Asset | Is a digital or physical solution through which Meridian processes data (e.g. software, applications, physical filing systems).
|
Assessment | Identifies the types of data security risks that an organization is exposed to through third parties.
|
Consent | Refers to any freely given, specific, informed indication of will, whereby the individual agrees to the collection and processing of personal information about and/or relating to him or her. Consent shall be evidenced by written, electronic or recorded means.
|
Data Breach | Is the intentional or unintentional release of secure or private/confidential information to an untrusted environment.
|
Data Controller | Is the person or organization responsible for determining the purposes and means of processing personal data.
|
Data Processing Agreement (DPA) | Is an agreement between the organization and third parties (e.g., vendors, subrecipient , asset providers, etc.) that binds the third parties to specific data protection standards and retention policies when processing data is transferred by Meridian.
|
Data Processor | Is the person or organization (a third party) who processes personal data on behalf of the data controller.
|
Data Subject (“Individual”) | Is the identified or identifiable person to whom the personal data relates.
|
General Data Protection Regulation (GDPR) | A high standard for data protection providing one set of rules that “applies to the processing of personal data of data subjects who are in the Union”. The 99 articles of the GDPR set forth several fundamental rights of data protection, including the right to be informed, right of access, right to rectification, right to erasure/to be forgotten, right to restrict processing, right to data portability, right to object and rights in relation to automated decision making and profiling.
|
Personal Data | Is any information that relates to an identified or identifiable living individual. This includes where living individuals can be directly or indirectly identified using information such as a name as well as other identifiers such as unique personal identifiers (e.g., address, phone number); location data or other online identifiers; and physical, physiological, genetic, mental, economic, cultural or social identity.
|
Personally Identifiable Information (PII): Sensitive and Non-sensitive | Is any data that can be used to identify a specific individual. There are two categories of PII: Sensitive PII and Non-sensitive PII. Social Security numbers, mailing or email address, and phone numbers have most commonly been considered PII. See list of data element examples HERE.
|
Processing | Is defined very broadly and encompasses any action performed on or with personal data, including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, and restriction (that is, the marking of stored data with the aim of limiting its processing in the future, erasure and destruction).). In effect, it is any activity involving personal data. A discrete operational process that involves personal data (e.g., conducting a background check, booking hotel reservations, etc.) is referred to as a Data Processing Activity.
|
Retention | Is the idea that organizations should only retain information as long as it is pertinent or justifiably necessary.
|
| Risk | Is the probability that a data processing activity will result in an impact, threat to or loss of (in varying degrees of severity) a valued outcome (e.g., rights and freedoms). |
Special Category Data | Personal data that reveals an individual’s racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic, biometric and health data; and information relating to sex life or sexual orientation. Special Category Data require consent prior to processing. See list of data element examples HERE.
|
Third Party | A legal body, an agency, or an authority other than the data subject, data controller, or data processor who is authorized to process personal data under the data controller.
|
Data Protection Terminology Print
Created by: Kevin D Trotter
Modified on: Wed, 8 Jul, 2020 at 9:11 AM
Did you find it helpful? Yes No
Send feedbackSorry we couldn't be helpful. Help us improve this article with your feedback.