Information, Articles, Tools, and Useful LinksCommittee Listings, Member Forums, and Find a CITPInformation on AICPA Tech. Conference, Seminars, Webcasts, and ConferencesIT Section Membership Information, CITP Credential Information, Members Only Tools and Communications, and MorePublications, CPE, Conferences, and Webcasts
 
Search
 

Search Options

Printer Friendly View

Infotech Home > Resources > Privacy / Data Protection > Generally Accepted Privacy Principles > Generally Accepted Privacy Principles Appendixes > Appendix A: Glossary
Appendix A: Glossary

Affiliate. An entity that controls, is controlled by, or is under common control with another entity.

 

Anonymize. The removal of any person-related information that could be used to identify a specific individual.

 

Confidentiality. The protection of nonpersonal information and data from unauthorized disclosure.

 

Consent. Agreement by the individual for the entity to collect, use, and disclose personal information in accordance with the privacy notice. Such agreement can be explicit or implied. Explicit consent is given orally, electronically, or in writing, is unequivocal and does not require any inference on the part of the entity seeking consent. Implicit consent may reasonably be inferred from the action or inaction of the individual such as not having opted out, or providing credit card information to complete a transaction. (see opt in and opt out).

 

Cookies. Cookies are pieces of information generated by a Web server and stored in the user's computer, ready for future access. The information can then be used to identify the user when returning to the Web site, to personalize Web content, and suggest items of potential interest based on previous buying habits. Certain advertisers use tracking methods, including cookies, to analyze the patterns and paths through a site.

 

Encryption. The process of transforming information to make it unreadable to anyone except those possessing special key (to decrypt).

 

Entity. An organization that collects, uses, retains, and discloses personal information.

 

Individual. The person about whom the personal information is being collected (sometimes referred to as the data subject).

 

Internal personnel. Employees, contractors, agents, and others acting on behalf of the entity and its affiliates.

 

Opt in. Personal information may not be collected, used, retained and disclosed by the entity without the explicit consent of the individual.

 

Opt out. Implied consent exists for the entity to collect, use, retain, and disclose personal information unless the individual explicitly denies permission.

 

Outsourcing. The use and handling of personal information by a third party that performs a business function for the entity.

 

Personal information. Information that is or can be about or related to an identifiable individual.

 

Personal information cycle. The collection, use, retention, disclosure, disposal, or anonymization of personal information.

 

Policy. A written statement that communicates management’s intent, objectives, requirements, responsibilities, and standards.

 

Privacy. The rights and obligations of individuals and organizations with respect to the collection, use, retention, disclosure, and destruction of personal information.

 

Privacy breach. A privacy breach occurs when personal information is collected, retained, accessed, used, or disclosed in ways that are not in accordance with the provisions of the enterprise’s policies, applicable privacy laws, or regulations.

 

Privacy program. The policies, communications, procedures, and controls in place to manage and protect personal information in accordance with business and compliance risks and requirements.

 

Purpose. The reason personal information is collected by the entity.

 

Redact. To delete or black out personal information from a document or file.

 

Sensitive personal information. Personal information that requires an extra level of protection and a higher duty of care, for example, information on medical or health conditions, certain financial information, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sexual preferences, or information related to offenses or criminal convictions.

 

Third party. An entity that is not affiliated with the entity that collects personal information or any affiliated entity not covered by the entity’s privacy notice.

 

Web beacon. Web beacons, also known as Web bugs, are small strings of code that provide a method for delivering a graphic image on a Web page or in an e-mail message for the purpose of transferring data. Businesses use Web beacons for many purposes, including site traffic reporting, unique visitor counts, advertising and e-mail auditing and reporting, and personalization. For example, a Web beacon can gather a user's IP address, collect the referrer, and track the sites visited by users.

 
Copyright © 2009 by the American Institute of Certified Public Accountants, Inc., New York, New York.