CIPP-US Glossary Flashcards Preview

CIPP-US > CIPP-US Glossary > Flashcards

Flashcards in CIPP-US Glossary Deck (213)
Loading flashcards...
1

This term describes a control on an ACL that is used to prevent unauthorized persons from accessing a particular object.

Access Control Entry (ACE)

2

Traditionally, this has been an FIPP, that due diligence and reasonable steps will be undertaken to ensure that personal information will be protected and handled consistently with relevant law and other fair use principles.

Accountability

3

A transfer of personal data from the EU to a third country or an international organization may take place where the European Commission has decided that the third country, a territory or one or more specified sectors within that third country, or the international organization in question, ensures an ___________ _____________ of ______________, which involves taking into account elements including the rule of law, respect for human rights and fundamental freedoms, both general and sectoral legislation, data protection rules, professional rules and security measures, effective and enforceable data subject rights and effective administrative and judicial redress for the data subjects whose personal data is being transferred.

Adequate Level of Protection

4

A transfer of personal data from the EU to a third country or an international organization may take place where the European Commission has decided that the third country, a territory or one or more specified sectors within that third country, or the international organization in question, ensures an ___________ _____________ of ______________, which involves taking into account elements including the existence and effective functioning of independent supervisory authorities with responsibility for ensuring and enforcing compliance with the data protection rules.

Adequate Level of Protection

5

A transfer of personal data from the EU to a third country or an international organization may take place where the European Commission has decided that the third country, a territory or one or more specified sectors within that third country, or the international organization in question, ensures an ___________ _____________ of ______________, which involves taking into account elements including the international commitments the third country or international organization concerned has entered into in relation to the protection of personal data.

Adequate Level of Protection

6

Under the Fair Credit Reporting Act, the term ___________ _____________ is defined very broadly to include all business, credit and employment actions affecting consumers that can be considered to have a negative impact, such as denying or canceling credit or insurance, or denying employment or promotion.

Adverse Action

7

No _________ ___________ occurs in a credit transaction where the creditor makes a counteroffer that is accepted by the consumer. Such an action requires that the decision maker furnish the recipient with a copy of the credit report leading to the action.

Adverse Action

8

______________________________ is a fair information practice principle included in the OECD Guidelines, APEC Privacy Framework, and Madrid Resolution, and includes the due diligence and reasonable steps an organization undertakes to protect an individual's personal information and handle the information according to relevant laws and fair use principles.

Accountability

9

A U.S. professional organization of certified public accountants and co-creator of the WebTrust seal program.

American Institute of Certified Public Accountants (AICPA)

10

A U.S. law that bars discrimination against qualified individuals with disabilities.

Americans with Disabilities Act

11

________________ includes the organization's responsibility to maintain accurate data in relation to the purpose for which it is collected and used, as well as its responsibility to respond to record correction requests from data subjects.

Accuracy

12

A set of laws that are indications of special classes of personal data. If there exists laws protecting against discrimination based on a class or status, it is likely personal information relating to that class or status is subject to more stringent data protection regulation, under the GDPR or otherwise.

Anti-Discrimination Laws

13

A set of non-binding principles adopted by the Asia-Pacific Economic Cooperative (APEC) that mirror the OECD FIPPs. Though based on OECD Guidelines, they seek to promote electronic commerce throughout the Asia-Pacific region by balancing privacy with business needs.

APEC Privacy Principles

14

Organizations may want to verify an applicant's ability to function in the working environment as well as assuring the safety and security of existing workers.

Background Screening / Checks

15

The implementation of appropriate technical and organizational measures to ensure and be able to demonstrate that the handling of personal data is performed in accordance with relevant law, an idea codified in the EU GDPR and other frameworks, including APEC's Cross Border Privacy Rules.

Accountability

16

These range from checking a person's educational background to checking on past criminal activity. Employee consent requirements for such checks vary by member state and may be negotiated with local work councils.

Background Screening / Checks

17

A U.S. federal law that requires U.S. financial institutions and money services businesses (MSBs), which are entities that sell money orders or provide cash transfer services, to record, retain and report certain financial transactions to the federal government. This requirement is meant to assist the government in the investigation of money laundering, tax evasion, terrorist financing and various other domestic and international criminal activities.

Bank Secrecy Act (BSA)

18

Advertising that is targeted at individuals based on the observation of their behaviour over time. Most often done via automated processing of personal data, or profiling. The General Data Protection Regulation requires that data subjects be able to opt-out of any automated processing, to be informed of the logic involved in any automatic personal data processing and, at least when based on profiling, be informed of the consequences of such processing.

Behavioral Advertising
aka Online Behavioral Advertising (OBA); Behavioral Targeting

19

If cookies are used to store or access information for the purposes of this type of advertising, the ePrivacy Directive requires that data subjects provide consent for the placement of such cookies, after having been provided with clear and comprehensive information.

Behavioral Advertising
aka Online Behavioral Advertising (OBA); Behavioral Targeting

20

An appropriate safeguard allowed by the General Data Protection Regulation to facilitate cross-border transfers of personal data between the various entities of a corporate group worldwide. They do so by ensuring that the same high level of protection of personal data is complied with by all members of the organizational group by means of a single set of binding and enforceable rules.

Binding Corporate Rules (BCRs)

21

__________ _________ _______ compel organizations to be able to demonstrate their compliance with all aspects of applicable data protection legislation and are approved by a member state data protection authority. To date, relatively few organizations have had these approved.

Binding Corporate Rules (BCRs)

22

Previously, the EU distinguished between Binding Corporate Rules for controllers and __________ _________ ___________ ________ for processors. With the General Data Protection Regulation, there is now no distinction made between the two in this context and Binding Corporate Rules are appropriate for both.

Binding Safe Processor Rules (BSPRs)

23

What does the acronym AICPA stand for?

American Institute of Certified Public Accountants

24

The requirement that an organization notify regulators and/or victims of incidents affecting the confidentiality and security of personal data. The requirements in this arena vary wildly by jurisdiction. It is a transparency mechanism that highlights operational failures, which helps mitigate damage and aids in the understanding of causes of failure.

Breach Disclosure

25

Use of employees' own personal computing devices for work purposes.

Bring Your Own Device (BYOD)

26

A California state law that requires employers to notify applicants and employees of their intention to obtain and use a consumer report.

California Investigative Consumer Reporting Agencies Act (CICRAA)

27

Principles of law that have been established by judges in past decisions. When similar issues arise again, judges look to the past decisions as precedents and decide the new case in a manner that is consistent with past decisions.

Case Law

28

The ____________ Privacy Principles is a set of non-binding principles similar to the OECD FIPs.

APEC

29

Originally an acronym for "closed circuit television," this term has come to be shorthand for any video surveillance system. Originally, such systems relied on coaxial cable and were truly only accessible on premise. Today, most surveillance systems are hosted via TCP/IP networks and can be accessed remotely, and the footage much more easily shared, eliciting new and different privacy concerns.

CCTV

30

The acronym APEC stands for _______________ - ______________ _______________ _____________________.

Asian-Pacific Economic Cooperative