CIPT Glossary Flashcards
(285 cards)
1
Q
What is Abstracting data?
A
Abstraction limits the level of detail at which personal information is processed. Reducing the precision of data, while retaining the accuracy and suitability for its purpose, may yield the same desired results for an organization collecting personal information.
- Grouping aggregates data into correlated sets rather than processing it individually.
- Summarizing puts detailed information into categories based on more abstract attributes.
- Perturbing adds approximation or “noise” to data to reduce its specificity.
2
Q
What is an Access Control Entry (ACE)?
A
An element in an access control list (ACL) that controls, monitors, or records access to an object by a specified user.
3
Q
What is an Access Control List (ACL)?
A
A list of access control entries (ACE) that apply to an object, controlling or monitoring access by specified users.
4
Q
What does Accountability mean?
A
The implementation of appropriate technical and organisational measures to ensure and be able to demonstrate that the handling of personal data is performed in accordance with relevant law, an idea codified in the EU General Data Protection Regulation and other frameworks, including APEC’s Cross Border Privacy Rules.
Traditionally, accountability has been a fair information practices principle, that due diligence and reasonable steps will be undertaken to ensure that personal information will be protected and handled consistently with relevant law and other fair use principles.
5
Q
What is Active Data Collection?
A
Data subject is aware that collection is taking place and takes an action to enable the collection, ex. Filling out and submitting an online form
6
Q
What is an Adequate Level of Protection?
A
A transfer of personal data from the EU to a third country may occur if the European Commission has determined that the country ensures adequate protection.
(a) the rule of law, respect for human rights and fundamental freedoms, both general and sectoral legislation, data protection rules, professional rules and security measures, effective and enforceable data subject rights and effective administrative and judicial redress for the data subjects whose personal data is being transferred;
(b) the existence and effective functioning of independent supervisory authorities with responsibility for ensuring and enforcing compliance with the data protection rules;
(c) the international commitments the third country or international organisation concerned has entered into in relation to the protection of personal data.
7
Q
What is the Advanced Encryption Standard?
A
An encryption algorithm for security-sensitive non-classified material, selected by the U.S. Government in 2001.
8
Q
What is defined as Adverse Action under the Fair Credit Reporting Act?
A
Any business, credit, or employment actions affecting consumers that have a negative impact, such as denying credit or employment.
No adverse action occurs in a credit transaction where the creditor makes a counteroffer that is accepted by the consumer. Such an action requires that the decision maker furnish the recipient of the adverse action with a copy of the credit report leading to the adverse action.
9
Q
What is the Agile Development Model?
A
A software design process that incorporates new system requirements during creation, focusing on specific portions of a project.
10
Q
What is an Algorithm?
A
A computational procedure or set of instructions designed to perform a specific task or solve a particular problem.
11
Q
What is Anonymization?
A
The process of altering identifiable data so it can no longer be related back to an individual.
Among many techniques, there are three primary ways that data is anonymized.
- Suppression is the most basic version of anonymization and it simply removes some identifying values from data to reduce its identifiability.
- Generalization takes specific identifying values and makes them broader, such as changing a specific age (18) to an age range (18-24).
- Noise addition takes identifying values from a given data set and switches them with identifying values from another individual in that data set.
Note that all of these processes will not guarantee that data is no longer identifiable and have to be performed in such a way that does not harm the usability of the data.
12
Q
What is Anonymous Information?
A
Data that is not related to an identified or identifiable natural person and cannot be re-identified.
13
Q
What does Anthropomorphism mean?
A
Attributing human characteristics or behaviors to non-human objects.
14
Q
What are Anti-discrimination Laws?
A
Laws indicating special classes of personal data that are subject to more stringent data protection regulations.
15
Q
What is Application or field encryption?
A
The ability to encrypt specific fields of data, particularly sensitive information like credit card numbers.
16
Q
What are Application-Layer Attacks?
A
Attacks that exploit flaws in network applications installed on servers, such as web browsers and email servers. Regularly applying patches and updates to applications may help prevent such attacks.
17
Q
What is Appropriation in data privacy?
A
Using someone’s identity for another person’s purposes.
18
Q
What is Asymmetric Encryption?
A
A form of data encryption that uses two separate but related keys to encrypt data. The system uses a public key, made available to other parties, and a private key, which is kept by the first party. Decryption of data encrypted by the public key requires the use of the private key; decryption of the data encrypted by the private key requires the public key.
19
Q
What is Attribute-Based Access Control?
