Vocabulary Flashcards

1
Q

accountability

A

A fair information practices principle, it is the idea that when personal information is to be transferred to another person or organization, the personal information controller should obtain the consent of the individual or exercise due diligence and take reasonable steps to ensure that the recipient person or organization will protect the information consistently with other fair use principles.
Reference(s) in IAPP Certification Textbooks: F18, 21-22; US34-35; C39, 101, 122; E8; G13; M35

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Act Respecting the Protection of Personal Information in the Private Sector

A

A Québéquois privacy law that, other than different terminology, is similar to PIPEDA, though at a province level. It came into force in 1994 and espouses three principles: (1) Every person who establishes a file on another person must have a serious and legitimate reason for doing so; (2) The person establishing the file may not deny the individual concerned access to the information contained in the file; (3) The person must also respect certain rules that are applicable to the collection, storage, use and communication of this information.
Reference(s) in IAPP Certification Textbooks: F48-49, C35-37

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Active Data Collection

A

When an end user deliberately provides information, typically through the use of web forms, text boxes, check boxes or radio buttons.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Active Scanning Tools

A

DLP network, storage, scans and privacy tools can be used to identify security and privacy risks to personal information. They can also be used to monitor for compliance with internal policies and procedures, and block e-mail or file transfers based on the data category and definitions.
Reference(s) in IAPP Certification Textbooks: M133

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Adequate Level of Protection

A
A label that the EU may apply to third-party countries who have committed to protect data through domestic law making or international commitments. Conferring of the label requires a proposal by the European Commission, an Article 29 Working Group Opinion, an opinion of the article 31 Management Committee, a right of scrutiny by the European Parliament and adoption by the European Commission.
Reference(s) in IAPP Certification Textbooks: F36-37; C24; E38, 175-178, 295
Associated term(s): Adequacy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Administrative Purpose

A

The use of personal information about an individual in Canada in a decision-making process that directly affects that individual.
Reference(s) in IAPP Certification Textbooks: C68

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Adverse Action

A

Under the Fair Credit Reporting Act, the term “adverse action” is defined very broadly to include all business, credit and employment actions affecting consumers that can be considered to have a negative impact, such as denying or canceling credit or insurance, or denying employment or promotion. No adverse action occurs in a credit transaction where the creditor makes a counteroffer that is accepted by the consumer. Such an action requires that the decision maker furnish the recipient of the adverse action with a copy of the credit report leading to the adverse action.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Alberta PIPA

A

A privacy law in the Canadian province of Alberta, similar to PIPEDA, that came into force in 2004. Unlike PIPEDA, these acts clearly apply to employee information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

American Institute of Certified Public Accountants

A

A U.S. professional organization of certified public accountants and co-creator of the WebTrust seal program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Americans with Disabilities Act

A

A U.S. law that bars discrimination against qualified individuals with disabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Annual Independent Evaluations

A

Under FIMSA, U.S. agencies’ information security programs must be independently evaluated yearly. The independent auditor is selected by the agency’s inspector general or the head of the agency. The audit is submitted to the Office of Management and Budget.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Annual Reports

A

The requirement under the European Data Protection Directive that member state data protection authorities report on their activities at regular intervals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Anonymity, Privacy, and Security Online

A

This survey by the Pew Research Center’s Internet Project asked 1,002 adults about their Internet habits. It is laid out in five parts: the quest for anonymity online; concerns about personal information online; who internet users are trying to avoid, the information they want to protect; how users feel about the sensitivity of certain kinds of data; online identity theft, security issues and reputational damage. (2013)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Antidiscrimination Laws

A

Refers to the right of people to be treated equally.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

APEC Privacy Principles

A

A set of non-binding principles adopted by the Asia-Pacific Economic Cooperative (APEC) that mirror the OECD Fair Information Privacy Practices. Though based on OECD Guidelines, they seek to promote electronic commerce throughout the Asia-Pacific region by balancing information privacy with business needs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Application-Layer Attacks

A

Attacks that exploit flaws in the network applications installed on network servers. Such weaknesses exist in web browsers, e-mail server software, network routing software and other standard enterprise applications. Regularly applying patches and updates to applications may help prevent such attacks.

17
Q

Article 29 Working Party

A

A European Union organization that functions as an independent advisory body on data protection and privacy. While EU data protection laws are actually enforced by the national Data Protection Authorities of EU member states.

18
Q

Assess

A

The first of four phases of the privacy operational life cycle; provides the steps, checklists and processes necessary to assess any gaps in a privacy program as compared to industry best practices, corporate privacy policies, applicable privacy laws, and objective-based privacy program frameworks.

19
Q

Audit Life Cycle

A

High-level, five-phase audit approach. The steps include: Audit Planning; Audit Preparation; Conducting the Audit; Reporting; and Follow-up.

20
Q

Authentication

A

The process by which an entity (such as a person or computer system) determines whether another entity is who it claims to be. Authentication identified as an individual based on some credential; i.e. a password, biometrics, etc. Authentication is different from authorization. Proper authentication ensures that a person is who he or she claims to be, but it says nothing about the access rights of the individual.

21
Q

Authorization

A

In the context of information security, it is process of determining if the end user is permitted to have access to the desired resource such as the information asset or the information system containing the asset. Authorization criteria may be based upon a variety of factors such as organizational role, level of security clearance, applicable law or a combination of factors. When effective, authentication validates that the entity requesting access is who or what it claims to be.

22
Q

Background Screening/Checks

A

Verifying an applicant’s ability to function in the working environment as well as assuring the safety and security of existing workers. Background checks range from checking a person’s educational background to checking on past criminal activity.

23
Q

Bank Secrecy Act, The

A

A U.S. federal law that requires U.S. financial institutions and money services businesses (MSBs), which are entities that sell money orders or provide cash transfer services, to record, retain and report certain financial transactions to the federal government. This requirement is meant to assist the government in the investigation of money laundering, tax evasion, terrorist financing and various other domestic and international criminal activities.