F: Foundations of Information Privacy and Data Protection
US: U.S. Private-sector Privacy
C: Canadian Privacy
E: European Privacy
G: U.S. Government Privacy
IT: Privacy in Information Technology
M: Privacy Program Management
Find the terms that relate to the program or designation you are studying for by using the tabs below to narrow your search.
A fair information practices principle, it is the idea that when personal information is to be transferred to another person or organization, the personal information controller should obtain the consent of the individual or exercise due diligence and take reasonable steps to ensure that the recipient person or organization will protect the information consistently with other fair use principles.
Reference(s) in IAPP Certification Textbooks: F18, 21-22; US34-35; C39, 101, 122; E8; G13; M35
A label that the EU may apply to third-party countries who have committed to protect data through domestic law making or international commitments. Conferring of the label requires a proposal by the European Commission, an Article 29 Working Group Opinion, an opinion of the article 31 Management Committee, a right of scrutiny by the European Parliament and adoption by the European Commission.
Reference(s) in IAPP Certification Textbooks: F36-37; C24; E38, 175-178, 295
Associated term(s): Adequacy
Under the Fair Credit Reporting Act, the term “adverse action” is defined very broadly to include all business, credit and employment actions affecting consumers that can be considered to have a negative impact, such as denying or canceling credit or insurance, or denying employment or promotion. No adverse action occurs in a credit transaction where the creditor makes a counteroffer that is accepted by the consumer. Such an action requires that the decision maker furnish the recipient of the adverse action with a copy of the credit report leading to the adverse action.
Reference(s) in IAPP Certification Textbooks: US60-61; C124
Associated law(s): FCRA
A U.S. professional organization of certified public accountants and co-creator of the WebTrust seal program.
Reference(s) in IAPP Certification Textbooks: C61-62; M50, 86
A U.S. law that bars discrimination against qualified individuals with disabilities.
Reference(s) in IAPP Certification Textbooks: US156, 160-162, 165
Refers to the right of people to be treated equally.
Reference(s) in IAPP Certification Textbooks: US155-156, 159-161; E100
A set of non-binding principles adopted by the Asia-Pacific Economic Cooperative (APEC) that mirror the OECD Fair Information Privacy Practices. Though based on OECD Guidelines, they seek to promote electronic commerce throughout the Asia-Pacific region by balancing information privacy with business needs.
Reference(s) in IAPP Certification Textbooks: F19-20; US40-41; C120-122; G11-13; M27
Verifying an applicant’s ability to function in the working environment as well as assuring the safety and security of existing workers. Background checks range from checking a person’s educational background to checking on past criminal activity.
Reference(s) in IAPP Certification Textbooks: F39, 98; US158-164; E215; G158
A U.S. federal law that requires U.S. financial institutions and money services businesses (MSBs), which are entities that sell money orders or provide cash transfer services, to record, retain and report certain financial transactions to the federal government. This requirement is meant to assist the government in the investigation of money laundering, tax evasion, terrorist financing and various other domestic and international criminal activities.
Reference(s) in IAPP Certification Textbooks: US72-74; G103-105
Associated term(s): Financial Record Keeping and Reporting Currency and Foreign Transactions Act of 1970
The act of tracking users’ online activities and then delivering ads or recommendations based upon the tracked activities.
Reference(s) in IAPP Certification Textbooks: F134; US22, 24; C45-47; E261-264
Associated term(s): Online Behavioral Advertising, Behavioral Targeting
Legally binding internal corporate privacy rules for transferring personal information within a corporate group. BCRs are typically used by corporations that operate in multiple jurisdictions, and they are alternatives to the U.S.-EU Safe Harbor and Model Contract Clauses. BCRs must be approved by the EU data protection authorities of the member states in which the corporation operates.
Reference(s) in IAPP Certification Textbooks: F37; US25; E184-186
Associated law(s): EU Data Protection Directive
Self-regulatory principles (similar to Binding Corporate Rules) for processors that are applicable to customer personal data. Once a supplier’s BSPR are approved, a supplier gains ”safe processor” status and its customers would be able to meet the EU Data Protection Directive’s requirements for international transfers in a similar manner as BCR allow. BSPR are currently being considered as a concept by the Article 29 Working Party and national authorities.
Reference(s) in IAPP Certification Textbooks: E274, E296
Associated term(s): Binding Corporate Rules
The requirement that a data controller notify regulators and victims of incidents affecting the confidentiality and security of personal data. It is a transparency mechanism highlights operational failures, this helps mitigate damage and aids in the understanding of causes of failure.
Reference(s) in IAPP Certification Textbooks: F108-111; US117-118; C60-61, C129; E42, E159-161; G101-103
Associated term(s): Breach notification
Use of employees’ own personal computing devices for work purposes.
Reference(s) in IAPP Certification Textbooks: US171-172
Associated term(s): Consumerization of information technology (COIT)
A California state law that requires employers to notify applicants and employees of their intention to obtain and use a consumer report.
Reference(s) in IAPP Certification Textbooks: US163
Principles of law that have been established by judges in past decisions. When similar issues arise again, judges look to the past decisions as precedents and decide the new case in a manner that is consistent with past decisions.
Reference(s) in IAPP Certification Textbooks: US3
Reference(s) in IAPP Certification Textbooks: F43, 126-127; US107-11; C127-128; G94-98; M9, 38, 146
Associated term(s): 15 U.S.C. §§ 6501-6508
An individual’s ability to determine whether or how their personal information may be used or disclosed by the entity that collected the information. Also, the ability of an individual to limit certain uses of their personal information. For example; an individual may have choice about whether to permit a company to contact them or share their data with third parties. Can be express or implied.
Reference(s) in IAPP Certification Textbooks: F16; US6, 21; C62, 115, 121; E105-106
Associated term(s): Consent
Systems of cameras, monitors and recording equipment that are not used for broadcasting but are connected to a closed network by cables. CCTV is used primarily for video surveillance of premises.
Reference(s) in IAPP Certification Textbooks: F11; US168; C165; E228, 233-238
Associated term(s): Video Surveillance
The storage of information on the Internet. Although it is an evolving concept, definitions typically include on-demand accessibility, scalability, and secure access from almost any location. Cloud storage presents unique security risks.