A
An authorization model that provides dynamic access control by assigning attributes to the users, the data, and the context in which the user requests access (also referred to as environmental factors) and analyzes these attributes together to determine access.
For example, a bank employee might only be able to approve large transactions if they are a manager, are accessing the system from a secure location, and are working during business hours.
20
Q
What is an Audit Trail?
A
A chain of electronic activity or paperwork used to monitor, track, or validate an activity.
21
Q
What is Authentication?
A
The process by which an entity determines whether another entity is who it claims to be.
22
Q
What is Authorization in information security?
A
The process of determining if an end user is permitted access to a desired resource.
Authorization criteria may be based upon a variety of factors such as organizational role, level of security clearance, applicable law or a combination of factors. When effective, authentication validates that the entity requesting access is who or what it claims to be.
23
Q
What is Automated decision-making?
A
The process of making a decision by technological means without human involvement.
24
Q
What is Basel III?
A
A set of reform measures to strengthen the regulation and risk management of the banking sector.
25
What is Behavioral Advertising?
Advertising targeted at individuals based on observed behavior over time.
Most often done via automated processing of personal data, or profiling, the General Data Protection Regulation requires that data subjects be able to opt-out of any automated processing, to be informed of the logic involved in any automatic personal data processing and, at least when based on profiling, be informed of the consequences of such processing. If cookies are used to store or access information for the purposes of behavioral advertising, the ePrivacy Directive requires that data subjects provide consent for the placement of such cookies, after having been provided with clear and comprehensive information.
26
What is Big Data?
Large data sets characterized by volume, velocity, and variety.
27
What are Biometrics?
Data concerning intrinsic physical or behavioral characteristics of an individual.
Examples include DNA, fingerprints, retina and iris patterns, voice, face, handwriting, keystroke technique and gait. The General Data Protection Regulation, in Article 9, lists biometric data for the purpose of uniquely identifying a natural person as a special category of data for which processing is not allowed other than in specific circumstances.
28
What is Blackmail?
The threat to disclose an individual's information against their will.
29
What is Breach Disclosure?
The requirement for organizations to notify regulators and victims of incidents affecting personal data security.
The requirements in this arena vary wildly by jurisdiction. It is a transparency mechanism that highlights operational failures, which helps mitigate damage and aids in the understanding of causes of failure.
30
What is a Breach of confidentiality?
Revealing an individual's personal information despite a promise not to do so.
31
What does Bring Your Own Device mean?
The use of employees’ personal computing devices for work purposes.
32
What is Browser Fingerprinting?
A technology that differentiates users based on the unique instance of their browser.
Each browser keeps some information about the elements it encounters on a given webpage. For instance, a browser will keep information on a text font so that the next time that font is encountered on a webpage, the information can be reproduced more easily. Because each of these saved elements have been accessed at different times and in different orders, each instance of a browser is to some extent unique. Tracking users using this kind of technology continues to become more prevalent.
33
What is Caching?
The saving of local copies of downloaded content to reduce the need for repeated downloads. To protect privacy, pages that display personal information should be set to prohibit caching.
34
What is the California Online Privacy Protection Act?
A law requiring websites catering to California citizens to provide a privacy statement and allow children to delete collected data.
Websites also must inform visitors of the type of Do Not Track mechanisms they support or if they do not support any at all.
35
What does CCTV stand for?
Closed Circuit Television, referring to video surveillance systems.
36
What are Chat bots?
Computerized intelligence that simulates human interactions for basic customer requests.
37
What is the Children’s Online Privacy Protection Act (COPPA)?
A U.S. federal law that protects the personal information of children under 13 online.
COPPA requires these website operators: to post a privacy notice on the homepage of the website; provide notice about collection practices to parents; obtain verifiable parental consent before collecting personal information from children; give parents a choice as to whether their child’s personal information will be disclosed to third parties; provide parents access and the opportunity to delete the child’s personal information and opt out of future collection or use of the information, and maintain the confidentiality, security and integrity of personal information collected from children.
38
What does Choice refer to in the context of consent?
The idea that consent must be freely given and that data subjects must have a genuine choice as to whether to provide personal data or not. If there is no true choice it is unlikely the consent will be deemed valid under the General Data Protection Regulation.
39
What is Ciphertext?
Encrypted (enciphered) data.
40
What is Cloud Computing?
The provision of IT services over the Internet, including software and infrastructure.
41
What are Code audits?
Analyses of source code to detect defects, security breaches, or violations.
42
What are Code reviews?
Meetings organized by developers to review code, often involving a reader, moderator, and privacy specialist.
43
What is Collection Limitation?
