Editing Main Page/Teaching Resources/Glossary

=== Privacy glossary === 
Most definitions taken from Wikipedia. 

==== Ad exchange ====
An ad exchange is a technology platform that facilitates the buying and selling of media advertising inventory from multiple ad networks. Prices for the inventory are determined through real-time bidding. The approach is technology-driven as opposed to the historical approach of negotiating price on media inventory. This represents a field beyond ad networks as defined by the Interactive Advertising Bureau, and by advertising trade publications.

==== Ad network ====
An online advertising network or ad network is a company that connects advertisers to websites that want to host advertisements. The key function of an ad network is an aggregation of ad supply from publishers and matching it with advertiser's demand.

==== Algorithm ====
In mathematics and computer science, an algorithm is a finite sequence of well-defined, computer-implementable instructions, typically to solve a class of problems or to perform a computation. Algorithms are always unambiguous and are used as specifications for performing calculations, data processing, automated reasoning, and other tasks

==== Artificial intelligence ==== 
Artificial intelligence is intelligence demonstrated by machines, unlike the natural intelligence displayed by humans and animals, which involves consciousness and emotionality. The distinction between the former and the latter categories is often revealed by the acronym chosen.

==== Authentication ==== 

The process by which an entity (such as a person or computer system) determines whether another entity is who it claims to be.

==== Behavioral advertising ====

Behavioral targeting comprises a range of technologies and techniques used by online website brands, publishers and advertisers aimed at increasing the effectiveness of marketing and advertising using user web-browsing behavior information.

==== Big data ====

Big data is a field that treats ways to analyze, systematically extract information from, or otherwise deal with data sets that are too large or complex to be dealt with by traditional data-processing application software. Data with many fields offer greater statistical power, while data with higher complexity may lead to a higher false discovery rate.

biometrics

Data concerning the intrinsic physical or behavioral characteristics of an individual. Examples include DNA, fingerprints, retina and iris patterns, voice, face, handwriting, keystroke technique and gait. The General Data Protection Regulation, in Article 9, lists biometric data for the purpose of uniquely identifying a natural person as a special category of data for which processing is not allowed other than in specific circumstances.

CCTV

Originally an acronym for "closed circuit television," CCTV has come to be shorthand for any video surveillance system. Originally, such systems relied on coaxial cable and was truly only accessible on premise. Today, most surveillance systems are hosted via TCP/IP networks and can be accessed remotely, and the footage much more easily shared, eliciting new and different privacy concerns.


chat bot 

Computerized intelligence that simulates human interactions and may be used to handle basic customer requests and interactions.


cloud computing 

The provision of information technology services over the Internet. These services may be provided by a company for its internal users in a "private cloud" or by third-party suppliers. The services can include software, infrastructure (i.e., servers), hosting and platforms (i.e., operating systems). Cloud computing has numerous applications, from personal webmail to corporate data storage, and can be subdivided into different types of service models.

confidentiality 

Data is "confidential" if it is protected against unauthorised or unlawful processing. The General Data Protection Regulation requires that an organization be able to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services as part of its requirements for appropriate security. In addition, the GDPR requires that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.


consent 

This privacy requirement is one of the fair information practices. Individuals must be able to prevent the collection of their personal data, unless the disclosure is required by law. If an individual has choice about the use or disclosure of his or her information, consent is the individual's way of giving permission for the use or disclosure. Consent may be affirmative; i.e., opt-in; or implied; i.e., the individual didn’t opt out.
(1) Affirmative/Explicit Consent: A requirement that an individual "signifies" his or her agreement with a data controller by some active communication between the parties.

