Definitions

Question 1

data can no longer be used to identify an individual in any way

Answer 1

Anonymized Information

Question 2

data lowers the risk of identification, but still carries the risk of reidentification

Answer 2

De-Identified

Question 3

Data that has been processed in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information

Answer 3

Pseudonymized data

Question 4

Information collected and maintained by a government entity and available to the general public (e.g., real estate
records)

Answer 4

Public Records

Question 5

Information generally available to a wide range of persons (e.g., names and addresses in telephone books,
information published in newspapers or other public media, search engine results, social media)

Answer 5

Publicly Available Information

Question 6

Information not generally available nor easily accessed due to law or custom (e.g., medical records, financial
information, adoption records, company customer or employee databases)

Answer 6

Non Public Information

Question 7

Supervisory authority chartered to enforce

privacy or data protection laws and regulations

Answer 7

Supervisory authority, regulator or data protection authority (DPA)

Question 8

Who defines privacy rules?

Answer 8

Legislative

Question 9

Who should initiate enforcement action?

Answer 9

Enforcement

Question 10

Who should decide whether an organization has violated a privacy rule?

Answer 10

Adjudication

Question 11

Combination of law and self-regulation codes of conduct and behavior Example: Australia National Privacy Principals

Answer 11

Co-Regulatory

Question 12

Industry Specific Laws - Healthcare, Finance

Answer 12

Sectoral

Question 13

Omnibus laws that cover nearly all data and all processing of data

Answer 13

Comprehensive

Question 14

Legal precedents created over time

Answer 14

Common Law

Question 15

Agreement or settlement that resolves a dispute between a regulator and a private party without admission of
guilt or liability; describes the actions the defendant will take

Answer 15

Consent Decree

Question 16

Civil wrongs recognized by law as having the grounds for lawsuits

Answer 16

Tort Law

Question 17

the defendant knew or should have known that their action or inaction would cause harm

Answer 17

Intentional Tort

Question 18

defendant’s actions were unreasonably unsafe

Answer 18

Negligent Tort

Question 19

defendant has legal responsibility for damages or injury even if not negligent or at fault

Answer 19

Strict Liability

Question 20

Blanket authority to regulate a field of activity

Answer 20

General Authority

Question 21

Targeted at singular activities, which are outlined by legislation

Answer 21

Specific Authority

Question 22

Questions to ask about laws?

Answer 22

Why does this law exist?
Who is covered by this law?
What types of info does this law cover?
What is disclosed or prohibited?
Who enforces the law?
What happens if I don't comply?