Glossary

What Is Aggregate Consumer Information?  Aggregate consumer information is data collected from multiple sources and used to characterize a group or segment of consumers. This information is typically used by businesses to better understand the target market, improve products and services, and tailor marketing strategies.  Aggregate consumer information is often compared to de-identified and anonymized […]

What Is Aggregate Data? Aggregate data is data related to a collective or category of consumers in which data has been grouped and summed or averaged across multiple consumers.  For example, in a survey comparing people’s preferences for different political candidates, aggregate data of the results would present the overall popularity of each candidate without […]

What Is Amendment of Personal Information?  Amendment of personal information is a consumer’s right to request that organizations and institutions amend inaccurate or incorrect personal information about them. It is also known as the correction of personal information.  Federal and state laws in the US allow consumers to amend the information held about them by […]

What Is Breach Disclosure? Breach disclosure is the process of informing individuals, organizations, and/or government entities about a security breach or incident that has compromised their sensitive information.  This sensitive information could include personal data, financial records, intellectual property, or any other confidential data. When a security incident that exposes personal or sensitive data happens, […]

What Is the Bureau of Consumer Protection?  The Bureau of Consumer Protection (BCP) is a division within the Federal Trade Commission (FTC) in the United States.  The primary purpose of the BCP is to enforce federal laws that protect consumers from unfair, deceptive, or fraudulent business practices.  The BCP investigates and takes legal action against […]

What Is the California Consumer Privacy Act?  The California Consumer Privacy Act of 2018, or CCPA, is a California data privacy law. This California law gives consumers in the state more control over how their personal data is collected and used by businesses.  Under the CCPA, Californians have a right to: Passed by the California […]

What Is the CCPA?  The CCPA stands for California Consumer Privacy Act. This California data privacy law gives consumers in the state more rights about how businesses collect and use their data.  The CCPA was amended by the California Privacy Rights Act (CPRA), passed by California voters in 2020.  The CCPA outlines consumer privacy rights […]

What Is Collection of Personal Information The collection of personal information is the process of obtaining personal data from individuals. Personal information might be collected by businesses, government agencies, or other entities for purposes ranging from providing services and enhancing customer experience to verifying identities and complying with legal obligations. Information collected can range from […]

What Is Consent? Consent refers to a clear, informed, and voluntary agreement by an individual (the data subject) for their personal data to be collected, processed, stored, or shared.  This concept is particularly important in data privacy laws, for example, the General Data Protection Regulation (GDPR) in the European Union.  Third-party definition  The informed, unambiguous […]

What Is Consent Management? Consent management is a process used primarily in data privacy and online environments to ensure that individuals can control what personal information is collected about them and how it is used.  It is especially relevant in the context of websites and applications, where personal data is often collected for various purposes.  […]

What Is the Consumer Financial Protection Bureau?  The Consumer Financial Protection Bureau (CFPB) is a United States government agency responsible for ensuring American consumers are treated fairly by financial institutions like banks, credit unions, and debt collectors.  The CFPB was established under the Dodd-Frank Wall Street Reform and Consumer Protection Act in 2010 in response […]

What Is a Cookie? A cookie is a data packet a website sends to a visitor’s browser. Cookies are a way for websites to remember user information (like items they added to their shopping cart) or record browsing activity, including clicking specific buttons or pages visited in the past. They can also be used to […]

What Is a Cookie Banner? A cookie banner is a pop-up on websites that informs visitors about using cookies and, in some cases, asks for cookie permission. In various parts of the world, showing a cookie banner to web visitors is a legal requirement. Privacy laws and regulations, such as the General Data Protection Regulation […]

What Are Cookies? Cookies are pieces of data that websites send to users’ devices (such as computers, smartphones, and tablets) when they visit them. Users’ web browsers then store cookies on these devices.  While cookies enhance the user experience by remembering preferences and user states, they have raised privacy concerns, especially third-party cookies used for […]

What Is a Correction of Personal Information?  Correction of personal information refers to consumers’ right to correct inaccurate personal information about them. The right to correction includes information held by various institutions, including government agencies, healthcare providers, and financial institutions.  Several laws in the US govern the correction of personal information and protect individuals’ rights […]

What Is the Creation of Personal Information? The creation of personal information is the act of generating new data that identifies an individual or can be linked to an identifiable individual. It can also be the act of deriving data from existing data.  Personal information creation can occur in various contexts and involves the formal […]

What Is Data Aggregation?  Data aggregation is the process of collecting, combining, and organizing data from multiple sources into a single dataset.  Aggregation allows for a broader/more comprehensive view of data for reporting, analysis, or visualization purposes. Data aggregation can help identify trends, patterns, and insights that might not be apparent when looking at individual […]

What Is a Data Breach? A data breach is an incident in which confidential, sensitive, or protected information stored in a computer system, network, or database is exposed to someone without authorized access to view that information.  Common causes of data breaches include malware (for example, ransomware attacks), weak or stolen credentials, application vulnerabilities, social […]

What Is a Data Breach Notification? A data breach notification is a formal communication issued by organizations to individuals, businesses, or regulatory authorities informing them of a security breach that has compromised their personal or sensitive information.  The purpose of data breach notifications is to promptly notify those affected by a breach so they can […]

What Is a Data Leak? A data leak occurs when confidential or sensitive information (for example, personal data, PII, or trade secrets) is exposed. Data leaks usually happen because of companies’ poor data security and data protection strategies. Common causes of data leaks include misconfigured databases, vulnerable software, accidental publication of sensitive data, email misdelivery […]

