A - D
Anti-Virus
Software designed to detect and destroy computer viruses.
Authentication
The process by which an entity (such as a person or computer system) determines whether another entity is who it claims to be. Authentication involves using credentials; i.e., driver’s license, password, biometrics, etc., either initially or in ...
Authorization
In the context of information security, it is process of determining if the end user is permitted to have access to the desired resource such as the information asset or the information system containing the asset. Authorization criteria may be based ...
Auto-Complete
A feature found in many computer programs (such as those used for email) that attempts to predict and automatically complete the current word, phrase, or email address as it is being entered by the program’s user.
Binding Corporate Rules
Legally binding internal corporate privacy rules for transferring personal information within a corporate group. BCRs are typically used by corporations that operate in multiple jurisdictions, and can be used as an alternative to model contract ...
Biometric Authentication
A security process that relies on the unique biological characteristics of an individual to verify is the individual’s identity.
Biometric Identifiers
Data concerning the intrinsic physical or behavioral characteristics of an individual. Examples include DNA, fingerprints, retina, and iris patterns, voice, face, handwriting, keystroke technique and gait.
Bookkeeping Records
(New York, Legal) Refers to the records and copies of information required to be maintained by a lawyer in relation to a lawyer’s possession of any funds or other property belonging to another person. Please see NY Rule 1.15 for additional ...
Breach Disclosure / Notification / Reporting
In the case of a confirmed or suspected personal data breach (generally meaning the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data), a breach disclosure (also known as breach ...
Confidential Information
Information about a person or entity that is nonpublic and is not to be shared or disclosed, i.e. it is kept in confidence or kept secret. If disclosed, the information could reasonably be expected to place the person or the entity at risk of ...
Confirmed in Writing
(Legal-New York) A writing from the person to the lawyer confirming that the person has given consent, a writing that the lawyer promptly transmits to the person confirming the person’s oral consent, or a statement by the person made on the record of ...
Data Classification
A scheme that provides the basis for managing access to, and protection of, data assets.
Data “Controller”/ “Owner”
Data Controller (EU) The natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. In other words, even if your company does not ‘own’ ...
Data Inventory
Identifies personal information as it moves across various systems and thus how data is shared and organized, and its location. The data can be categorized by subject area, which identifies inconsistent data versions, enabling identification and ...
Data Masking
The process of de-identifying; anonymizing, or otherwise obscuring data so that the structure remains the same, but the content is no longer sensitive, in order to generate a data set that does not allow to the viewer to see the ‘masked’ confidential ...
Data Protection Officer (DPO)
An individual with professional qualities and expert knowledge of data protection law and practices. The DPO will provide expert knowledge, guidance, and implementation of appropriate compliance measures to a controller or processor of personal data.
Data subject
An identifiable natural person who can be identified, directly or indirectly.
Data Transfer Agreements, such as Model Contracts
Utilized by organizations seeking to transfer data originating from an EU country to a country that has not been deemed adequate. Contains agreements defined by the EU and the Article 29 Working Party for the purpose of meeting the adequacy standards ...
Data Wipe
Use of a special software to remove information from compatible hard drives. This software may be included with the purchase of your device, or you may have to search for software compatible with your device to ensure proper data destruction. Most ...
Degauss Destruction
Use of a machine that produces a strong electronic field to destroy the data on the device’s hard drive.
Digital Data Security
Security of electronic information through digitally applicable safeguards.
Disclose
To reveal, release, transfer, disseminate or otherwise communicate information orally, in writing or by electronic or other means, other than to the person who is the subject of such information.
Due Diligence
Refers to the investigation, level of judgement, care, prudence, determination, and activity that a lawyer or business entity would reasonably be expected to take prior to proceeding with a representation, hiring a vendor, new employment, or other ...
Anti-Malware
A type of software program designed to prevent, detect and remediate malicious programming on individual computing devices and IT systems.
Access
Provide customers and employees a way to review, update and correct the personally identifiable information (PII) or personal data that a company holds.
Business Continuity Disaster Plan
A formal blueprint to allow a company to continue operations if the business is affected by different levels of disaster. A comprehensive business continuity disaster plan is written to cover all aspects of the company’s policies and procedures in ...
Collection
How, when and where an entity obtains personally identifiable information (PII) or personal data.
Consent
Consent is to give permission, in whole or in part, for something to happen, as part of an agreement to do something, or to receive a provided offer or service. It can be the answer to a request for permission and a confirmation of acceptance. For ...
Do Not Track
A policy, similar to the existing Do Not Call Registry in the United States, which would allow consumers to opt-out of web-usage tracking.
Data Life Cycle Management (DLM)
Also known as information life cycle management (ILM) or data governance, DLCM is a policy-based approach to managing the flow of information through a life cycle from creation to final disposition. DLCM provides a holistic approach to the processes, ...
Data Elements
The different types of personal information processed by data processors. Typical data elements include name, date of birth and numerical identifiers. Organizational data elements tied to both individuals as well as organizations include business ...
Data Breach
The unauthorized viewing, unauthorized acquisition, accidental publication, or loss of personally information data that compromises its security, confidentiality, or integrity, and which may lead to the accidental or unlawful use, destruction, loss, ...
Cyber Liability Insurance
A relatively new form of insurance protection that fills gaps typically not covered by General Commercial Liability plans. Cyber liability insurance may cover many breach-related expenses, including forensic investigations, outside counsel fees, ...
Customer Information
(US) In contrast to employee information, customer information includes data relating to the customers or clients of private sector organizations, patients within the healthcare sector and the general public within the context of public-sector ...
CSR Breach Reporting Service™
Patented, award-winning service that removes the burden to report the loss of personal data; CSR in-house privacy professionals file reports to authorities and notices to consumers and others affected.
Credit Reporting Agency
An organization that regularly engages in assembling or evaluating consumer credit information or other information on consumers for the purpose of furnishing consumer reports to third parties for a fee.
Computer Forensics
The discipline of assessing and examining an information system for relevant clues particularly after it has been compromised by an exploit.
Cookie
A small text file stored on a client machine that may later be retrieved by a web server from the machine. Cookies allow web servers to keep track of the end user’s browser activities, and connect individual web requests into a session. Cookies can ...
Consent Decree
A judgment entered by consent of the parties. Typically, the defendant agrees to stop alleged illegal activity and pay a fine, without admitting guilt or wrongdoing. This legal document is approved by a judge and formalizes an agreement reached ...
Certified Information Privacy Professional (CIPP)
An individual who has trained, earned and maintains certification from the International Association of Privacy Professionals (IAPP) in one or more areas of concentration.
Next page