A principle stating limits should exist on the collection of personal data, obtained lawfully and fairly.
44
What is Communications Privacy?
Protection of the means of correspondence, including postal mail and electronic communications.
One of the four classes of privacy, along with information privacy, bodily privacy and territorial privacy.
45
What are Completeness Arguments?
Means of assuring compliance with privacy rules in the design of new software systems.
46
What is Computer Forensics?
The discipline of assessing an information system for clues after it has been compromised.
47
What is a Concept of Operations?
A detailed outline of how a software product will work once operational, used in Plan-driven Development Models.
48
What does Confidentiality mean in data protection?
Data is considered confidential if it is protected against unauthorized or unlawful processing.
The General Data Protection Regulation requires that an organization be able to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services as part of its requirements for appropriate security. In addition, the GDPR requires that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
49
What is consent in the context of data privacy?
This privacy requirement is one of the fair information practices. Individuals must be able to prevent the collection of their personal data, unless the disclosure is required by law. If an individual has choice about the use or disclosure of his or her information, consent is the individual's way of giving permission for the use or disclosure. Consent may be affirmative; i.e., opt-in; or implied; i.e., the individual didn’t opt out.
(1) Affirmative/Explicit Consent: A requirement that an individual "signifies" his or her agreement with a data controller by some active communication between the parties.
(2) Implicit Consent: Implied consent arises where consent may reasonably be inferred from the action or inaction of the individual.
50
What is a Content Delivery Network?
Servers that contain most or all of the visible elements of a web page and are contacted to provide those elements.
In the realm of advertising, a general ad server is contacted after a webpage is requested, that ad server looks up any known information on the user requesting to access the webpage.
51
What is context aware computing?
When a technological device adapts itself to the environment, including characteristics like location, video, audio, and brightness.
52
What is the context of authority?
Control over access to resources on a network is based on the context in which the employee is connected.
53
What is contextual advertising?
A form of targeted advertising where the content of the ad relies on the content of the webpage or the user's query.
54
What is contextual integrity?
A concept developed by Helen Nissenbaum, contextual integrity is a way to think about and quantify potential privacy risks in software systems and products. Contextual Integrity focuses on what consumer expectations are in a given situation and how the product or system differs from that expectation. The more a product or system deviates from those expectations, the more likely a consumer will perceive a privacy harm.
55
What is a cookie?
A small text file stored on a client machine that tracks the end user’s browser activities and connects web requests into a session.
Cookies can also be used to prevent users from having to be authorized for every password protected page they access during a session by recording that they have successfully supplied their username and password already. Cookies may be referred to as "first-party" (if they are placed by the website that is visited) or "third-party" (if they are placed by a party other than the visited website). Additionally, they may be referred to as "session cookies" if they are deleted when a session ends, or "persistent cookies" if they remain longer. Notably, the General Data Protection Regulation lists this latter category, so-called "cookie identifiers," as an example of personal information. The use of cookies is regulated both by the GDPR and the ePrivacy Directive.
56
What is coupling in technology?
The interdependence between objects within a technology ecosystem, controlling the flow of information within a design.
Tightening the coupling, allows objects to depend on the inner working of other objects. Loosening the coupling reduces object's dependency on other objects. Loosening isolates information processing to a select group of approved classes and reduces the chance of unintentionally re-purposing data.
57
What is cross-site scripting?
Code injected by malicious web users into web pages viewed by other users.
58
What is cryptography?
The science or practice of hiding information, usually through its transformation, including functions like encryption and digital signatures.
59
What is a cryptosystem?
The materials necessary to encrypt and decrypt a message, typically consisting of the encryption algorithm and the security key.
60
What is customer access?
A customer’s ability to access, review, correct, or delete their personal information.
61
What is customer data integration?
The consolidation and management of customer information from all sources, vital for customer relationship management.
62
What is customer information?
Data relating to clients of private-sector organizations, patients in healthcare, and the general public in public-sector agencies.
63
What is cyberbullying?
Exposing a person's private details or re-characterizing them beyond their control via technology.
64
What are dark patterns?
Recurring solutions used to manipulate individuals into giving up personal information.
65
What is data aggregation?
Combining individual data sets to analyze trends while protecting individual privacy by using groups rather than isolating individuals.
To effectively aggregate data so that it cannot be re-identified (or at least make it difficult to do so) the data set should: (1) have a large population of individuals, (2) Categorized to create broad sets of individuals, and; (3) not include data that would be unique to a single individual in a data set.
66
What is a data breach?
The unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by a data collector. Breaches do not include good faith acquisitions of personal information by an employee or agent of the data collector for a legitimate purpose of the data collector—provided the personal information is not used for a purpose unrelated to the data collector's business or subject to further unauthorized disclosure.
67
What are data centers?
Facilities that store, manage, and disseminate data, housing critical systems for data management.
68
What is a data controller?
The person or entity that determines the purposes and means of processing personal data.
69
What are data elements?
Units of data that cannot be broken down further or have a distinct meaning, which may become personal data when combined.
70
What are data flow diagrams?
Graphical representations of the flow of data in an information system, used for design and modeling.
71
What is data loss prevention?
Strategies and software to ensure sensitive information is not disseminated to unauthorized sources.
72
What is data masking?
The process of de-identifying, anonymizing, or otherwise obscuring data so that the structure remains the same but the content is no longer sensitive in order to generate a data set that is useful for training or software testing purposes.
73
What is data matching?
An activity that involves comparing personal data obtained from a variety of sources, including personal information banks, for the purpose of making decisions about the individuals to whom the data pertains.
74
What is the data minimization principle?
The principle that only necessary personal data should be collected and retained.
75
What is data processing?
Any operation performed on personal data, including collection, storage, use, and destruction.
76
What is a data processor?
A person or entity that processes personal data on behalf of the data controller.
77
What is a data protection authority?
Independent authorities that supervise data protection laws in the EU and handle complaints about GDPR violations.
78
What is data quality?
The principle that personal data should be relevant, accurate, complete, and up-to-date for its intended use.
79
What is a data recipient?
A person or entity to which personal data is disclosed, excluding public authorities acting under specific inquiries.
80
What is a data schema?
A framework that formulates constraints on data, defining its entities and relationships.
81
What is a data subject?
An identified or identifiable natural person.
82
What is declared data?
Personal information directly provided to a social network or website by a user.
83
What is deep learning?
A subfield of AI and machine learning that uses artificial neural networks for processing raw data.
84
What is demographic advertising?
Web advertising based on individual information such as age, location, or gender.
85
What are design patterns?
Shared solutions to recurring problems that improve program code maintenance.
86
What is the design thinking process?
A five-phase process used in value-sensitive design: empathize, define, ideate, prototype, and test.
87
What is differential identifiability?
Setting parameters that limit confidence in the contribution of any individual to an aggregated value.
88
What is the Digital Advertising Alliance?
A non-profit organization that sets standards for consumer privacy in online advertising.
89
What is digital fingerprinting?
Using log files to identify a website visitor, often for security and system maintenance.
90
What is digital rights management?
Management of access to and use of digital content and devices after sale, often using access control technologies.
91
What is a digital signature?
A means for ensuring the authenticity of an electronic document, invalidated if the document is altered.
92
What is the Directive on Privacy and Electronic Communications Act?
A policy directive for EU Member States regarding user consent for cookies and tracking.
93
What is disassociability?
Minimization of connections between data and individuals compatible with system operational requirements.
94
What is discretionary access control?
An access control type that allows an object owner to grant or deny access within a computer-based information system.
95
What is distortion in data privacy?
Spreading false and inaccurate information about an individual.
96
What is a DMZ (Demilitarized Zone) Network?
A firewall configuration that secures local area networks by acting as a broker for traffic between the LAN and outside networks.
97
What is Do Not Track?
A proposed policy allowing consumers to opt out of web-usage tracking.
98
What are e-commerce websites?
Websites with online ordering capabilities that have special privacy advantages and risks.
99
What is electronic communications data?
Includes content of communication, traffic data, and location data as defined by the ePrivacy Directive.
100
What is an electronic communications network?
Transmission systems and resources that permit the conveyance of signals by various means, including satellite and cable systems.
101
What are the three main categories of personal data defined in the EU under the ePrivacy Directive?
The content of a communication, traffic data, and location data.
102
What is an Electronic Communications Network?
Transmission systems and equipment that permit the conveyance of signals by various means, including satellite networks and fixed/mobile terrestrial networks.
103
What is an Electronic Communications Service?
Any service that provides users the ability to send or receive wire or electronic communications.
104
What is Electronic Surveillance?
Monitoring through electronic means, such as video surveillance and intercepting communications.
105
What is Encryption?
The process of obscuring information to make it unreadable without special knowledge.
106
What is an Encryption Key?
A cryptographic algorithm applied to unencrypted text to disguise its value or decrypt encrypted text.
107
What is an End-User License Agreement?
A contract between the software owner and the user, outlining payment and usage restrictions.
