Glossary of Privacy Terms

Question 1

What is accountability in the context of personal data handling?

Answer 1

The implementation of appropriate technical and organisational measures to ensure personal data is handled in accordance with relevant law

Codified in the EU General Data Protection Regulation and other frameworks, including APEC’s Cross Border Privacy Rules.

Question 2

What are the three principles espoused by the Act Respecting the Protection of Personal Information in the Private Sector?

Answer 2

• Serious and legitimate reason for establishing a file on another person
• Access to information contained in the file must not be denied
• Respect for rules applicable to collection, storage, use, and communication of information

Question 3

What constitutes an ‘adequate level of protection’ for personal data transfers from the EU?

Answer 3

• Rule of law and respect for human rights
• Existence of independent supervisory authorities
• International commitments related to data protection

Question 4

Define ‘administrative purpose’ in the context of personal information use.

Answer 4

The use of personal information in a decision-making process that directly affects the individual

Question 5

What does ‘adverse action’ refer to under the Fair Credit Reporting Act?

Answer 5

All business, credit, and employment actions affecting consumers that can negatively impact them

Examples include denying or canceling credit or employment.

Question 6

What is Alberta PIPA?

Answer 6

A privacy law in Alberta, similar to PIPEDA, that clearly applies to employee information

Question 7

What is the role of the American Institute of Certified Public Accountants?

Answer 7

A professional organization of certified public accountants and co-creator of the WebTrust seal program

Question 8

What are the APEC Privacy Principles?

Answer 8

A set of non-binding principles that mirror the OECD Fair Information Privacy Practices

Aimed at promoting electronic commerce in the Asia-Pacific region.

Question 9

What is the process of authentication?

Answer 9

Determining whether an entity is who it claims to be

Question 10

What does BC PIPA stand for?

Answer 10

A privacy law in British Columbia, similar to PIPEDA, that applies to employee information

Question 11

Define ‘behavioral advertising’.

Answer 11

Advertising targeted at individuals based on their observed behavior over time

Question 12

What is breach disclosure?

Answer 12

The requirement for organizations to notify regulators and victims of personal data incidents

Question 13

What does Canada’s Anti-Spam Legislation require for commercial electronic messages?

Answer 13

• Consent from the recipient
• Identification requirements
• Unsubscribing options

Question 14

What is the Canadian Institute of Chartered Accountants responsible for?

Answer 14

Functions critical to the success of the Canadian CA profession, including strategic leadership and standard setting

Question 15

What are the CSA Privacy Principles?

Answer 15

• Accountability
• Identifying purposes
• Consent
• Limiting Collection
• Limiting Use, Disclosure, and Retention
• Accuracy
• Safeguards
• Openness
• Individual Access
• Challenging Compliance

Question 16

What does CCTV stand for?

Answer 16

Closed circuit television

Question 17

What are Charter Rights?

Answer 17

Rights created by the Canadian Charter of Rights and Freedoms, considered constitutional rights

Question 18

What is the Children’s Online Privacy Protection Act (COPPA) of 1998?

Answer 18

A U.S. law requiring parental consent for collecting personal information from children under 13

Question 19

In the context of consent, what does ‘choice’ refer to?

Answer 19

The idea that consent must be freely given with a genuine choice for data subjects

Question 20

What is the principle of ‘collection limitation’?

Answer 20

Limits to the collection of personal data, obtained by lawful and fair means

Question 21

Define ‘commercial activity’ under Canada’s PIPEDA.

Answer 21

Any transaction or conduct of a commercial character, including selling or leasing donor lists

Question 22

What is a ‘commercial electronic message’?

Answer 22

Any electronic message intended to encourage participation in commercial activity

Question 23

What are comprehensive laws?

Answer 23

Laws governing the collection, use, and dissemination of personal information in public and private sectors

Question 24

What does confidentiality mean in data protection?

Answer 24

Protection against unauthorized or unlawful processing of data

Question 25

What does consent entail in privacy requirements?

Answer 25

Individuals' ability to prevent the collection of personal data, except when required by law

Question 26

What is Convention 108?

Answer 26

A legally binding international instrument ensuring human rights regarding personal information processing

Question 27

What is a 'cookie' in the context of web technology?

Answer 27

A small text file stored on a client machine that tracks browser activities

Question 28

What is customer access?

Answer 28

A customer's ability to access, review, correct, or delete their personal information

Question 29

Define 'data breach'.

Answer 29

Unauthorized acquisition of computerized data compromising personal information security

Question 30

What is a data controller?

Answer 30

The entity that determines the purposes and means of processing personal data

Question 31

What are data elements?

Answer 31

Units of data that cannot be further broken down or have distinct meanings

Question 32

What does data processing encompass?

Answer 32

Any operation performed on personal data, including collection, storage, and destruction

Question 33

Who is a data processor?

Answer 33

An entity that processes personal data on behalf of the data controller

Question 34

What is a Data Protection Authority?

Answer 34

Independent authorities supervising data protection laws in the EU

Question 35

What does data quality refer to?