Reference(s) in IAPP Certification Textbooks: F86, 139-141; E269
A fair information practices principle, it is the principle stating there should be limits to the collection of personal data, that any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.
Reference(s) in IAPP Certification Textbooks: F17, 20; M35
Under PIPEDA, “commercial activity” means any particular transaction, act or conduct, or any regular course of conduct, that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fundraising lists. Non-profit associations, unions and private schools are likely to be found to exist outside of this definition.
Reference(s) in IAPP Certification Textbooks: F49; US16; C27
Any form of electronic messaging, including e-mail, SMS text messages and messages sent via social networking about which it would be reasonable to conclude its purpose is to encourage participation in a commercial activity. Examples include electronic messages that offer to purchase, sell, barter or lease products, goods, services, land or an interest or right in land; offers to provide a business, investment or gaming opportunity; advertises or promotes anything previously mentioned.
Reference(s) in IAPP Certification Textbooks: US96-97, 99; C37
Unwritten legal principles that have developed over time based on social customs and expectations.
Reference(s) in IAPP Certification Textbooks: US3, 23; G145
One of the four classes of privacy, along with information privacy, bodily privacy and territorial privacy. It encompasses protection of the means of correspondence, including postal mail, telephone conversations, electronic e-mail and other forms of communicative behavior and apparatus.
Reference(s) in IAPP Certification Textbooks: F2; US85-102; C3-4
Laws that govern the collection, use and dissemination of personal information in the public and private sectors.
Reference(s) in IAPP Certification Textbooks: F31-32; C4-5
Associated term(s): Omnibus Laws
The discipline of assessing and examining an information system for relevant clues even after it has been compromised by an exploit.
Reference(s) in IAPP Certification Textbooks: F107; C4-5
The obligation of an individual, organization or business to protect personal information and not misuse or wrongfully disclose that information.
Reference(s) in IAPP Certification Textbooks: F77, G46
An e-mail approach where e-mail marketers send a confirmation e-mail requiring a response from the subscriber before the subscriber receives the actual marketing e-mail.
Reference(s) in IAPP Certification Textbooks: US38
Associated term(s): Double Opt In
This privacy requirement is one of the fair information practices. Individuals must be able to prevent the collection of their personal data, unless the disclosure is required by law. If an individual has choice (see Choice) about the use or disclosure of his or her information, consent is the individuals’ way of giving permission for the use or disclosure. Consent may be affirmative; i.e., opt-in; or implied; i.e., the individual didn’t opt out. (1) Explicit Consent: A requirement that an individual "signifies" his or her agreement with a data controller by some active communication between the parties. According to the EU Data Protection Directive, explicit consent is required for processing of sensitive information. Further, data controllers cannot infer consent from non-response to a communication. (2) Implicit Consent: Implied consent arises where consent may reasonably be inferred from the action or inaction of the individual.
Reference(s) in IAPP Certification Textbooks: F16; C28, G178
Associated term(s): Choice
A judgment entered by consent of the parties. Typically, the defendant agrees to stop alleged illegal activity and pay a fine, without admitting guilt or wrongdoing. This legal document is approved by a judge and formalizes an agreement reached between a federal or state agency and an adverse party.
Reference(s) in IAPP Certification Textbooks: US4, 15-16
Associated term(s): FTC
Any person or entity that complies or evaluates personal information for the purpose of furnishing consumer reports to third parties for a fee.
Reference(s) in IAPP Certification Textbooks: US58-59
Associated term(s): Credit Reporting Agency
A small text file stored on a client machine that may later be retrieved by a web server from the machine. Cookies allow web servers to keep track of the end user’s browser activities, and connect individual web requests into a session. Cookies can also be used to prevent users from having to be authorized for every password protected page they access during a session by recording that they have successfully supplied their user name and password already. Cookies may be referred to as "first-party" (if they are placed by the website that is visited) or "third-party" (if they are placed by a party other than the visited website). Additionally, they may be referred to as "session cookies" if they are deleted when a session ends, or "persistent cookies" if they remain longer.
Reference(s) in IAPP Certification Textbooks: F38, 75, 135-137; C46; E274-275; G37, 95, 97
Associated term(s): First-Party Cookie, Persistent Cookie, Session Cookie, Third-Party Cookie, Tracking Cookie, Web Cookie
A consumer-initiated security measure which locks an individual’s data at consumer reporting agencies. Is used to prevent identity theft, as it disallows both reporting of data and issuance of new credit.
Reference(s) in IAPP Certification Textbooks: US123
Under the Fair Credit Reporting Act, any organization that regularly engages in assembling or evaluating consumer credit information or other information on consumers for the purpose of furnishing consumer reports to third parties for a fee.
Reference(s) in IAPP Certification Textbooks: US58-59; G147
Associated term(s): Consumer reporting agency
Associated law(s): FCRA
A customer’s ability to access the personal information collected on them as well as review, correct or delete any incorrect information.
Reference(s) in IAPP Certification Textbooks: F122-123; US58; G13
In contrast to employee information, customer information includes data relating to the clients of private-sector organizations, patients within the healthcare sector and the general public within the context of public-sector agencies that provide services.
Reference(s) in IAPP Certification Textbooks: F10
The unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by a data collector. Breaches do not include good faith acquisitions of personal information by an employee or agent of the data collector for a legitimate purpose of the data collector—provided the personal information is not used for a purpose unrelated to the data collector's business or subject to further unauthorized disclosure.
Reference(s) in IAPP Certification Textbooks: F104-111; G5-6, 115
Associated term(s): Breach, Privacy Breach (Canadian)
A scheme that provides the basis for managing access to, and protection of, data assets.
Reference(s) in IAPP Certification Textbooks: US34
An entity that has the authority over the processing of personal information. This entity is the focus of most obligations under privacy and data protection laws. It controls the use of personal data by determining the purposes for its use and the manner in which the data will be processed. The data controller may be an individual or an organization that is legally treated as an individual, such as a corporation or partnership.