108
What is Enterprise Architecture?
A conceptual outline that defines the structure and operation of an organization.
109
What was the EU Data Protection Directive?
The Directive (95/46/EC) was replaced by the General Data Protection Regulation in 2018 and was the first EU-wide legislation protecting individuals’ privacy.
110
What does Exclusion mean in data privacy?
Denies an individual knowledge of and/or participation in what is being done with their information.
111
What is Exposure in the context of privacy?
The revelation of information that is normally concealed from most others.
112
What is Extensible Markup Language (XML)?
A markup language that facilitates the transport, creation, retrieval, and storage of documents.
113
What is an Extranet?
A network system formed through the connection of two or more corporate intranets, creating inherent security risks.
114
What is the Factors Analysis in Information Risk (FAIR) model?
A framework that breaks risk into the frequency of action and magnitude of the violations.
115
What is Federated identity?
A model where a person's identity is authenticated in a trusted centralized service.
116
What is the Financial Instruments and Exchange Law of Japan?
Japanese legislation aimed at the financial services sector for investor protections and enhanced disclosure requirements.
117
What is First-Party Collection?
When a data subject provides personal data directly to the collector.
118
What is Flash?
Software used to add animation and visual effects to web-based content.
119
What is Frequency data?
The number of times a data value occurs.
120
What are Functional System Requirements?
Specific details about how a system should work and what inputs create what outputs.
121
What are Geo-social patterns?
Data from devices that provide information on mobility and social behaviors.
122
What is the GET Method?
An HTML method that appends form data to the URL, making it less secure than the POST method.
123
What is the Global Privacy Enforcement Network (GPEN)?
A collection of data protection authorities dedicated to privacy law enforcement cooperation.
124
What is a Globally Unique Identifier?
An identifier that is unique to a specific user, such as biometric data.
125
What are Harm Dimensions?
Objective and subjective dimensions of privacy harms identified by Ryan Calo.
126
What are Hashing Functions?
A method of converting user identifications into an ordered system to track activities without using PII.
127
What does Hide mean in data privacy?
Personal information is made un-connectable or un-observable to others.
128
What is High-level design?
How the system's parts work together to implement desired behaviors.
129
What does Homomorphic mean?
Allows encrypted information to be manipulated without being decrypted.
130
What is a Hyperlink?
Linked graphic or text that connects an end user to other websites or services.
131
What is Hypertext Markup Language (HTML)?
A content authoring language used to create web pages.
132
What is Hypertext Transfer Protocol (HTTP)?
A networking language that manages data packets over the Internet.
133
What is Hypertext Transfer Protocol Secure (HTTPS)?
A secure communication method that layers HTTP on top of SSL/TLS.
134
What is Identifiability?
The degree to which a user is identified by an authentication system.
135
What are Identifiers?
Codes or strings used to represent an individual, device, or browser.
136
What is Information governance?
The coordination of all stakeholders involved in processing personal data.
137
What is Information hiding?
Identifying data assigned to specific levels of classification and restricting access.
138
What is the Information Life Cycle?
Recognizes that data has different value and requires different approaches from collection to deletion.
139
What is Information Privacy?
The claim of individuals to determine how information about them is communicated.
140
What is Information Security?
The protection of information to prevent loss, unauthorized access, and misuse.
141
What is Information Utility?
The culture of using collected information to improve services while balancing privacy considerations.
142
What is Insecurity?
Results from failure to properly protect individuals' information.
143
What is the Interactive Advertising Bureau?
A trade association representing advertising businesses and developing industry standards.
144
What is the Internet of Things?
Devices connected to the internet that can be assigned an IP address.
145
What is an Internet Protocol Address?
A unique string identifying a computer on the Internet, expressed in four groups of numbers.
146
What is an Internet Service Provider?
A company that provides Internet access to homes and businesses.
147
What is Interrogation in privacy terms?
When questioning for personal information breaches social norms and risks individual privacy.
148
What are Intrusion reports?
Monitoring a system for threats to network security.
149
What is ISO 27002?
A code of practice for information security providing guidance for security management.
150
What is IT Architecture?
The set of policies, principles, services, and products used by IT providers.
151
What is an IT Department?
The division responsible for all technology used to create, store, exchange, and use information.
152
What is Javascript?
A scripting language used to produce interactive and dynamic web content.
153
What is Just-in-Time Notification?
Disclosure of specific information practices at the point of information collection.
154
What is k-anonymity?
A method that creates generalized or redacted quasi-identifiers as replacements for direct identifiers.
155
What is l-diversity?
