Definitions Flashcards
data can no longer be used to identify an individual in any way
Anonymized Information
data lowers the risk of identification, but still carries the risk of reidentification
De-Identified
Data that has been processed in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information
Pseudonymized data
Information collected and maintained by a government entity and available to the general public (e.g., real estate
records)
Public Records
Information generally available to a wide range of persons (e.g., names and addresses in telephone books,
information published in newspapers or other public media, search engine results, social media)
Publicly Available Information
Information not generally available nor easily accessed due to law or custom (e.g., medical records, financial
information, adoption records, company customer or employee databases)
Non Public Information
Supervisory authority chartered to enforce
privacy or data protection laws and regulations
Supervisory authority, regulator or data protection authority (DPA)
Who defines privacy rules?
Legislative
Who should initiate enforcement action?
Enforcement
Who should decide whether an organization has violated a privacy rule?
Adjudication
Combination of law and self-regulation codes of conduct and behavior Example: Australia National Privacy Principals
Co-Regulatory
Industry Specific Laws - Healthcare, Finance
Sectoral
Omnibus laws that cover nearly all data and all processing of data
Comprehensive
Legal precedents created over time
Common Law
Agreement or settlement that resolves a dispute between a regulator and a private party without admission of
guilt or liability; describes the actions the defendant will take
Consent Decree