Reference(s) in IAPP Certification Textbooks: F8; E57-59, 288; G10-11
Associated term(s): Data Processor
The different types of personal information processed by data processors. Typical data elements include name, date of birth and numerical identifiers. Organizational data elements tied to both individuals as well as organizations include business addresses, business phone numbers, business e-mail addresses and related information.
Reference(s) in IAPP Certification Textbooks: F5; US49
An activity that involves comparing personal data obtained from a variety of sources, including personal information banks, for the purpose of making decisions about the individuals to whom the data pertains.
Reference(s) in IAPP Certification Textbooks: C87-89; G25-27, 160-161
Any operation or set of operations which is performed on personal data, such as collecting; recording; organizing; storing; adapting or altering; retrieving; consulting; using; disclosing by transmission, dissemination or otherwise making the data available; aligning or combining data, or blocking, erasing or destroying data. Not limited to automatic means.
Reference(s) in IAPP Certification Textbooks: F35-36
Associated term(s): Data Processor, Processing, Processor
An individual or organization that processes data on behalf of the data controller. Although they are often third-party providers, a data controller can also be a data processor.
Reference(s) in IAPP Certification Textbooks: F8; E57, 61-62, 288
Associated term(s): Data Controller, Processor
A fair information practices principle, it is the principle that personal data should be relevant to the purposes for which it is to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date. The quality of data is judged by four criteria: Does it meet the business needs?; Is it accurate?; Is it complete?, and is it recent? Data is of an appropriate quality if these criteria are satisfied for a particular application.
Reference(s) in IAPP Certification Textbooks: F22; C19; E2; G10, 20; M35
A natural or legal person, public authority, agency or any other body which processes personal data on behalf of the data controller.
The individual about whom information is being processed, such as the patient at a medical facility, the employee of a company or the customer of a retail store.
Reference(s) in IAPP Certification Textbooks: F8; E63; G10, 137
In the context of U.S. federal law, a term associated with corporate entities who mislead or misrepresent products or services to consumers and customers. These practices are regulated in the U.S. by the Federal Trade Commission at the federal level and typically by an attorney general or office of consumer protection at the state level. Law typically provides for both enforcement by the government to stop the practice and individual actions for damages brought by consumers who are hurt by the practices.
Reference(s) in IAPP Certification Textbooks: US16
Associated term(s): Unfair Trade Practices
Associated law(s): U.S. Federal Trade Commission Act
Common law tort which focuses on a false or defamatory statement, defined as a communication tending “so to harm the reputation of another as to lower him in the estimation of the community or to deter third persons from associating or dealing with him.”
Reference(s) in IAPP Certification Textbooks: US155
Associated term(s): Common Law
An action that one takes to remove identifying characteristics from data. De-identified data is information that does not actually identify an individual.
Reference(s) in IAPP Certification Textbooks: F5-7; US49; G91
Associated term(s): Anonymization, Anonymized Data, Deidentified Data, Pseudonymization, Pseudonymized Data
The use of log files to identify a website visitor. It is often used for security and system maintenance purposes. Log files generally include: the IP address of the visitor; a time stamp; the URL of the requested page or file; a referrer URL, and the visitor’s web browser, operating system and font preferences. In some cases, combining this information can be used to “fingerprint” a device. This more detailed information varies enough among computing devices that two devices are unlikely to be the same. It is used as a security technique by financial institutions and others initiating additional security assurances before allowing users to log on from a new device. Some privacy enforcement agencies; however, have questioned what would constitute sufficient notice and consent for digital fingerprinting techniques to be used for targeted advertising.
Reference(s) in IAPP Certification Textbooks: US138
A means for ensuring the authenticity of an electronic document, such as an e-mail, text file, spreadsheet or image file. If anything is changed in the electronic document after the digital signature is attached, the signature is rendered invalid.
Reference(s) in IAPP Certification Textbooks: US97
When the seller directly contacts an individual, in contrast to marketing through mass media such as television or radio.
Reference(s) in IAPP Certification Textbooks: F74-75; C36; E176
A proposed regulatory policy, similar to the existing Do Not Call Registry in the United States, which would allow consumers to opt out of web-usage tracking.
Reference(s) in IAPP Certification Textbooks: F75, 134; US22, 24
The collective name of the Electronic Communications Privacy and Stored Wire Electronic Communications Acts, which updated the Federal Wiretap Act of 1968. ECPA, as amended, protects wire, oral and electronic communications while those communications are being made, are in transit, and when they are stored on computers. The act applies to e-mail, telephone conversations and data stored electronically. The USA PATRIOT Act and subsequent federal enactments have clarified and updated ECPA in light of the ongoing development of modern communications technologies and methods, including easing restrictions on law enforcement access to stored communications in some cases.
Reference(s) in IAPP Certification Textbooks: US142,143; G108-109; M38
Prior to trial, information is typically exchanged between parties and their attorneys. E-discovery requires civil litigants to turn over large volumes of a company’s electronic records in litigation.
Reference(s) in IAPP Certification Textbooks: US133, 135-138
Associated term(s): Electronically stored information (ESI), Sedona Conference
Associated law(s): Federal Rules of Civil Procedure
A computer record of an individual's medical file that may be shared across multiple healthcare settings. In some cases this sharing can occur by way of network-connected enterprise-wide information systems and other information networks or exchanges. EHRs may include a range of data including demographics, medical history, medication and allergies, immunization status, laboratory test results, radiology images, vital signs, personal stats such as age and weight and billing information. Their accessibility and standardization can facilitate large-scale data collection for researchers.
Reference(s) in IAPP Certification Textbooks: US52; C104
Monitoring through electronic means; i.e., video surveillance, intercepting communications, stored communications or location based services.
Reference(s) in IAPP Certification Textbooks: US147, 157, 168
Associated law(s): Electronic Communications Privacy Act, Stored Communications Act, Wiretap Act
Personal information reasonably required by an organization that is collected, used or disclosed solely for the purposes of establishing, managing or terminating; (1) an employment relationship, or (2) a volunteer work relationship between the organization and the individual but does not include personal information about the individual that is unrelated to that relationship.