(2) Implicit Consent: Implied consent arises where consent may reasonably be inferred from the action or inaction of the individual.

consent decree

A judgment entered by consent of the parties. Typically, the defendant agrees to stop alleged illegal activity and pay a fine, without admitting guilt or wrongdoing. This legal document is approved by a judge and formalizes an agreement reached between a U.S. federal or state agency and an adverse party.


content delivery network 

The servers that contain most or all of the visible elements of a web page and that are contacted to provide those elements. In the realm of advertising, a general ad server is contacted after a webpage is requested, that ad server looks up any known information on the user requesting to access the webpage.


cookie 

A small text file stored on a client machine that may later be retrieved by a web server from the machine. Cookies allow web servers to keep track of the end user’s browser activities, and connect individual web requests into a session. Cookies can also be used to prevent users from having to be authorized for every password protected page they access during a session by recording that they have successfully supplied their username and password already. Cookies may be referred to as "first-party" (if they are placed by the website that is visited) or "third-party" (if they are placed by a party other than the visited website). Additionally, they may be referred to as "session cookies" if they are deleted when a session ends, or "persistent cookies" if they remain longer. Notably, the General Data Protection Regulation lists this latter category, so-called "cookie identifiers," as an example of personal information. The use of cookies is regulated both by the GDPR and the ePrivacy Directive (see Cookie Directive).


dark patterns

Recurring solutions that are used to manipulate individuals into giving up personal information.


data aggregation 

Taking Individual data sets and combining them to statistically analyze data trends while protecting individual privacy by using groups of individuals with similar characteristics rather than isolating one individual at a time. To effectively aggregate data so that it cannot be re-identified (or at least make it difficult to do so) the data set should: (1) have a large population of individuals, (2) Categorized to create broad sets of individuals, and; (3) not include data that would be unique to a single individual in a data set.


data breach 

The unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by a data collector. Breaches do not include good faith acquisitions of personal information by an employee or agent of the data collector for a legitimate purpose of the data collector—provided the personal information is not used for a purpose unrelated to the data collector's business or subject to further unauthorized disclosure.


data brokers

Entities that collect, aggregate and sell individuals’ personal data, derivatives and inferences from disparate public or private sources.


data centers


Facilities that store, manage and disseminate data and house a network’s most critical systems. Data centers can serve either as a centralized facility for a single organization’s data management functions or as a third-party provider for organization’s data management needs.


data minimization principle 

The idea that one should only collect and retain that personal data which is necessary.


data protection 

The rules and safeguards applying under various laws and regulations to personal data about individuals that organizations collect, store, use and disclose. “Data protection” is the professional term used in the EU, whereas in the U.S. the concept is generally referred to as “information privacy.” Importantly, data protection is different from data security, since it extends beyond securing information to devising and implementing policies for its fair use.

de-identification

An action that one takes to remove identifying characteristics from data.


deep learning

A subset of artificial intelligence and machine learning. It learns by performing a tasks repeatedly and adding layers of data to improve the outcome.


digital rights management (DRM)

The management of access to and use of digital content and devices after sale. DRM is often associated with the set of access control (denial) technologies. These technologies are utilized under the premise of defending copyrights and intellectual property but are considered controversial because they may often restrict users from utilizing digital content or devices in a manner allowable by law. 

do not track 

A catch-all term for various technologies and browser settings designed to allow data subjects to indicate their objection to tracking by websites. Years of effort, by the W3C and other organizations, to create an official Do Not Track standard for HTTP headers has of yet led to naught.


encryption 


The process of obscuring information, often through the use of a cryptographic scheme in order to make the information unreadable without special knowledge; i.e., the use of code keys. Encryption is mentioned in the General Data Protection Regulation as a potential way to mitigate risk, and certain breach notification requirements may be mitigated by the use of encryption as it reduces the risks to the rights and freedoms of data subjects should data be improperly disclosed.


encryption key 

A cryptographic algorithm applied to unencrypted text to disguise its value or used to decrypt encrypted text.


end user license agreement (EULA)

A contract between the owner of the software application and the user. The user agrees to pay for the use of the software and promises to comply with certain restrictions on that use.

family educational rights and privacy act (FERPA)

FERPA establishes requirements regarding the privacy protection of student educational records.  It applies to all academic institutions that receive funds under applicable U.S. Department of Education programs.  FERPA gives parents certain rights with respect to their children’s education records.  These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level.  Students to whom the rights have transferred are referred to as “eligible students.”


federal communiations commission (FCC)

The United States agency that regulates interstate communications through radio, wire, telecommunications, satellite and cable. The Federal Communications Commission has authority that overlaps with the Federal Trade Commission in some areas of privacy law including enforcement and further regulation under the Telephone Consumer Protection Act.


