Vocabulary Flashcards
accountability
A fair information practices principle, it is the idea that when personal information is to be transferred to another person or organization, the personal information controller should obtain the consent of the individual or exercise due diligence and take reasonable steps to ensure that the recipient person or organization will protect the information consistently with other fair use principles.
Reference(s) in IAPP Certification Textbooks: F18, 21-22; US34-35; C39, 101, 122; E8; G13; M35
Act Respecting the Protection of Personal Information in the Private Sector
A Québéquois privacy law that, other than different terminology, is similar to PIPEDA, though at a province level. It came into force in 1994 and espouses three principles: (1) Every person who establishes a file on another person must have a serious and legitimate reason for doing so; (2) The person establishing the file may not deny the individual concerned access to the information contained in the file; (3) The person must also respect certain rules that are applicable to the collection, storage, use and communication of this information.
Reference(s) in IAPP Certification Textbooks: F48-49, C35-37
Active Data Collection
When an end user deliberately provides information, typically through the use of web forms, text boxes, check boxes or radio buttons.
Active Scanning Tools
DLP network, storage, scans and privacy tools can be used to identify security and privacy risks to personal information. They can also be used to monitor for compliance with internal policies and procedures, and block e-mail or file transfers based on the data category and definitions.
Reference(s) in IAPP Certification Textbooks: M133
Adequate Level of Protection
A label that the EU may apply to third-party countries who have committed to protect data through domestic law making or international commitments. Conferring of the label requires a proposal by the European Commission, an Article 29 Working Group Opinion, an opinion of the article 31 Management Committee, a right of scrutiny by the European Parliament and adoption by the European Commission. Reference(s) in IAPP Certification Textbooks: F36-37; C24; E38, 175-178, 295 Associated term(s): Adequacy
Administrative Purpose
The use of personal information about an individual in Canada in a decision-making process that directly affects that individual.
Reference(s) in IAPP Certification Textbooks: C68
Adverse Action
Under the Fair Credit Reporting Act, the term “adverse action” is defined very broadly to include all business, credit and employment actions affecting consumers that can be considered to have a negative impact, such as denying or canceling credit or insurance, or denying employment or promotion. No adverse action occurs in a credit transaction where the creditor makes a counteroffer that is accepted by the consumer. Such an action requires that the decision maker furnish the recipient of the adverse action with a copy of the credit report leading to the adverse action.
Alberta PIPA
A privacy law in the Canadian province of Alberta, similar to PIPEDA, that came into force in 2004. Unlike PIPEDA, these acts clearly apply to employee information.
American Institute of Certified Public Accountants
A U.S. professional organization of certified public accountants and co-creator of the WebTrust seal program.
Americans with Disabilities Act
A U.S. law that bars discrimination against qualified individuals with disabilities.
Annual Independent Evaluations
Under FIMSA, U.S. agencies’ information security programs must be independently evaluated yearly. The independent auditor is selected by the agency’s inspector general or the head of the agency. The audit is submitted to the Office of Management and Budget.
Annual Reports
The requirement under the European Data Protection Directive that member state data protection authorities report on their activities at regular intervals.
Anonymity, Privacy, and Security Online
This survey by the Pew Research Center’s Internet Project asked 1,002 adults about their Internet habits. It is laid out in five parts: the quest for anonymity online; concerns about personal information online; who internet users are trying to avoid, the information they want to protect; how users feel about the sensitivity of certain kinds of data; online identity theft, security issues and reputational damage. (2013)
Antidiscrimination Laws
Refers to the right of people to be treated equally.
APEC Privacy Principles
A set of non-binding principles adopted by the Asia-Pacific Economic Cooperative (APEC) that mirror the OECD Fair Information Privacy Practices. Though based on OECD Guidelines, they seek to promote electronic commerce throughout the Asia-Pacific region by balancing information privacy with business needs.