Reference(s) in IAPP Certification Textbooks: F39, 71-73; US158-175; C17
An employment contract can be terminated by either the employer or the employee at any time for any reason.
Reference(s) in IAPP Certification Textbooks: US154
An independent U.S. federal agency that enforces laws against workplace discrimination. The EEOC investigates discrimination complaints based on an individual's race, color, national origin, religion, sex, age, perceived intelligence, disability and retaliation for reporting and/or opposing a discriminatory practice. It is empowered to file discrimination suits against employers on behalf of alleged victims and to adjudicate claims of discrimination brought against federal agencies.
Reference(s) in IAPP Certification Textbooks: US157
An exemption to the Do Not Call (DNC) registry, a marketer may call an individual on the DNC registry if a prior or existing relationship formed by a voluntary two-way communication between a person or entity and a residential subscriber with or without an exchange of consideration, on the basis of an inquiry, application, purchase or transaction by the residential subscriber regarding products or services offered by such person or entity, which relationship has not been previously terminated by either party.
Reference(s) in IAPP Certification Textbooks: US87, 95-96
Associated term(s): Established customer relationship
Several directives deal with personal data usage in the EU, but the most overarching is the general policy approved by the European Commission in 1995 (95/46EC) which protects individuals’ privacy and personal data use. The Directive was adopted in 1995, became effective in 1998 and protects individuals’ privacy and personal data use. The Directive recognizes the European view that privacy is a fundamental human right and establishes a general comprehensive legal framework that is aimed at protecting individuals and promoting individual choice regarding the processing of personal data. The Directive imposes an onerous set of requirements on any person that collects or processes data pertaining to individuals in their personal or professional capacity. It is based on a set of data protection principles, which include the legitimate basis, purpose limitation, data quality, proportionality and transparency principles, data security and confidentiality, data subjects’ rights of access, rectification, deletion and objection, restrictions on onwards transfers, additional protection where special categories of data and direct marketing are involved and a prohibition on automated individual decisions. The Directive applies to all sectors of industry, from financial institutions to consumer goods companies, and from list brokers to any employer. The Directive’s key provisions impose severe restrictions on personal data processing, grant individual rights to “data subjects” and set forth specific procedural obligations including notification to national authorities. This was followed in 1997 by a more specific directive for the telecom sector (97/66/EC), which was replaced in mid-2002 by the European institutions to adapt it to new technologies and business practices (2002/58/EC). The Directive has been supplemented by additional directives including a specific provision for e-commerce.
There is currently a proposal from the European Commission for an EU Data Protection Regulation that would supersede the directive if passed.
Reference(s) in IAPP Certification Textbooks: F18-19, 34-41; E37; M30, 39
Associated term(s): Data Protection Directive
An agreement between the EU and U.S. under which data may be exported to the U.S. in compliance with the EU Directive on Data Protection. Within a safe harbor agreement a data processor must abide by seven principles that and self-certify the compliance with to the Department of Commerce. These principles are notice, choice, consent to onward transfer, security, integrity, access, and enforcement. Certifying oneself as abiding by the Safe Harbor Framework without full compliance may be considered a deceptive trade practice under section 5 of the FTC Act.
Reference(s) in IAPP Certification Textbooks: F39-41; US19; C114; E295
Associated term(s): Safe Harbor
The executive body of the European Union. Its main function is to implement the EU’s decisions and policies, along with other functions. It is also responsible for making adequacy determinations with regard to data transfers to third-party countries.
Reference(s) in IAPP Certification Textbooks: E274, 296
One of the oldest U.S. federal privacy laws still in force today. It was enacted in 1970 to mandate accurate and relevant data collection, give consumers the ability access and correct their information, and limit the use of consumer reports to permissible purposes, such as employment and extension of credit or insurance.
Reference(s) in IAPP Certification Textbooks: F4, 42; US57-64; C123-124; G147; M38
Associated law(s): Fair and Accurate Credit Transactions Act of 2003 (FACTA)
The United States' primary consumer protection agency, the FTC collects complaints about companies, business practices and identity theft under the FTC Act and other laws that they enforce or administer. Importantly, the FTC brings actions under Section 5 of the FTC Act, which prohibits unfair and deceptive trade practices.
Reference(s) in IAPP Certification Textbooks: F43; US14-20
Associated law(s): FTC Act
A rule, promulgated under HITECH, requiring vendors of personal health records and related entities to notify consumers when the security of their individually identifiable health information has been breached.
Reference(s) in IAPP Certification Textbooks:
Associated law(s): HITECH
A U.S. federal law that ensures citizen access to federal government agency records. FOIA only applies to federal executive branch documents. It does not apply to legislative or judicial records. FOIA requests will be fulfilled unless they are subject to nine specific exemptions. Most states have some state level equivalent of FOIA. The federal and most state FOIA statutes include a specific exemption for personal information so that sensitive data (such as Social Security numbers) are not disclosed.
Reference(s) in IAPP Certification Textbooks: F44; US133-135; G20, 22, 54-62
The GET and POST HTML method attributes specify how form data is sent to a web page. The GET method appends the form data to the URL in name/value pairs allowing passwords and other sensitive information collected in a form to be visible in the browser’s address bar, and is thus less secure than the POST method.
Associated term(s): POST Method
GPEN aims to promote cross-border information sharing as well as investigation and enforcement cooperation among privacy authorities around the world. Another cross-border enforcement cooperation effort is the Asia-Pacific Economic Cooperation
Reference(s) in IAPP Certification Textbooks: US25
The commonly used name for The Financial Services Modernization Act of 1999. The act re-organized financial services regulation in the United States and applies broadly to any company that is “significantly engaged” in financial activities in the U.S. In its privacy provisions, GLBA addresses the handling of non-public personal information, defined broadly to include a consumer’s name and address, and consumers’ interactions with banks, insurers and other financial institutions. GLBA requires financial institutions to securely store personal financial information; give notice of their policies regarding the sharing of personal financial information, and give consumers the ability to opt out of some sharing of personal financial information.