federal trade commission (FTC)

The United States' primary consumer protection agency, the FTC collects complaints about companies, business practices and identity theft under the FTC Act and other laws that they enforce or administer. Importantly, the FTC brings actions under Section 5 of the FTC Act, which prohibits unfair and deceptive trade practices.


freedom of information act (FOIA)

A U.S. federal law that ensures citizen access to federal government agency records. FOIA only applies to federal executive branch documents. It does not apply to legislative or judicial records. FOIA requests will be fulfilled unless they are subject to nine specific exemptions. Most states have some state level equivalent of FOIA. The federal and most state FOIA statutes include a specific exemption for personal information so that sensitive data (such as Social Security numbers) are not disclosed.


general data protection regulation (GDPR) (EU)

The General Data Protection Regulation (GDPR) replaced the Data Protection Directive in 2018. The aim of the GDPR is to provide one set of data protection rules for all EU member states and the European Economic Area (EEA). The document comprises 173 recitals and 99 articles.


geofencing

Geofencing is the creation of virtual perimeters linked to the geographic position of a mobile device. In the BYOD context, geofencing may be used to restrict access to applications or sensitive information inside of or outside of specific locations. For example, a company may be able to restrict access to potentially risky applications on a personal device when the device is connected to the company’s network or, conversely, restrict access to company resources when the device is outside of the company’s network.


==== Health Insurance Portability and Accountability Act (HIPAA) ==== 
A U.S. law passed to create national standards for electronic healthcare transactions, among other purposes. HIPAA required the U.S. Department of Health and Human Services to promulgate regulations to protect the privacy and security of personal health information. The basic rule is that patients have to opt in before their information can be shared with other organizations—although there are important exceptions such as for treatment, payment and healthcare operations.

==== identifiers ==== 
Codes or strings used to represent an individual, device or browser.

==== information security (infosec) ==== 
The protection of information for the purposes of preventing loss, unauthorized access and/or misuse. It is also the process of assessing threats and risks to information and the procedures and controls to preserve confidentiality, integrity and availability of information.

==== integrity ====
Integrity refers to the consistency, accuracy and trustworthiness of the data. 

==== internet of things ==== 
A term used to describe the many devices that are connected to the internet. Any device that is built with a network interface can be assigned an IP address to allow for automation and remote access.

==== internet protocol address (IP address) ====
A unique string of numbers that identifies a computer on the Internet or other TCP/IP network. The IP address is expressed in four groups of up to three numbers, separated by periods. For example: 123.123.23.2. An address may be "dynamic," meaning that it is assigned temporarily whenever a device logs on to a network or an Internet service provider and consequently may be different each time a device connects. Alternatively, an address may be "static," meaning that it is assigned to a particular device and does not change, but remains assigned to one computer or device.

==== internet service provider (ISP) ==== 
A company that provides Internet access to homes and businesses through modem dial-up, DSL, cable modem broadband, dedicated T1/T3 lines or wireless connections.

==== location data ==== 
Data indicating the geographical position of a device, including data relating to the latitude, longitude, or altitude of the device, the direction of travel of the user, or the time the location information was recorded.

==== machine learning ==== 
A subfield of, or building block for, artificial intelligence, machine learning is a problem-solving technique that trains a computer to identify new patterns. It implements various algorithms in a problem-solving process that includes data cleansing, feature selection, training, testing, and validation. Companies and government agencies increasingly deploy machine learning algorithms for tasks such as fraud detection, speech recognition, image classification and other pattern-recognition applications.

==== metadata ==== 
Data that describes other data. “Meta” is a prefix meaning “an underlying description” in information technology usage.

==== multi-factor authentication ==== 
An authentication process that requires more than one verification method (see Authentication), such as a password and biometric identifier, or log-in credentials and a code sent to an email address or phone number supplied by a data subject. Also known as two-factor authentication.

==== national security letter (NSL) ====
A category of subpoena, often with an attached gag order. The USA PATRIOT Act expanded the use of national security letters. Separate and sometimes differing statutory provisions now govern access, without a court order, to communication providers, financial institutions, consumer credit agencies and travel agencies.

