Textbook Key

F: Foundations of Information Privacy and Data Protection

US: U.S. Private-sector Privacy

C: Canadian Privacy

E: European Privacy

G: U.S. Government Privacy

IT: Privacy in Information Technology

M: Privacy Program Management

Find the terms that relate to the program or designation you are studying for by using the tabs below to narrow your search.

Self-Regulation Model, The

Self-regulation refers to stakeholder-based models for ensuring privacy. The term “self-regulation” can refer to any or all of three pieces: legislation, enforcement and adjudication. Legislation refers to question of who defines privacy rules. For self-regulation, this typically occurs through the privacy policy of a company or other entity, or by an industry association. Enforcement refers to the question of who should initiate enforcement action. Actions may be brought by data protection authorities, other government agencies, industry code enforcement or, in some cases, the affected individuals. Finally, adjudication refers to the question of who should decide whether an organization has violated a privacy rule. The decision maker can be an industry association, a government agency or a judicial officer. These examples illustrate that the term “self-regulation” covers a broad range of institutional arrangements. For a clear understanding of data privacy responsibilities, privacy professionals should consider who defines the requirements, which organization brings enforcement action and who actually makes the judicial decisions.

Reference(s) in IAPP Certification Textbooks: F30, 33-34; US7; C5-6

Associated term(s): Comprehensive Laws, Co-regulatory Model, Online Privacy Alliance, Sectoral Laws, Seal Programs, Technology Based Model