Builds on k-anonymity by requiring at least 'l' distinct values for sensitive attributes.
156
What is a Layered Notice?
A privacy notice designed to provide key elements in a short notice and detailed information in a full notice.
157
What is a Layered Security Policy?
Defines three levels of security policies from high-level statements to detailed operating procedures.
158
What is Least Privilege?
A security control granting access at the lowest possible level required for a function.
159
What is Linkability?
The degree to which identifiers can be paired with outside information to identify an individual.
160
What is a Local Area Network?
Networks that exist within an operational facility and are easy to manage.
161
What are Local Shared Objects?
Data files created by a domain to track user preferences, often called flash cookies.
162
What is a Location-Based Service?
Services that use location information to deliver applications and services.
163
What are Logs in computing?
Records of normal and suspect events logged by a computer system.
164
What is an internet-connected computer terminal?
A device that connects to the internet to access and interact with online resources.
165
What are logs in a computer system?
Records of both normal and suspect events by a computer system, including application logs, system logs, and security logs.
166
What is low level design?
The details of a high-level design system.
167
What does magnitude data refer to?
The size of the data, such as a table showing average income by age.
168
What is manageability?
The ability to granularly administer personal information, including modification, disclosure, and deletion.
169
What is Mandatory Access Control?
An access control system where access to data is constrained by the operating system itself.
170
What is metadata?
Data that describes other data.
171
What are microdata sets?
Groups of information on individuals that have been altered or suppressed to anonymize the data.
172
What is mobility in technology?
The extent to which a system moves from one location to another.
173
What is Multi-Factor Authentication?
An authentication process that requires more than one verification method.
174
What is the NICE framework?
Establishes common terminology to describe cybersecurity work across all sectors.
175
What is the NIST framework?
A voluntary risk management tool providing standards and best practices for managing cybersecurity-related risks.
176
What is natural language processing?
A subfield of AI that helps computers understand and manipulate human language.
177
What is natural language understanding?
Utilizes algorithms to identify and extract natural language that a computer can understand.
178
What is network centricity?
The extent to which personal information remains local to the client.
179
What are network devices?
Components used to link computers and other devices for sharing files and resources.
180
What is network encryption?
A type of network security that protects data traffic through encryption at the network transfer layer.
181
What are network-layer attacks?
Attacks that exploit basic network protocols to gain advantages, often involving spoofing or denial of service.
182
What is noise addition?
Blurring data to ensure aggregated data is useful yet nonspecific enough to avoid revealing identifiers.
183
What are non-functional system requirements?
Abstracted concepts of system operation that inform functional requirements.
184
What is obfuscation?
To make something more difficult to understand; to hide the true meaning.
185
What is objective harm?
Measurable and observable harm where a person's privacy has been violated.
186
What are OECD Guidelines?
Internationally agreed upon privacy principles for regulations surrounding cross-border data flows.
187
What are omnibus laws?
Laws that cover a broad spectrum of organizations rather than a specific sector.
188
What is online behavioral advertising?
Tracking or analyzing user data to offer targeted advertising.
189
What is online data storage?
Storage of data by a third-party vendor accessible through the Internet.
190
What is the difference between open-source and closed-source software?
Open-source software is easily viewed and modified, while closed-source software is maintained only by the vendor.
191
What does opt-in mean?
An active affirmative indication of choice to share information with third parties.
192
What does opt-out mean?
An individual's lack of action implies a choice to share information with third parties.
193
What is the Organization for Economic Cooperation and Development?
An international organization promoting policies for sustainable economic growth.
194
What is passive collection?
Collecting data from a data subject who is unaware of such collection.
195
What are patches in software?
Changes to a program that aim to fix, update, or improve a system.
196
What is the PCI Security Standards Council?
A council responsible for the development and management of Payment Card Industry Security Standards.
197
What are perimeter controls?
Technologies and processes designed to secure an entire network environment.
198
What is persistent storage?
The storage of data in a non-volatile medium such as a hard drive.
199
What is personal information?
Information that identifies or can be linked to a particular consumer.
200
What is pharming?
Redirecting a valid internet request to a malicious website.
201
What is phishing?
Communications designed to trick users into providing sensitive information.
202
What is the Plan-Driven Development Model?
A strategy focusing on designing the entirety of a system before actual creation.
203
What is the Platform for Privacy Preferences Project?
A project aimed at designing web protocols with user privacy in mind.
204
What does polymorphic mean in encryption?
An algorithm that mutates with each copy of the code while maintaining the same outcome.
205
What is the POST method?