Reference(s) in IAPP Certification Textbooks: F41, 43, 68; US66-71; C125-126; G98-101; M8, 30, 38
Enacted as part of the American Recovery and Reinvestment Act of 2009, the HITECH Act, among other objectives, further addresses privacy and security issues involving PHI as defined by HIPAA. The HITECH privacy provisions include the introduction of categories of violations based on culpability that, in turn, are tied to tiered ranges of civil monetary penalties. Its most noteworthy elements elaborate upon breach notifications resulting from the use or disclosure of information that compromises its security or privacy.
Reference(s) in IAPP Certification Textbooks (see key at bottom of page): F32; US51-52; C124-125; G92-94
Related term(s): EHR
Associated law(s): HIPAA
A U.S. law passed to create national standards for electronic healthcare transactions, among other purposes. HIPAA required the U.S. Department of Health and Human Services to promulgate regulations to protect the privacy and security of personal health information. The basic rule is that patients have to opt-in before their information can be shared with other organizations—although there are important exceptions such as for treatment, payment and healthcare operations.
Reference(s) in IAPP Certification Textbooks: F42; US46-51; C124-125; G89-92; M9, 30, 38, 40
Collection, processing, use, disclosure, retention, and destruction.
Reference(s) in IAPP Certification Textbooks: F13, 16; G176
One of the four classes of privacy, along with territorial privacy, bodily privacy, and communications privacy. The claim of individuals, groups or institutions to determine for themselves when, how and to what extent information about them is communicated to others.
Reference(s) in IAPP Certification Textbooks: F2-4, 77-78; G8-13
The protection of information for the purposes of preventing loss, unauthorized access and/or misuse. It is also the process of assessing threats and risks to information and the procedures and controls to preserve confidentiality, integrity and availability of information.
Reference(s) in IAPP Certification Textbooks : F77-112; G45
The authority of a court to hear a particular case. Courts must have jurisdiction over both the parties to the dispute (personal jurisdiction) and the type of dispute (subject matter jurisdiction). The term is also used to denote the geographical area or subject-matter to which such authority applies.
Reference(s) in IAPP Certification Textbooks: F6-7; US5; C8
Services that utilize information about location to deliver, in various contexts, a wide array of applications and services, including social networking, gaming and entertainment. Such services typically rely upon GPS, RFID or similar technologies in which geolocation is used to identify the real-world geographic location of an object, such as a cell phone or an Internet-connected computer terminal.
Reference(s) in IAPP Certification Textbooks: F141; US170; E242-245
Associated term(s): Geolocation; GPS; Global Positioning System; RFID
Information or records obtained, with the consent of the individual to whom it relates, from licensed physicians or medical practitioners, hospitals, clinics or other medical or medically related facilities.
Reference(s) in IAPP Certification Textbooks: F67-68, US45-47, 63; G90
Associated term(s): HIPAA
Under HIPAA, the standard that the level of information that may be disclosed by healthcare providers to third parties is the minimum amount necessary to accomplish the intended purpose.
Reference(s) in IAPP Certification Textbooks: F22; US47-48
Associated term(s): Minimum Necessary Standard
Associated law(s): HIPAA
The authentication of a user by multiple means. This is typically accomplished by a requirement for both a password and at least one other form of authentication such as a pass card, biometric scan or an "out of band" means such as a phone call.
Reference(s) in IAPP Certification Textbooks: F94-95
Associated term(s): Two-Factor Authentication; Two-Step Authentication
A U.S. federal agency that administers the National Labor Relations Act. The board conducts elections to determine if employees want union representation and investigates and remedies unfair labor practices by employers and unions.
Reference(s) in IAPP Certification Textbooks: US157
Associated law(s): NLRA
A category of subpoena. The USA PATRIOT Act expanded the use of NSLs. Separate and sometimes differing statutory provisions now govern access, without a court order, to communication providers, financial institutions, consumer credit agencies and travel agencies.
Reference(s) in IAPP Certification Textbooks: US148
Associated law(s): USA-PATRIOT Act
An organization will be liable for damages if it breaches a legal duty to protect personal information and an individual is harmed by that breach.
Reference(s) in IAPP Certification Textbooks: F25; US5
Associated term(s): Private Right of Action
Is defined by GLBA as personally identifiable financial information (i) provided by a consumer to a financial institution, (ii) resulting from a transaction or service performed for the consumer, or (iii) otherwise obtained by the financial institution. Excluded from the definition are (i) publicly available information and (ii) any consumer list that is derived without using personally identifiable financial information.
Reference(s) in IAPP Certification Textbooks: F43; US67-68; G99; M36
Associated law(s): GLBA
(1)The Collection Limitation Principle. There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject. (2)The Data Quality Principle. Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date. (3)The Purpose Specification Principle. The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose. (4)The Use Limitation Principle. Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with Paragraph 8 (below) except a) with the consent of the data subject; or b) by the authority of law. (5)The Security Safeguards Principle. Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data. (6)The Openness Principle. There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller. (7)The Individual Participation Principle. An individual should have the right: a) to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him; b) to have data relating to him communicated to him, within a reasonable time, at a charge, if any, that is not excessive; in a reasonable manner; and in a form that is readily intelligible to him; c) to be given reasons if a request made under subparagraphs (a) and (b) is denied, and to be able to challenge such denial, and d) to challenge data relating to him and, if the challenge is successful to have the data erased, rectified, completed or amended.(8) The Accountability Principle. A data controller should be accountable for complying with measures which give effect to the principles stated above.
Reference(s) in IAPP Certification Textbooks: F17-18; US13; E7-9; G10-11
Associated term(s): OECD Guidelines Governing the Protection of Privacy and Transborder Data Flows of Personal Data (1980)
Laws in which the government has defined requirements throughout the economy including public-sector, private-sector and health-sector.
Reference(s) in IAPP Certification Textbooks: US16
Websites or online advertising services that engage in the tracking or analysis of search terms, browser or user profiles, preferences, demographics, online activity, offline activity, location data, etc., and offer advertising based on that tracking.
Reference(s) in IAPP Certification Textbooks: F134; US22, 24; C45-47; E261-264
One of two central concepts of choice. It means an individual makes an active affirmative indication of choice; i.e., checking a box signaling a desire to share his or her information with third parties.
