Online Privacy Glossary
Learn key online privacy terms with Incogni.
California Consumer Privacy Act (CCPA)
The CCPA (California Consumer Privacy Act) is a California law aimed at guaranteeing residents’ privacy rights and consumer protections. The CCPA regulates the collection, processing, and sale or trade of personal information. The Act applies to companies that handle California residents’ private data.
California Privacy Rights Act (CPRA)
The California Privacy Rights Act (CPRA) is an amendment and addendum to the California Consumer Privacy Act (CCPA). It refines and extends the provisions laid down in the CCPA. The CCPA and CPRA, taken together, constitute a single California privacy law: the CPRA does not replace the CCPA.
Colorado Privacy Act (CPA)
The Colorado Privacy Act (CPA) is a comprehensive data privacy state law providing Colorado residents with the right to opt out of targeted advertising, the sale of their personal data, and certain types of profiling. The CPA will go into effect on July 1, 2023, making Colorado the third state, after California and Virginia, to have a comprehensive data privacy legislation in place.
Connecticut Data Privacy Act (CTDPA)
The Connecticut Data Privacy Act (CTDPA) is a national data privacy law in the United States providing Connecticut residents with various rights over their personal data – such as the option to opt-out of targeted advertising, the sale of personal data, and automated profiling. The CTDPA also provides certain obligations for data controllers and processors, such as requiring privacy notices.
Cookies are small pieces of data created by a web server and stored within a web browser. They store and save browsing information which can later be retrieved. Once the user comes back to the website, cookies inform the web server that you have returned.
Cyber extortion is an online crime in which a cybercriminal threatens victims with harm, embarrassment, or financial loss unless they comply with demands, such as paying a ransom or providing sensitive information. The most common examples of cyber extortion are ransomware and DDoS attacks.
Cyberbullying is a form of bullying that occurs through electronic devices such as cell phones and computers. It can occur through social media sites, online games, text messages, forums, and other online means of communication.
Cybersecurity is the practice of protecting computers, networks, and sensitive data from unauthorized or criminal access and malicious attacks carried out by cybercriminals. It involves taking various steps and using a range of tools to detect and prevent cyberattacks, as well as responding to and recovering from security incidents.
Cyberstalking is a form of online harassment which involves harassing a victim through the internet or other forms of electronic communications. Although it doesn’t involve physical contact, cyberstalking can cause substantial emotional distress and even involve serious criminal actions.
A data broker, also known as a data aggregator, is a company that collects, sorts, analyzes, and sells or shares individuals’ personal information in order to generate revenues. They create detailed profiles of these individuals, encompassing their demographics, behavior patterns, interests, and preferences.
A data controller is a person or legal entity that determines how and why personal data is processed. In other words, anyone or anything that decides on the purposes behind and means of data processing is called a data controller in line with Chapter 1. Article 4.7 of the General Data Protection Regulation (GDPR).
Data privacy refers to the protection and confidentiality of personal information. It involves the collection, storage, use, and dissemination of personal information in a manner that is secure, private, ethical, and in compliance with applicable laws and regulations.
According to Chapter 1, Art. 4.8 of the GDPR, a data processor is “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.” In some cases, the data processor can also be a data controller.
Browser or digital fingerprinting is a tracking and identification method that collects various data points from a user’s web browser to improve user experience and prevent fraud. However, it is also associated with targeted online advertising, where fingerprints play a role similar to cookies.
Your digital footprint is a record of everything you do online, like the websites you visit and what you post on social media. It’s important to be careful because this information can be seen by companies, advertisers, and even the government.
Do Not Track (DNT)
Do Not Track (DNT) is a browser setting used to signal a user’s preference not to be tracked by website cookies or have their personal information shared. It’s a voluntary system that has been adapted by all browsers, though many websites still don’t honor a Do Not Track preference.
Doxxing refers to the deliberate public disclosure of a person’s sensitive personal information without their permission. The intention behind doxxing someone need not be malicious, but it most often is. In effect, doxxing involves connecting a person’s online persona to their true identity.
Email masking, also known as email obfuscation or email anonymization, is a technique used to protect the privacy and security of an email address. Email masking prevents email addresses from being scraped by the email harvesters and spambots that collect them for malicious purposes like spamming or phishing.
Essential cookies, also known as strictly necessary cookies, are the cookies without which a website cannot function properly. As the name suggests, these cookies are necessary for the website to provide whatever service it’s designed to provide or to facilitate data transmission over networks.
Explicit consent, sometimes referred to as express consent, is a type of consent that is freely given. It’s usually stipulated in laws regarding how organizations obtain an agreement to a contract from an individual, or data subject, or the collection and handling of their personal information.
A Faraday bag, similar to a Faraday cage or Faraday shield, is a specialized bag or flexible container designed to block electromagnetic fields, including those used in wireless communication technologies. English scientist Michael Faraday invented the Faraday cage (on which the Faraday bag is based) in 1836.
General Data Protection Regulation (GDPR)
GDPR stands for General Data Protection Regulation. It’s a comprehensive data protection regulation introduced by the European Union in 2016 and enforced in 2018. It gives individuals greater control over their personal data and unifies data protection laws across the EU member states.