An HTML method that securely sends form data, unlike the GET method.
206
What is predictability in systems?
Reliable assumptions about a system, particularly its data and processing.
207
What is premium advertising?
The most expensive and visible type of web advertising.
208
What is Privacy by Design?
A framework outlining principles for integrating privacy into technology systems.
209
What is privacy engineering?
Applying privacy values and principles in technology systems while maintaining security.
210
What is a privacy notice?
A statement describing how an organization collects and uses personal information.
211
What is a Privacy Nutrition Label?
A standard form label intended to make privacy policies easily understandable.
212
What is a Privacy Officer?
The head of privacy compliance and operations in an organization.
213
What are privacy patterns?
Solutions to common privacy problems in software design.
214
What is a privacy policy?
An internal statement governing an organization's handling of personal information.
215
What is a privacy review?
An analysis of new projects for compliance with privacy standards.
216
What is privacy risk?
A formula to calculate the impact of a new project on consumer privacy.
217
What is a privacy standard?
The minimum level of privacy protection required in new projects.
218
What is a privacy technologist?
Technology professionals involved in protecting privacy.
219
What is Protected Health Information?
Individually identifiable health information held by covered entities.
220
What is the Protecting Canadians from Online Crime Act?
Legislation that criminalizes cyberbullying and enhances police powers.
221
What is pseudonymous data?
Data points not directly associated with a specific individual, using an ID instead of PII.
222
What is psychographic advertising?
Advertising based on a user's interests and preferences.
223
What is Public Key Infrastructure?
A system that verifies the authenticity of parties in electronic transactions.
224
What are public records?
Information collected and maintained by government entities available to the public.
225
What are quality attributes in software development?
Concerns that cannot be alleviated with a single design element, such as privacy.
226
What is quantum encryption?
Encryption that uses quantum mechanics to secure messages.
227
What is Radio-Frequency Identification?
Technologies that use radio waves to identify people or objects with encoded microchips.
228
What is re-identification?
The action of reattaching identifiers to anonymized data.
229
What is Privacy in software development?
Privacy is a quality attribute that can be divided into further quality attributes. Using Privacy by Design in software development allows these attributes to be accounted for in all system functions.
230
What is Quantum encryption?
Quantum encryption uses the principles of quantum mechanics to encrypt messages in a way that prevents anyone other than the intended recipient from reading them.
231
What is Radio-Frequency Identification?
Radio-Frequency Identification (RFID) technologies use radio waves to identify people or objects carrying encoded microchips.
232
What is Re-identification?
Re-identification is the action of reattaching identifying characteristics to pseudonymized or de-identified data, often referred to as 're-identification risk.'
233
What is Remnant Advertising?
Remnant Advertising is a basic form of web advertising that occurs when no data about the user or webpage is available, resulting in non-personalized ads.
234
What is Repurposing?
Repurposing is taking information collected for one purpose and using it for another purpose later on.
235
What is Retention in the information life cycle?
Retention is the concept that organizations should retain personal information only as long as necessary to fulfill the stated purpose.
236
What is the Right of Access?
The Right of Access is an individual’s right to request and receive their personal data from a business or organization.
237
What are Role-Based Access Controls?
Role-Based Access Controls are access policies that ensure no employee has greater information access than necessary to perform their job function.
238
What is RSA Encryption?
RSA (Rivest-Shamir-Adleman) is the most common internet encryption and authentication system, using an algorithm that involves multiplying two large prime numbers to generate keys.
239
What is Run time behavior monitoring?
Run time behavior monitoring involves monitoring and analyzing usage and data collected from a running system.
240
What are Seal Programs?
Seal Programs require participants to abide by codes of information practices and submit to monitoring for compliance, allowing companies to display the program's seal.
241
What is Secondary use of data?
Secondary use refers to using an individual's information without consent for purposes unrelated to the original reasons for which it was collected.
242
What is a Secret Key?
A Secret Key is a cryptographic key used with a secret key cryptographic algorithm, associated with entities and protected from disclosure.
243
What is a Security Policy?
A Security Policy encompasses internal security measures to prevent unauthorized access to corporate data, including physical security measures.
244
What are Security Safeguards?
Security Safeguards are principles that personal data should be protected by reasonable security measures against risks such as loss or unauthorized access.
245
What is Single-Factor Authentication?
Single-Factor Authentication is the standard mechanism requiring a user name and password for access.
246
What is Single-Sign-On (SSO)?
Single-Sign-On (SSO) is an authentication process allowing users to enter a single set of credentials to access multiple applications.