Answer 35

The principle that personal data should be relevant, accurate, complete, and up-to-date

Question 36

Who is a data recipient?

Answer 36

An entity to which personal data is disclosed, excluding public authorities in specific inquiries

Question 37

What is a data subject?

Answer 37

An identified or identifiable natural person

Question 38

What does 'de novo' mean in a legal context?

Answer 38

A hearing in which a higher authority makes a new decision, ignoring lower findings

Question 39

What is direct marketing?

Answer 39

When a seller directly contacts an individual for marketing purposes

Question 40

Define 'electronic communications network'.

Answer 40

Transmission systems allowing conveyance of signals by various means, including wire and radio

Question 41

What is an electronic communications service?

Answer 41

Any service providing users the ability to send or receive wire or electronic communications

Question 42

What is an Electronic Communications Service?

Answer 42

Any service which provides to users the ability to send or receive wire or electronic communications.

Question 43

Define Electronic Health Record (EHR).

Answer 43

A computer record of an individual's medical file that may be shared across multiple healthcare settings.

Question 44

What does Employee Information refer to?

Answer 44

Personal information reasonably required by an organization for employment or volunteer work purposes.

Question 45

What is Employee Personal Data according to Article 88 of the GDPR?

Answer 45

Data subject to specific rules around processing employees’ personal data, safeguarding human dignity and fundamental rights.

Question 46

What is Encryption?

Answer 46

The process of obscuring information to make it unreadable without special knowledge.

Question 47

When was the EU Data Protection Directive adopted?

Answer 47

The Directive was adopted in 1995 and became effective in 1998.

Question 48

What is the role of the European Commission?

Answer 48

To implement the EU’s decisions and policies, initiate legislation, and make adequacy determinations regarding data transfers.

Question 49

What is the Fair Credit Reporting Act?

Answer 49

A U.S. federal privacy law enacted in 1970 to mandate accurate data collection and give consumers access to their information.

Question 50

What does the Federal Trade Commission (FTC) do?

Answer 50

Acts as the primary consumer protection agency in the U.S., collecting complaints and enforcing laws against unfair practices.

Question 51

What are the Generally Accepted Privacy Principles?

Answer 51

A framework with ten principles including management, notice, choice, collection, use, retention, access, disclosure, security, and monitoring.

Question 52

What is the Global Privacy Enforcement Network (GPEN)?

Answer 52

A collection of data protection authorities dedicated to privacy law enforcement cooperation and sharing best practices.

Question 53

What is the House of Commons?

Answer 53

One of two chambers of the Canadian Parliament, with members elected at least every five years.

Question 54

What are Identifying Purposes in privacy protection?

Answer 54

The obligation on organizations to document the purposes for collecting personal information at or before collection.

Question 55

What is Individual Access?

Answer 55

The principle that organizations must respond to requests from individuals for access to their personal information.

Question 56

What is Individual Participation in privacy practices?

Answer 56

The right for individuals to obtain confirmation of data held about them and to challenge inaccuracies.

Question 57

What are Information Banks?

Answer 57

Repositories of personal information maintained by the Canadian government under the Privacy Act.

Question 58

What does the Information Life Cycle encompass?

Answer 58

The stages of data management: Collection, processing, use, disclosure, retention, and destruction.

Question 59

What is Information Security?

Answer 59

The protection of information to prevent loss, unauthorized access, and misuse.

Question 60

What is the Model Code for the Protection of Personal Information?

Answer 60

A set of privacy principles developed by the Canadian Standards Association that includes ten key principles.

Question 61

Define Multi-Factor Authentication.

Answer 61

An authentication process requiring more than one verification method.

Question 62

What are the OECD Guidelines?

Answer 62

Internationally accepted privacy principles established in 1980 and updated in 2013.

Question 63

What are Omnibus Laws?

Answer 63

Laws that cover a broad spectrum of organizations or individuals, as opposed to sector-specific laws.

Question 64

What is Online Behavioral Advertising?

Answer 64

Advertising based on tracking user profiles, preferences, and online activity.

Question 65

What is the Online Privacy Alliance?

Answer 65

A coalition of online companies established to encourage self-regulation of online privacy.

Question 66

What does Openness mean in fair information practices?

Answer 66

A general policy of transparency regarding personal data practices.

Question 67

What is the difference between Opt-In and Opt-Out?

Answer 67

Opt-In requires active consent, while Opt-Out implies consent by inaction.

Question 68

What is Outsourcing?

Answer 68

Contracting business processes to a third party, which may include processing personal information.

Question 69

What are Perimeter Controls?

Answer 69

Technologies designed to secure a network environment by preventing external penetration.

Question 70

What is Personal Data as defined by the GDPR?

Answer 70

Any information relating to an identified or identifiable natural person.

Question 71

What is the Privacy Act (Canadian)?

Answer 71

Enacted in 1983, it sets rules for how federal institutions handle personal information.

Question 72

What constitutes a Privacy Breach (Canadian)?

Answer 72

Unauthorized access, collection, use, or disclosure of personal information.