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA, or the Health Insurance Portability and Accountability Act, is a US federal law that regulates how patient health information is stored, transferred, used, and disclosed. It also aims to improve healthcare efficiency and reduce healthcare fraud and abuse.
Hypertext Transfer Protocol Secure (HTTPS)
HTTPS (Hypertext Transfer Protocol Secure) is a variant of HTTP that uses encryption to protect data – making it unreadable to anyone who lacks the decryption key. But what is HTTP in the first place? In layman terms, HTTP is a set of rules (a protocol) that allows web browsers (or other user agents) to exchange information with web servers.
Identity theft is a form of cybercrime in which an unauthorized party illicitly acquires, manipulates, or exploits an individual’s personal information for fraudulent purposes. Identity theft is a grave violation of privacy and security, often leading to far-reaching consequences for the victim.
Internet Service Provider (ISP)
An ISP, or Internet Service Provider, is a company that provides internet access to its customers. ISPs typically require customers to sign a contract and pay a monthly fee for their services. Some ISPs also offer additional services such as email, web hosting, and virtual private networks (VPNs).
An IP address, short for Internet Protocol address, serves as a digital address for devices connected to a network. Like the home address, which helps identify where mail should be delivered, an IP address enables devices to communicate and exchange data over the internet.
Legitimate interest is one of the 6 legal bases that allow the processing of personal data under the General Data Protection Regulation (GDPR). It can also apply to the individual whose data is being processed, referred to as the data subject, as a basis for opting out of data processing.
Location tracking refers to the collection and analysis of data that reveals the whereabouts of a device or person. This is a prevalent practice that can be achieved through GPS, Wi-Fi, cell tower triangulation, and other methods as well as combinations of methods.
NY SHIELD Act
The New York Stop Hacks and Improve Electronic Data Security Act (NY SHIELD Act) is New York State’s primary data protection legislation. The SHIELD Act amends the state’s 2005 Information Security Breach and Notification Act and was signed into law by Governor Andrew Cuomo on July 25, 2019.
Online harassment is any kind of abusive behavior that takes place on the internet. It can include cyberbullying, doxxing, swatting, cyberstalking, hate speech, trolling, catfishing, and revenge porn. Online harassment can occur anywhere online, from social media to online gaming and messaging apps.
To “opt out” is a process of decision-making during which an individual decides not to participate in a particular activity or service or chooses to stop receiving unsolicited service information. The concept of opting out is typically connected with marketing practices, but it can also be applied to advertising, social norms, political systems, opt-out cookies, and more.
OSINT (Open-source intelligence)
Open-source intelligence (OSINT) is the practice of gathering intelligence from publicly available sources such as social media, news articles, government reports, and online databases. OSINT is used to provide insights that can inform decision-making, strategic planning, and security operations.
Personally Identifiable Information (PII)
Personally Identifiable Information is any information that can be used to identify someone. This can include direct information such as name and Social Security number or indirect information such as race and gender. Any information that can be traced back to an individual is considered PII.
Pseudonymization is the data management technique of replacing personal identifiers in data records with pseudonyms or placeholders. It’s often used to protect personal information when sharing data. Data that has been de-identified using pseudonymization can be re-identified again, if necessary.
Public records, kept by government agencies, are an invaluable source of information for the public. These records encompass a wide range of data, from individual and business information to court cases and government contracts.
Right to access
The right to access, also known as the right of access, is the right of individuals to request and receive a copy of any personal data held about them by a given company or organization. They are also entitled to supplementary information to help them understand how and why their data is being used.
Right to be forgotten
The right to be forgotten, also known as the right to erasure, is the right of an individual to have information that is or was publicly available delisted from search engines and delinked from compliant websites. The right to be forgotten originates in the European Union (EU) but has since been implemented elsewhere.
Third-party cookies are cookies created by a different domain than the one you see in your URL bar. Set in third-party code, these cookies are typically used for tracking and online-advertising purposes. Overall, third-party cookies can enhance the browsing experience, but they often do this in exchange for personal data.
US Data Privacy Laws
There are no federal data privacy laws in the US. The proposed American Data Privacy Protection Act (ADPPA) is as close as US residents have been to such a law. The first federal consumer privacy bill to pass committee markup, ADPPA was approved 53-2 by the Committee on Energy and Commerce on July 20, 2022.
Utah Consumer Privacy Act (UCPA)
The UCPA (Utah Consumer Privacy Act) is a state law designed to protect consumer data. It was signed into law on March 24, 2023, and will come into effect on December 31, 2023. At the time of its signing, the Utah Consumer Privacy Act was the fourth such state privacy legislation in the US.
Virginia Consumer Data Protection Act (VCDPA)
The Virginia Consumer Data Protection Act (VCDPA) is a data protection law that came into effect in the Commonwealth of Virginia on January 1, 2023. By passing this legislation, Virginia became the second state (after California) with a comprehensive data protection law in place.
VPN stands for virtual private network. As the name suggests, it’s a technology that creates a virtual, private network within a more extensive network, the internet. Often compared to a tunnel, it secures internet browsing and enhances the confidentiality of users’ data and online activity.