==== natural language processing (NLP) ====
Natural language processing is a subfield of linguistics, computer science, and artificial intelligence concerned with the interactions between computers and human language, in particular how to program computers to process and analyze large amounts of natural language data. The result is a computer capable of "understanding" the contents of documents, including the contextual nuances of the language within them.

==== open source vs closed source ==== 
Easily viewed, shared and modified software is considered open-source. Closed-source software must by fixed and updated by the vendor. Open source and free software are often used interchangeably. 

==== opt-in ====
One of two central concepts of choice. It means an individual makes an active affirmative indication of choice; i.e., checking a box signaling a desire to share his or her information with third parties.

==== opt-out ====
One of two central concepts of choice. It means an individual’s lack of action implies that a choice has been made; i.e., unless an individual checks or unchecks a box, their information will be shared with third parties.

==== personally identifiable information (PII) ==== 
Any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records; and any other information that is linkable to an individual, such as medical, educational, financial, and employment information.

==== phishing ==== 
Emails or other communications that are designed to trick a user into believing that he or she should provide a password, account number or other information. The user then typically provides that information to a website controlled by the attacker. “Spear phishing” is a phishing attack that is tailored to the individual user, such as when an e-mail appears to be from the user’s boss, instructing the user to provide information.

==== privacy ==== 
Privacy is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively. When something is private to a person, it usually means that something is inherently special or sensitive to them.

==== privacy by design ====
Privacy by design is an idea in systems engineering and information technology. In privacy by design, the engineers build the system so that it keeps information private starting at the beginning instead of building the system and then adding privacy protection later. In privacy by design, the designers treat privacy protection as just as important as other parts of the design. 

==== privacy policy ====
An internal statement that governs an organization or entity’s handling of personal information. It is directed at those members of the organization who might handle or make decisions regarding the personal information, instructing them on the collection, use, storage and destruction of the data, as well as any specific rights the data subjects may have. May also be referred to as a data protection policy.

==== pseudonymization ====
The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

==== public key infrastructure (PKI) ====
A system of digital certificates, authorities and other registration entities that verifies the authenticity of each party involved in an electronic transaction through the use of cryptography.

==== re-identification ====
The action of reattaching identifying characteristics to pseudonymized or de-identified data.

==== right to be forgotten ====
An individual’s right to have their personal data deleted by a business or other organization possessing or controlling that data.

==== social engineering ====
A general term for how attackers can try to persuade a user to provide information or create some other sort of security vulnerability.

==== subpoena ==== 
A written court order issued in an administrative, civil or criminal action that requires the person named in the subpoena to appear in court in order to testify under oath on a particular matter which is the subject of an investigation, proceeding or lawsuit. A subpoena may also require the production of a paper, document or other object relevant to an investigation, proceeding or lawsuit that discloses personal information.

==== terms of service ====
The set of rules which govern the use of a service and must be agreed to, either implicitly through the use of that service or explicitly, in order to make use of that service.

==== transport layer security (TLS) ====
A protocol that ensures privacy between client-server applications and Internet users of the applications. When a server and client communicate, TLS secures the connection to ensure that no third party can eavesdrop on or corrupt the message. TLS is a successor to SSL.

==== virtual private network (VPN) ==== 

A network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users an access to a central organizational network. VPNs typically require remote users of the network to be authenticated and often secure data with encryption technologies to prevent disclosure of private information to unauthorized parties.

==== warrant ====
A warrant is generally an order that serves as a specific type of authorization, that is, a writ issued by a competent officer, usually a judge or magistrate, that permits an otherwise illegal act that would violate individual rights and affords the person executing the writ protection from damages if the act is performed.

A warrant is usually issued by a court and is directed to a sheriff, a constable, or a police officer. Warrants normally issued by a court include search warrants, arrest warrants, and execution warrants. 

==== web beacon ====
Also known as a web bug, pixel tag or clear GIF, a web beacon is a technique used on web pages and email to unobtrusively (usually invisibly) allow checking that a user has accessed some content.[1] Web beacons are typically used by third parties to monitor the activity of users at a website for the purpose of web analytics or page tagging. They can also be used for email tracking. When implemented using JavaScript, they may be called JavaScript tags.