What Is a Data Protection Authority? A Data Protection Authority (DPA) is an official public agency or body responsible for enforcing data protection laws and regulations. These authorities typically have the power to issue guidelines on data protection practices, conduct audits, handle consumer complaints, and impose penalties for violations. The role and specific powers of […]

What Is the Direct Collection of Personal Information? Direct collection of personal information is when an organization or individual gathers personal information directly from a person, usually through forms, interviews, surveys, or online data entry fields.  This contrasts with indirect collection, where information is gathered without someone’s active participation, such as through third-party sources or […]

What Is a First-Party Ad? A first-party ad is an advertisement that is managed by the website owner where the ad appears. The ad often promotes products, services, or content that the owner of the website directly offers.  This type of advertising allows website owners to have full control over the content and targeting of […]

What Are First-Party Cookies? First-party cookies are small pieces of data created and stored on your device by the website you visit directly.  Websites use third-party cookies to remember your settings and preferences, such as login information and items in a shopping cart.  These cookies are set by the domain of the website you are […]

What Is Indirect Collection of Personal Information? Indirect collection of personal information is the process of gathering personal data about individuals without directly obtaining it from them. It is what happens when information is collected through other sources or means, often without someone’s knowledge.  Indirect collection raises privacy concerns around transparency and consent. Individuals might […]

What Is Online Personal Information? Online personal information is any data about an individual that is available on the internet. This information can range from publicly accessible details to more sensitive data.  It consists of various types of information, like basic identifiers (name, birth date, email address, etc.), social media content, professional information, and so […]

What Is Personally Identifiable Information? Personally Identifiable Information (PII) is any information that can, either by itself or when linked with other associated data, identify an individual. PII includes a range of information types that could directly or indirectly identify a person.  Examples of PII include the following: The definition of PII can vary slightly […]

What Is a Privacy Breach? A privacy breach is when someone accesses someone else’s personal information without being authorized to do so.  It typically starts with attackers infiltrating a protected computer network and viewing or stealing data. Common causes of privacy breaches are social engineering (including phishing attacks), weak and stolen credentials, malware, and insider […]

What Is Publicly Available Information? Publicly available information is data that anyone can legally access without any restrictions. It’s information that is not hidden behind paywalls, is not private or confidential, and is not sensitive. This type of information is typically used in research, journalism, marketing, and by individuals for personal or professional purposes.  Third-party […]

What Is Publicly Available Personal Information? Publicly available personal information is data about an individual that the general public can legally access without restrictions. This type of information is typically not protected under privacy laws and can be found in various publicly accessible sources.  The availability and scope of publicly accessible personal information can vary […]

What Is a Request for Correction of Personal Information?  When consumers ask institutions and businesses to correct inaccurate or incorrect information about them, they request the correction of personal information.  In the US, consumers’ right to request the correction of personal information depends on what kind of information they want to correct and where they […]

What Is the Right to Be Forgotten? The “right to be forgotten,” also known as the “right to erasure,” refers to the idea that individuals have the right to remove their personal information from internet searches and databases under certain circumstances.  This concept is primarily associated with privacy and data protection laws in various jurisdictions, […]

What Is the Right to Deletion? The “right to deletion,” often referred to as the “right to be forgotten” or the “right to erasure,” is a privacy right that lets individuals request the deletion of their personal data from an organization’s records under certain circumstances.  This right is a fundamental aspect of data protection laws […]

What Is the Right to Privacy The right to privacy generally refers to the concept that individuals have the right to live their lives with a reasonable degree of freedom from surveillance and intrusion by others, including the government, corporations, and other individuals.  This right should extend to various aspects of personal and familial life, […]

What Is Sensitive Personal Information? Sensitive personal information generally refers to data that, if disclosed, could harm someone or violate their privacy.  Although the exact definition varies depending on the privacy law in question, sensitive personal information typically includes information like precise geolocation, health information, Social Security numbers, financial information, and religious or philosophical beliefs.  […]

What Is a Social Engineer? A social engineer is any person who uses deception, manipulation, and influence to extract information, gain unauthorized access, or cause individuals to perform actions that are beneficial to them. Social engineers can be malicious actors or people whose job is to “hack humans” to see how secure an organization is.  […]

What Is Social Engineering?  Social engineering is when someone manipulates someone else into sharing confidential information (personal or financial) or performing an action they wouldn’t normally do that compromises security (for example, giving access to a computer system or a physical location). Social engineering exploits the natural human tendency to trust. It relies more on […]

What Is a Standard Personal Information Bank? A standard personal information bank (PIB) is a collection of personal information about members of the public and current and former employees at the federal level. For example, “Relocation Personal Information Bank” or “Library Services Personal Information Bank.”  PIBs are controlled and used by government institutions.  In Canada, […]

What Is Targeted Advertising? Targeted advertising involves identifying and targeting specific groups of consumers based on various criteria, such as demographics, behaviors, interests, and other data points.  Targeting consumers like this allows advertisers to create ads that are more personalized and relevant, and as a result, more likely to engage the audience and lead to […]

What Is a Third-Party Ad A third-party ad is an advertisement that is managed and served by an entity other than the website or platform on which it appears.  Unlike first-party advertising, where the ads are placed by the website itself (often promoting the website owner’s products or services), third-party ads come from an external […]

What Are Third-Party Cookies? Third-party cookies are pieces of data created by a third party (usually advertisers or analytics services), not the operator of the website that sends them. Third-party definition  Third-party cookies are tracking codes generated by companies other than the website that a web visitor has navigated to. Advertisers and social media networks […]