Reference(s) in IAPP Certification Textbooks: F16; US38-40; C116-117; E136; G171
One of two central concepts of choice. It means that an individual’s lack of action implies that a choice has been made; i.e., unless an individual checks or unchecks a box, his or her information will be shared with third parties.
Reference(s) in IAPP Certification Textbooks: F16; US38-40; C116-117; E136
An international organization that promotes policies designed to achieve the highest sustainable economic growth, employment and a rising standard of living in both member and non-member countries, while contributing to the world economy.
Reference(s) in IAPP Certification Textbooks: F17-18; US13, 24; C18; E7; G10-11; M27, 50
Contracting business processes, such as the processing of personal information, to a third party.
Reference(s) in IAPP Certification Textbooks: C88-89; E287-292
A self-regulatory system that provides an enforceable security standard for payment card data. The rules were drafted by the Payment Card Industry Security Standards Council, which built on previous rules written by the various credit card companies. Except for small companies, compliance with the standard requires hiring a third party to conduct security assessments and detect violations. Failure to comply can lead to exclusion from Visa, MasterCard or other major payment card systems, as well as penalties.
Reference(s) in IAPP Certification Textbooks: F33; US23, 117; M9, 46
Technologies and processes that are designed to secure an entire network environment by preventing penetration from the outside.
Reference(s) in IAPP Certification Textbooks: F100
Any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly—in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
Reference(s) in IAPP Certification Textbooks: F4-7, 39
Associated term(s): Personal Information; Personally Identifying Information; Personally Identifiable Information
May refer to either a generic term for information, or an EU term for such information. In the U.S., such information may be referred to as Personally Identifiable Information
Reference(s) in IAPP Certification Textbooks: F4-7, 39; G4-5; M36
Associated term(s): Personal Data; Personally Identifying Information; Personally Identifiable Information
A device used for the purpose of rendering a diagnostic opinion regarding an individual’s honesty.
Associated term(s): Lie Detector
Associated law(s): Employee Polygraph Protection Act of 1988 (EPPA)
The GET and POST HTML method attributes specify how form data is sent to a web page. The POST method is more secure than GET as the GET method appends the form data to the URL allowing passwords and other sensitive information collected in a form to be visible in the browser’s address bar.
Associated term(s): GET Method
A superior government’s ability to have its law(s) supersede those of an inferior government. For example, the U.S. federal government has mandated that no state government can regulate consumer credit reporting.
Reference(s) in IAPP Certification Textbooks: US6
An assessment of an organization’s compliance with its privacy policies and procedures, applicable laws, regulations, service-level agreements, standards adopted by the entity and other contracts. The assessment or audit measures how closely the organization’s practices align with its legal obligations and stated practices and may rely on subjective information such as employee interviews/questionnaires and complaints received, or objective standards, such as information system logs or training and awareness attendance and test scores. Audits and assessments may be conducted internally by an audit function or by external third parties. It is also common in some jurisdictions for the privacy/data protection officer to conduct assessments. The results of the assessment or audit are documented for management sign-off, and analyzed to develop recommendations for improvement and a remediation plan. Resolution of the issues and vulnerabilities noted are then monitored to ensure appropriate corrective action is taken on a timely basis. While assessments and audits may be conducted on a regular or scheduled basis, they may also arise ad hoc as the result of a privacy or security event or due to a request from an enforcement authority.
Reference(s) in IAPP Certification Textbooks: F14
The concept that organizations need to build privacy directly into technology, systems and practices at the design phase, thereby ensuring the existence of privacy from the outset. Originating in the mid-1990s by the Information and Privacy Commissioner of Ontario, the principle has gained recognition around the globe, including from the U.S. Federal Trade Commission and the European Commission. Privacy by Design consists of seven foundational principles: (1) Proactive not Reactive; Preventative not Remedial. Privacy by Design anticipates and prevents privacy invasive events before they happen, rather than waiting for privacy risks to materialize; (2) Privacy as the Default Setting. No action is required by individuals to maintain their privacy; it is built into the system by default. This concept has been introduced in the European Commission’s draft regulation to reform data protection. (3) Privacy Embedded into Design. Privacy is an essential component of the core functionality being designed and delivered. The FTC has adopted this principle in its proposed consumer privacy framework, calling for companies to promote consumer privacy throughout the organization and at every stage of product development. (4) Full Functionality—Positive-Sum, not Zero-Sum: Privacy by Design seeks to accommodate all legitimate interests and objectives, rather than making unnecessary trade-offs. (5) End-to-End Security—Full Lifecycle Protection. Strong security measures are essential to privacy, from start to finish of the lifecycle of data. This is another principle the FTC has adopted in its proposed consumer privacy framework.
Reference(s) in IAPP Certification Textbooks: F14-15, 128; US21; M88-90, 121-122
Reference(s) in IAPP Certification Textbooks: F16; US16-18, 37; G95-97, 100
An official responsible for the coordination and implementation of all privacy and confidentiality efforts within a government department or component. This official may be statutorily mandated, as in the Department of Homeland Security, or appointed by a department or component to handle privacy and other related matters.
Reference(s) in IAPP Certification Textbooks: G3-4, 40
Reference(s) in IAPP Certification Textbooks: F11; US16-18; G134-136
Under HIPAA, this rule establishes U.S. national standards to protect individuals’ medical records and other personal health information and applies to health plans, healthcare clearinghouses and those healthcare providers that conduct certain healthcare transactions electronically. The rule requires appropriate safeguards to protect the privacy of personal health information and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The rule also gives patients’ rights over their health information, including rights to examine and obtain a copy of their health records and to request corrections.
Reference(s) in IAPP Certification Textbooks: US47-50, 134; G90-91
Associated law(s): HIPAA
Unless otherwise restricted by law, any individual that is harmed by a violation of the law can file a lawsuit against the violator.
Associated term(s): Negligence
Reference(s) in IAPP Certification Textbooks: US6
Any individually identifiable health information transmitted or maintained in any form or medium that is held by a covered entity or its business associate; identifies the individual or offers a reasonable basis for identification; is created or received by a covered entity or an employer, and relates to a past, present or future physical or mental condition, provision of healthcare or payment for healthcare to that individual.