Question 73

What are the steps in a Privacy Breach Response (Canadian)?

Answer 73

* Containment of the breach * Evaluating risks * Notifying affected parties * Preventing future breaches

Question 74

What is Privacy by Design?

Answer 74

A framework for data protection established by Ann Cavoukian, focusing on integrating privacy into operations.

Question 75

What is the role of the Privacy Commissioner of Canada?

Answer 75

To enforce PIPEDA and investigate complaints regarding personal data handling.

Question 76

What are Privacy Impact Assessments (Canadian)?

Answer 76

Assessments required to evaluate compliance with privacy obligations for government initiatives.

Question 77

What is a Privacy Notice?

Answer 77

A statement describing how an organization collects, uses, retains, and discloses personal information.

Question 78

What does Privacy of the Person protect?

Answer 78

Bodily integrity and the right not to have one's body touched or explored without consent.

Question 79

What is the role of a Privacy Officer?

Answer 79

To coordinate and implement privacy compliance efforts within an organization.

Question 80

What is a Privacy Policy?

Answer 80

An internal statement governing an organization’s handling of personal information.

Question 81

Define Public Records.

Answer 81

Information collected and maintained by a government entity and available to the public.

Question 82

What is Radio-Frequency Identification?

Answer 82

Technologies that use radio waves to identify encoded microchips.

Question 83

What is Re-identification?

Answer 83

Reattaching identifying characteristics to pseudonymized or de-identified data.

Question 84

What is Rectification in data privacy?

Answer 84

The right to have personal data corrected if it is inaccurate.

Question 85

What does Retention refer to in the information life cycle?

Answer 85

The practice of retaining personal information only as long as necessary for its intended purpose.

Question 86

What is the Right of Access?

Answer 86

An individual's right to request and receive their personal data from an organization.

Question 87

What is the Right To Correct?

Answer 87

The right for individuals to amend inaccurate information about themselves.

Question 88

What are Seal Programs?

Answer 88

Programs requiring compliance with codes of information practices, allowing participants to display a seal.

Question 89

What are Sectoral Laws?

Answer 89

Laws that exist in specific areas where a particular need has been identified.

Question 90

What is the Senate (Canadian)?

Answer 90

One of two chambers of the Canadian Parliament, with members appointed by the governor in council.

Question 91

What is Sensitive Personal Information?

Answer 91

Data related to a higher expectation of privacy, such as medical or financial information.

Question 92

What does SPAM refer to?

Answer 92

Unsolicited commercial e-mail.

Question 93

What is a Technology-Based Model for data protection?

Answer 93

Utilizes technological measures to protect individuals' personal data.

Question 94

What does Transfer mean in the context of personal data?

Answer 94

The movement of personal data from one organization to another.

Question 95

What does Transparency mean in data processing?

Answer 95

Providing information about processing in a concise and intelligible manner.

Question 96

What is the Universal Declaration of Human Rights?

Answer 96

A declaration adopted by the UN in 1948 recognizing inherent dignity and privacy rights.

Question 97

What are Value-Added Services?

Answer 97

Non-core services in telecommunications that go beyond basic offerings.

Question 98

What does the statement regarding privacy in Article 12 of the Declaration encompass?

Answer 98

[...] no one shall be subjected to arbitrary interference with his privacy, family, home or correspondence ## Footnote This statement covers a wide range of conduct, including both territorial and communications notions of privacy.

Question 99

What are Value-Added Services (VAS) in the telecommunications industry?

Answer 99

Non-core services beyond voice calls and fax transmissions ## Footnote VAS refers to services available at little or no cost that promote the primary business.

Question 100

What are mobile value-added services (MVAS)?

Answer 100

Services like SMS, MMS, and GPRS ## Footnote MVAS may be categorized into standard (peer-to-peer) content and premium-charged content.

Question 101

Who provides value-added services in the telecommunications industry?

Answer 101

Mobile network operators or third-party value-added service providers (VASPs) ## Footnote VASPs are also known as content providers (CP) like Headline News or Reuters.

Question 102

What protocols do VASPs typically use to connect to mobile operators?

Answer 102

Short message peer-to-peer protocol (SMPP) ## Footnote VASPs connect either directly to the short message service center (SMSC) or to a messaging gateway.

Question 103

What are the guidelines regarding video surveillance?

Answer 103

Video should not be the initial security option and must follow these constraints: * Taken only in absence of less intrusive alternatives * Use disclosed to the public * Individuals have access to their personal information * Subject to independent audit * Fair information practices respected ## Footnote These guidelines aim to protect privacy rights.

Question 104

What does Work Product Information refer to in Canada?

Answer 104

Information about an individual's job-related position, functions, and performance ## Footnote It is not defined by PIPEDA and may sometimes fall under personal information.

Question 105

How does Work Product Information differ in Canada and the United States?

Answer 105

In Canada, it relates to job performance; in the U.S., it refers to legal materials prepared for litigation ## Footnote This distinction is important for understanding legal contexts in each country.