Data Security & Privacy

Glossary

Footer background lines for the Nemphos Braue website
A B C D E F G H I J K L M N O P Q R S TU V W X Y Z

This glossary is intended as a general reference and does not constitute legal advice. Definitions may vary slightly by jurisdiction and applicable law.

A
Anonymization
The process of removing or modifying identifying information from data so that individuals cannot reasonably be identified, directly or indirectly.

Authentication
The process of verifying the identity of a user, device, or system before granting access.

Authorized Agent
A person or entity permitted to act on behalf of a consumer when exercising privacy rights.

B
Biometric Data
Data generated from unique biological characteristics, such as fingerprints, facial scans, or voiceprints, that can be used to identify an individual.

Breach (Data Breach)
Unauthorized access to, acquisition of, disclosure of, alteration of, destruction of, or loss of personal information.

C
Consent
A freely given, specific, informed, and unambiguous indication of an individual’s agreement to the processing of personal data for a particular purpose.

Consumer
An individual whose personal data or personal information is collected, processed, or stored by an organization.

Controller (Data Controller)
The person or organization that determines why and how personal data is processed.

Cross-Border Data Transfer
The movement of personal data from one country or jurisdiction to another.

D
Data Minimization
The principle that organizations should collect, use, and retain only the personal data reasonably necessary for and narrowly tailored to a specified purpose.

Data Processing
Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.

Data Processor
A person or organization that processes personal data on behalf of a controller.

Data Protection Assessment (DPA/DPIA)
A documented assessment evaluating privacy risks associated with certain data processing activities.

Data Retention
The length of time personal data is stored before deletion or anonymization.

Data Subject
The individual to whom personal data relates (commonly used in GDPR and international privacy laws).

De-identification
The removal or masking of identifiers to reduce the likelihood that personal information can be reasonably linked to an individual.

E
Encryption
The conversion of data into a coded format to prevent unauthorized access.

G
GDPR (General Data Protection Regulation)
The European Union’s comprehensive privacy law governing the processing of personal data.

I
Incident Response Plan
A documented process for detecting, responding to, mitigating and recovering from security incidents or data breaches.

P
Personal Data / Personal Information
Information that identifies, relates to, describes, or can reasonably be linked to an individual.

Privacy Notice (Privacy Policy)
A public statement explaining how an organization collects, uses, shares, stores, retains and protects personal data and sets forth applicable privacy rights and procedures.

Privacy by Design
An approach that incorporates privacy protections into systems, products, and business processes from the outset.

Profiling
Automated processing of personal data to evaluate, analyze or predict aspects of an individual’s behavior, preferences, interests, economic situation, health or other characteristics.

Pseudonymization
Replacing identifying information with artificial identifiers while maintaining the ability to reconnect the data under controlled conditions.

R
Right of Access
The right of an individual to know whether an organization holds personal data about them and to obtain a copy.

Right to Correct (Rectification)
The right to request correction of inaccurate personal information.

Right to Delete (Erasure)
The right to request deletion of personal data under certain circumstances.

Right to Opt Out
The right to direct an organization not to engage in certain processing activities, including the sale of personal data or targeted advertising.

Right to Data Portability
The right to receive personal data in a usable format and transfer it to another service provider.

T
Third Party
An individual or organization that is not the consumer, controller, processor, or an affiliate acting on behalf of the controller.

Targeted Advertising
Advertising based on a consumer’s activities over time and across websites, applications, or services to predict preferences or interests.

Maryland-Specific Terms (MODPA)

MODPA (Maryland Online Data Privacy Act)
Maryland’s comprehensive privacy law establishing consumer privacy rights and business obligations regarding personal data.

Consumer Health Data
Personal data used to identify a person’s physical or mental health status, including reproductive and gender-affirming healthcare information.

Data Protection Assessment (MODPA)
A documented evaluation required for processing activities that present a heightened risk of harm to consumers.

Common U.S. Regulatory Acronyms

COPPA – Children’s Online Privacy Protection Act

FERPA – Family Educational Rights and Privacy Act

GLBA – Gramm-Leach-Bliley Act

HIPAA – Health Insurance Portability and Accountability Act

FTC – Federal Trade Commission

NIST – National Institute of Standards and Technology

International Privacy Acronyms

GDPR – European Union General Data Protection Regulation

UK GDPR – United Kingdom version of GDPR

PIPEDA – Canada’s Personal Information Protection and Electronic Documents Act

LGPD – Brazil’s General Data Protection Law

APPI – Japan’s Act on the Protection of Personal Information

Reliable Sources for More Information

Maryland Attorney General – Data Privacy Resources:
Maryland Data Privacy Resources

Maryland Online Data Privacy Act (MODPA):
Maryland Online Data Privacy Act of 2024

Federal Trade Commission (FTC) Privacy & Security Guidance:
FTC Privacy and Security Resources

International Association of Privacy Professionals (IAPP) Privacy Glossary:
IAPP Privacy Glossary

We Are Your Legal Experts.

i

FAQs

Get answers to questions on data privacy and protection laws, and learn more about state and federal regulations.

Featured Case Study

Related Insights

Other Practice Areas