Reference(s) in IAPP Certification Textbooks: US46; G91; M37
With a protective order, a judge determines what information should not be made public and what conditions apply to who may access the protected information.
Reference(s) in IAPP Certification Textbooks: US128-130
Associated term(s): Redaction
Information collected and maintained by a government entity and available to the general public.
Reference(s) in IAPP Certification Textbooks: F7, 71
A common law tort that states: “One who gives publicity to a matter concerning the private life of another is subject to liability to the other for invasion of his privacy, if the matter publicized is of a kind that (a) would be highly offensive to a reasonable person and (b) is not of legitimate concern to the public.” (Restatement (Second) of Torts § 652D)
Reference(s) in IAPP Certification Textbooks: US154-155
Associated term(s): Common Law
Requires that the parties are prohibited from using or disclosing the Personal Healthcare Information (PHI) for any purpose other than the litigation and that the PHI will be returned or destroyed at the end of the litigation.
Reference(s) in IAPP Certification Textbooks: US134, 136
Associated law(s): HIPAA
Associated terms: PHI
Technologies that use radio waves to identify people or objects carrying encoded microchips.
Substance testing sometimes required by law, prohibited in certain jurisdictions, but acceptable where used on existing employees in specific, narrowly defined jobs, such as those in highly regulated industries where the employee has a severely diminished expectation of privacy or where testing is critical to public safety or national security.
Reference(s) in IAPP Certification Textbooks: US166
Associated term(s): Substance Testing
A determining factor in substance testing where testing is allowed as a condition of continued employment if there is “reasonable suspicion” of drug or alcohol use based on specific facts as well as rational inferences from those facts; i.e., appearance, behavior, speech, odors.
Reference(s) in IAPP Certification Textbooks: US164-166
Associated term(s): Substance Testing
Closely intertwined with access, rectification is the right or ability of a data subject to correct erroneous information that is stored about them. The right is provided by the EU Data Protection Directive and the American Fair Credit Reporting Act, among other laws.
Reference(s) in IAPP Certification Textbooks: E90, 132-133
Associated term(s): Access
The practice of identifying and removing or blocking information from documents being produced pursuant to a discovery request or as evidence in a court proceeding. Specifically, attorneys are required to redact documents so that no more than the following information is included in court filings: (1) The last four digits of the Social Security number and taxpayer-identification number; (2) the year of the individual’s birth; (3) if the individual is a minor, only the minor’s initials, and (4) the last four digits of the financial account number.
Reference(s) in IAPP Certification Textbooks: US134-135
Associated term(s): Protective Orders
The process of using publicly available information to re-associate personally identifying information with data that has been anonymized.
Reference(s) in IAPP Certification Textbooks: G71-72, 91, 165-166
Associated term(s): Deidentification; anonymization
Within the information lifecycle the concept that organizations should retain personal information only as long as necessary to fulfill the stated purpose.
Reference(s) in IAPP Certification Textbooks: F16; G22
Generally, the right of individuals to obtain data about themselves from data controllers upon request. The right is accorded under Article 12 of the Data Protection Directive, although member states are afforded some latitude to implement the rule. In Canada, the right is provided by PIPEDA. In the U.S., The Privacy Act provides only U.S. Citizens and lawful permanent residents right of access to their own records, whereas FOIA provides a general right of access to agency records for any requester seeking access to such records.
Reference(s) in IAPP Certification Textbooks: C76-77; E126; G28
An example of a U.S. whistle-blower law, companies regulated by the law must establish a way for the company to confidentially receive and deal with complaints about actual or potential fraud from misappropriation of assets and/or material misstatements in financial reporting.
Reference(s) in IAPP Certification Textbooks: US159; E222-223
Related term(s): Whistle-Blowing
Programs that require participants to abide by codes of information practices and submit to monitoring to ensure compliance. In return, companies that abide by the terms of the seal program are allowed to display the programs seal on their website.
Reference(s) in IAPP Certification Textbooks: F33-34; US24; C5
“A cryptographic key used with a secret key cryptographic algorithm, uniquely associated with one or more entities and which shall not be made public. The use of the term ’secret’ in this context does not imply a classification level, rather the term implies the need to protect the key from disclosure or substitution.” (Federal Information Processing Standards Publication 140-1, Security Requirements for Cryptographic Modules)
An important source of standards and best practices for managing electronic discovery compliance through data retention policies. Regarding e-mail retention, the Sedona Conference offers four key guidelines: (1) E-mail retention policies should be administered by interdisciplinary teams composed of participants across a diverse array of business units; (2) such teams should continually develop their understanding of the policies and practices in place and identify the gaps between policy and practice; (3) interdisciplinary teams should reach consensus as to policies while looking to industry standards; (4) technical solutions should meet and parallel the functional requirements of the organization.
Reference(s) in IAPP Certification Textbooks: US135
Associated term(s): Data retention, e-Discovery
Reference(s) in IAPP Certification Textbooks: F30, 33-34; US7; C5-6
A case recognized as establishing the "knock-and-announce rule," an important concept relating to privacy in one's home and Fourth Amendment search and seizure jurisprudence.
Reference(s) in IAPP Certification Textbooks: C2
An energy system that manages electricity consumption through continuous monitoring, remote computerization and automation. The traditional electric transmission system required physically sending workers into the field to periodically read customer meters and find where problems existed in the grid. Smart grid operators; however, can remotely monitor and control the use of electricity to each home or business.
Reference(s) in IAPP Certification Textbooks: F73-74; US13
Unsolicited commercial e-mail.
Reference(s) in IAPP Certification Textbooks: F131-132; C128; E42-43, 265
Associated law(s): CASL; CAN-SPAM Act
An EU term describing sensitive personal information, namely information pertaining to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership and the processing of data concerning health or sex life.
Reference(s) in IAPP Certification Textbooks: F5; E100
Associated term(s): Sensitive Personal Data
Contractual agreements defined by the EU and Article 29 Working Party for the purpose of meeting the adequacy standards defined under the EU Data Protection Directive. Standard model clauses contain extensive data protection commitments and company liability requirements.
