolution of the issues and vulnerabilities noted are then monitored to ensure appropriate corrective action is taken on a timely basis. While assessments and audits may be conducted on a regular or scheduled basis, they may also arise ad hoc as the result of a privacy or security event or due to a request from an enforcement authority.
Privacy Assessment
308
Based on the concept of Design Patterns developed by Erich Gamma, Richard Helm, Ralph Johnson and John Vlissides, Privacy Patterns are a set of solutions to common privacy problems in designing software. Each Privacy Pattern describes a privacy concern that occurs when developing software and a uniform way to alleviate that concern.
Privacy Patterns
309
Redirecting a valid internet request to a malicious website by modifying a Hosts file or corrupting a network router domain name system.
Pharming