247
What is Social Engineering?
Social Engineering is a term for how attackers persuade users to provide information or create security vulnerabilities.
248
What is a Software Requirements Specification?
A Software Requirements Specification is formal documentation of a software system that includes both functional and nonfunctional requirements.
249
What is SPAM?
SPAM refers to unsolicited commercial e-mail.
250
What is Spear Phishing?
Spear Phishing is phishing targeted at a specific group of people with known affiliations to an organization.
251
What is Speech recognition?
Speech recognition is voice command technology that allows users to interact with technologies by speaking.
252
What is SQL Injection?
SQL Injection involves inserting commands into SQL forms to manipulate the system, potentially erasing data or overloading servers.
253
What is Storage Encryption?
Storage Encryption uses encryption to protect stored or backed-up data both in transit and in storage.
254
What is Structured Query Language?
Structured Query Language (SQL) is a programming language for creating interactive forms for data manipulation and collection.
255
What is Subjective Harm?
Subjective Harm exists without observable harm but where an expectation of harm exists.
256
What is a Super Cookie?
A Super Cookie is a tracking mechanism that persists even after all cookies have been deleted, using various storage types.
257
What is Surveillance?
Surveillance is the observation and/or capturing of an individual's activities.
258
What is Surveillance Collection?
Surveillance Collection is observing the data stream produced by a data subject without interfering in their activities.
259
What is Symmetric Key Encryption?
Symmetric Key Encryption, also known as Secret Key Encryption, uses a single secret key to both encrypt and decrypt data.
260
What is Syndicated Content?
Syndicated Content is content developed or licensed from a third party, which can contain malicious code.
261
What is the Systems Development Life Cycle (SDLC)?
The Systems Development Life Cycle (SDLC) is a conceptual model describing the stages in an information system development project.
262
What is t-closeness?
t-closeness extends l-diversity by reducing the granularity of data in a dataset.
263
What are Terms of Service?
Terms of Service are rules governing the use of a service that must be agreed to for usage.
264
What is Third-Party Collection?
Third-Party Collection refers to data acquired from a source other than directly from the data subject.
265
What is Tokenization?
Tokenization is a system of de-identifying data using random tokens as stand-ins for meaningful data.
266
What is Transfer of data?
Transfer is the movement of personal data from one organization to another.
267
What is Transient Storage?
Transient Storage refers to short lifespan data storage, such as session cookies purged when the browser is closed.
268
What is Transmission Control Protocol?
Transmission Control Protocol (TCP) enables two devices to establish a connection and exchange data over the Internet.
269
What is Transport Layer Security?
Transport Layer Security (TLS) is a protocol that ensures privacy between client-server applications and users.
270
What is a Trojan Horse?
A Trojan Horse is malware that masquerades as beneficial software.
271
What is Ubiquitous computing?
Ubiquitous computing links the processing of information with the activity or object it encounters.
272
What is Unified Modeling Language?
Unified Modeling Language (UML) is a notation language used to describe system design elements in software development.
273
What is a Uniform Resource Locator?
A Uniform Resource Locator (URL) is the address of content on a web server, such as 'https://iapp.org.'
274
What are User Stories?
User Stories are requirements of new software systems in Agile Development, describing how consumers interact with the system.
275
What are User-based access controls?
User-based access controls rely on the user's identity to grant or deny access to resources.
276
What are Value-Added Services?
Value-Added Services are non-core services in telecommunications, often provided at little or no cost.
277
What is Value-Sensitive Design?
Value-Sensitive Design is an approach that accounts for moral and ethical values in technology design.
278
What is a Virtual Private Network?
A Virtual Private Network (VPN) uses public infrastructure to provide remote access to a central organizational network.
279
What is Voice Over Internet Protocol?
Voice Over Internet Protocol (VoIP) allows telephone calls over a LAN or the Internet, with risks of data interception.
280
What is Vulnerability management?
Vulnerability management involves assessing and developing plans for the capability and probability of threats succeeding.
281
What is a Web Beacon?
A Web Beacon is a clear graphic image that records a user's visit to a web page or viewing of an email, often used for tracking.
282
What is Whaling?
Whaling is phishing targeted at specific individuals known to be wealthy.
283
What is a Wide Area Network?
A Wide Area Network (WAN) is a non-localized telecommunications network used to transmit data across large regions.
284
What is a Worm?
A Worm is a computer program that replicates itself over a network, usually performing malicious actions.
285
What is Write Once Read Many?
Write Once Read Many (WORM) is a data storage device where information, once written, cannot be modified.