Reference(s) in IAPP Certification Textbooks: F37; E293-294
The Stored Communications Act (SCA) was enacted as part of Electronic Communications Privacy Act in 1986. It generally prohibits the unauthorized acquisition, alteration or blocking of electronic communications while in electronic storage in a facility through which an electronic communications service is provided.
Reference(s) in IAPP Certification Textbooks: US143, 169
Associated law(s): The Electronic Communications Privacy Act of 1986 (ECPA)
A written court order issued in an administrative, civil or criminal action that requires the person named in the subpoena to appear in court in order to testify under oath on a particular matter which is the subject of an investigation, proceeding or lawsuit. A subpoena may also require the production of a paper, document or other object relevant to an investigation, proceeding or lawsuit that discloses personal information.
Reference(s) in IAPP Certification Textbooks: G86, 101, 107
A screening to identify drug use. Substance testing can be used in a variety of settings such as preemployment, reasonable suspicion, routine testing, post-accident testing or randomly.
Reference(s) in IAPP Certification Textbooks: US165-166
Most legislation recognizes that data breach notifications involving thousands of impacted data subjects could place an undue financial burden on the organization and therefore allow substitute notification methods. In Connecticut, for example, “Substitute notice shall consist of the following: (A) Electronic mail notice when the person, business or agency has an electronic mail address for the affected persons; (B) conspicuous posting of the notice on the website of the person, business or agency if the person maintains one, and (C) notification to major state-wide media, including newspapers, radio and television.”
Reference(s) in IAPP Certification Textbooks: US123
Associated term(s): Data Breach
One of the four classes of privacy, along with information privacy, bodily privacy and communications privacy. It is concerned with placing limitations on the ability of one to intrude into another individual’s environment. Environment is not limited to the home; it may be defined as the workplace or public space and environmental considerations can be extended to an international level. Invasion into an individual’s territorial privacy typically comes in the form of video surveillance, ID checks and use of similar technology and procedures.
Reference(s) in IAPP Certification Textbooks: F2; C2
Associated term(s): Home Privacy
Sending personal data cross-border or from one company to another, which is necessary for operation of the company or for providing a service to a customer.
Reference(s) in IAPP Certification Textbooks: E75, 174
The requirement to be open and honest about manner in, and purposes for, which personal data is used. It is a fundamental principle in privacy protections and a key concept of the European data protection framework.
Reference(s) in IAPP Certification Textbooks: E107-111; G67-68, 70
A U.S. federal agency that oversees “the welfare of the job seekers, wage earners and retirees of the United States by improving their working conditions, advancing their opportunities for profitable employment, protecting their retirement and healthcare benefits, helping employers find workers, strengthening free collective bargaining and tracking changes in employment, prices and other national economic measurements.” To achieve this mission, the department administers a variety of federal laws including, but not limited to, the Fair Labor Standards Act (FLSA), the Occupational Safety and Health Act (OSHA) and the Employee Retirement Income Security Act (ERISA).
Reference(s) in IAPP Certification Textbooks: US157
Associated law(s): FLSA; ERISA, OSHA
Commercial conduct that intentionally causes substantial injury, without offsetting benefits, and that consumers cannot reasonably avoid.
Reference(s) in IAPP Certification Textbooks: US18-20
Associated term(s): Deceptive Trade Practices
Associated law(s): U.S. Federal Trade Commission Act
A code of fair information practices that contained five principles: (1) There must be no personal data record keeping systems whose very existence is secret. (2) There must be a way for an individual to find out what information about him (or her) is in a record and how it is used. (3) There must be a way for an individual to prevent information about him (or her) that was obtained for one purpose from being used or made available for other purposes without his (or her) consent. (4) There must be a way for an individual to correct or amend a record of identifiable information about him (or her). (5) Any organization creating, maintaining, using or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuse of the data.
Reference(s) in IAPP Certification Textbooks: G9
Associated term(s): HEW Principles; HEW Report, The
A broad-ranging act designed to counter terrorism that expanded law enforcement authority to surveillance and capturing communications and records.
Reference(s) in IAPP Certification Textbooks: US74, 132, 148; C88-90; G110-111
Associated term(s): Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001; Patriot Act
A telecommunications industry term for non-core services; i.e., services beyond voice calls and fax transmissions. More broadly, the term is used in the service sector to refer to services, which are available at little or no cost, and promote their primary business. For mobile phones, while technologies like SMS, MMS and GPRS are usually considered value-added services, a distinction may also be made between standard (peer-to-peer) content and premium-charged content. These are called mobile value-added services (MVAS), which are often simply referred to as VAS. Value-added services are supplied either in-house by the mobile network operator themselves or by a third-party value-added service provider (VASP), also known as a content provider (CP) such as All Headline News or Reuters. VASPs typically connect to the operator using protocols like short message peer-to-peer protocol (SMPP), connecting either directly to the short message service centre (SMSC) or, increasingly, to a messaging gateway that gives the operator better control of the content.
Reference(s) in IAPP Certification Textbooks: C117; E232-233, 260
Associated term(s): MVAS, VASP
Recordings that do not have sound.
Reference(s) in IAPP Certification Textbooks: US168-169
Associated term(s): Video Surveillance Guidelines
Associated law(s): FISA
A technology that allows telephone calls to be made over a LAN or the Internet itself. Skype is a well-known example. VoIP poses the same risk as network-connected PBX systems but also poses the additional risk of data interception when such data travel over an unsecured connection. VoIP functionality should be encrypted where possible and equipment monitored with intrusion-detection systems.
Reference(s) in IAPP Certification Textbooks: F88; US100
Created by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA). It is a self-regulating seal program which licenses qualifying certified public accountants.
Reference(s) in IAPP Certification Textbooks: F34; M50
Associated term(s): Seal Programs
The reporting of illegal or improper actions within a company by an employee of said company.
Reference(s) in IAPP Certification Textbooks: US156; E223-225
Associated term(s): Whistleblowing; Whistleblower
Associated law(s): SOX