CIPP/US Exam Prep
CIPP/US Exam Glossary - 38 Terms
Search the terminology pack for Certified Information Privacy Professional/United States. Use these definitions with the study guide and practice questions.
A
- Audit trail
- A record showing who accessed or modified data and when, used to support accountability and investigations.
- Automated decisionmaking technology
- Technology that processes personal information and uses computation to make or support decisions about individuals.
B
- Board reporting
- The requirement that privacy or security leadership provide regular written reports to a board of directors or equivalent governing body.
- Breach notification
- A legal requirement to notify affected individuals or authorities after unauthorized access to certain personal information.
C
- California Consumer Privacy Act
- A California privacy law granting consumers rights regarding personal information and imposing obligations on businesses.
- Centralized privacy review
- A governance process in which proposed data uses or products are escalated for specialized privacy evaluation rather than handled only by individual teams.
- Consumer Financial Protection Bureau
- The federal agency with primary rulemaking authority for the FCRA after Dodd-Frank.
- Consumer report
- A communication bearing on a consumer’s creditworthiness, character, or similar traits used for eligibility decisions under the FCRA.
- Covered entity
- Under HIPAA, a health plan, healthcare clearinghouse, or healthcare provider that transmits health information electronically in connection with certain transactions.
- CPPA
- The California Privacy Protection Agency, the regulator responsible for implementing and enforcing key California privacy rules.
- Cybersecurity audit
- A formal review of an organization’s security controls and practices, sometimes required by privacy regulations to support compliance and governance.
D
- Data minimization
- The principle of limiting data collection, use, and retention to what is reasonably necessary for a stated purpose.
- Driver's Privacy Protection Act
- A federal law restricting disclosure and use of personal information contained in motor vehicle records.
E
- Education record
- A record directly related to a student and maintained by an educational institution or party acting for it, as defined by FERPA.
- Executive oversight
- Senior leadership involvement in supervising privacy risk, compliance, and strategy within an organization.
F
- FCRA
- The Fair Credit Reporting Act, a federal law regulating consumer reports, consumer reporting agencies, and permissible uses of credit information.
- FERPA sole-possession record
- A note kept solely by its maker as a personal memory aid and not shared with others, excluded from FERPA’s definition of education records.
- FTC Section 5
- The provision of the FTC Act that prohibits unfair or deceptive acts or practices in or affecting commerce.
G
- GLBA Privacy Rule
- A rule under the Gramm-Leach-Bliley Act governing financial institutions’ privacy notices and certain disclosures of nonpublic personal information.
- GLBA Safeguards Rule
- An FTC rule requiring financial institutions to develop, implement, and maintain a comprehensive information security program.
H
- HIPAA authorization
- A written permission required for certain uses or disclosures of protected health information that do not fall within permitted exceptions like treatment, payment, or healthcare operations.
M
- Minimum necessary standard
- HIPAA’s requirement that covered entities make reasonable efforts to use, disclose, or request only the minimum protected health information needed for a purpose.
- Multistate attorney-general investigation
- A coordinated enforcement inquiry conducted by multiple state attorneys general, increasing regulatory leverage and pressure.
N
- Nonpublic personal information
- Personally identifiable financial information not publicly available, protected under GLBA.
O
- Opt out
- A consumer’s right under certain privacy laws, such as GLBA, to direct that specific disclosures of personal information not occur.
P
- Permissible purpose
- A legally authorized reason for obtaining, using, or disclosing regulated personal information under laws such as the FCRA or DPPA.
- Privacy governance
- The organizational framework for managing privacy compliance, accountability, oversight, and risk.
- Protected health information
- Individually identifiable health information regulated by HIPAA.
Q
- Qualified individual
- The person designated under the GLBA Safeguards Rule to oversee and enforce the institution’s information security program.
R
- Right to limit
- A California consumer right allowing individuals to restrict certain uses and disclosures of sensitive personal information.
- Risk assessment
- A structured evaluation of the privacy or security risks associated with data processing activities.
S
- Sale
- Under California law, a disclosure of personal information to a third party for monetary or other valuable consideration.
- Sensitive personal information
- A category of personal data subject to heightened protections under California privacy law, including a consumer right to limit certain uses and disclosures.
- Sharing
- Under California law, disclosure of personal information for cross-context behavioral advertising, treated separately from a sale.
- Substantial injury
- A key element of the FTC unfairness analysis referring to significant harm or likely harm to consumers.
- Substitute notice
- An alternative breach-notification method used when direct notice to affected individuals is not feasible.
T
- Treatment, payment, or healthcare operations
- HIPAA-permitted categories of use and disclosure for protected health information that generally do not require separate authorization.
U
- Unfairness test
- The FTC standard under which a practice is unfair if it causes or is likely to cause substantial injury that consumers cannot reasonably avoid and that is not outweighed by countervailing benefits.
About These Definitions
These definitions are loaded from the shared release pack. Use them with the study guide and practice questions to connect vocabulary to exam scenarios.