Reference

A

ADA Law Americans with Disabilities Act

Prohibits disability discrimination; limits employer collection of medical information.

Source →

ADEA Law Age Discrimination in Employment Act

Prohibits employment discrimination against workers age 40 and older.

Source →

APEC Acronym Asia-Pacific Economic Cooperation

Regional body behind the Cross-Border Privacy Rules system.

Source →

B

BCRs Acronym Binding Corporate Rules

Internal rules enabling lawful intra-group international data transfers.

Source →

BIPA Law Biometric Information Privacy Act

Illinois law regulating the collection and use of biometric identifiers, with a private right of action.

Source →

BSA Law Bank Secrecy Act

Requires financial recordkeeping and reporting to help detect money laundering.

Source →

C

CALEA Law Communications Assistance for Law Enforcement Act

Requires telecommunications carriers to enable lawful electronic surveillance.

Source →

CAN-SPAM Law Controlling the Assault of Non-Solicited Pornography and Marketing Act

Sets rules for commercial email, including opt-out and labeling requirements.

Source →

CBPR Acronym Cross-Border Privacy Rules

APEC system for accountable cross-border transfers of personal information.

Source →

CCPA Law California Consumer Privacy Act

Cal. Civ. Code § 1798.100

Grants California residents rights to know, delete, and opt out of the sale of their personal information.

Source →

CFAA Law Computer Fraud and Abuse Act

Criminalizes unauthorized access to protected computer systems.

Source →

CFPB Acronym Consumer Financial Protection Bureau

Regulates consumer financial products and related data practices.

Source →

COPPA Law Children's Online Privacy Protection Act

15 U.S.C. § 6501

Restricts online collection of personal information from children under 13.

Source →

CPA Law Colorado Privacy Act

Colorado's comprehensive consumer privacy law.

Source →

CPNI Acronym Customer Proprietary Network Information

Telecommunications customer data protected under FCC rules.

Source →

CPPA Acronym California Privacy Protection Agency

State agency that implements and enforces the CCPA/CPRA.

Source →

CPRA Law California Privacy Rights Act

Amended and expanded the CCPA and created the California Privacy Protection Agency.

Source →

CalOPPA Law California Online Privacy Protection Act

Requires websites and online services to post a conspicuous privacy policy.

Source →

D

DAA Acronym Digital Advertising Alliance

Self-regulatory body governing online behavioral advertising (the AdChoices program).

DNC Acronym Do Not Call Registry

Registry allowing consumers to opt out of most telemarketing calls.

Source →

DNT Acronym Do Not Track

A browser signal requesting that a site not track the user.

DPF Acronym EU-US Data Privacy Framework

Mechanism for lawful EU-to-US personal data transfers; successor to Privacy Shield.

Source →

DPIA Acronym Data Protection Impact Assessment

A GDPR assessment required for high-risk processing of personal data.

Source →

DPO Acronym Data Protection Officer

Designated individual responsible for overseeing privacy compliance.

Source →

DPPA Law Driver's Privacy Protection Act

Protects personal information held by state motor vehicle departments.

Source →

E

ECPA Law Electronic Communications Privacy Act

Restricts interception of and access to electronic communications.

Source →

EEOC Acronym Equal Employment Opportunity Commission

Enforces federal anti-discrimination laws affecting employee data.

Source →

EFTA Law Electronic Fund Transfer Act

Establishes consumer rights and protections for electronic fund transfers.

Source →

EHR Acronym Electronic Health Record

A digital record of a patient’s health information.

Source →

ePHI Acronym Electronic Protected Health Information

PHI created, stored, or transmitted electronically, covered by the HIPAA Security Rule.

Source →

F

FACTA Law Fair and Accurate Credit Transactions Act

Amended FCRA to address identity theft; source of the Red Flags and Disposal Rules.

Source →

FCC Acronym Federal Communications Commission

Regulates interstate communications and enforces TCPA and CPNI rules.

Source →

FCRA Law Fair Credit Reporting Act

15 U.S.C. § 1681

Regulates the collection, dissemination, and use of consumer credit and report information.

Source →

FCRA Disposal Rule Regulation FACTA Disposal Rule

Requires reasonable measures to properly dispose of consumer report information.

Source →

FERPA Law Family Educational Rights and Privacy Act

20 U.S.C. § 1232g

Protects the privacy of student education records.

Source →

FIPPs Acronym Fair Information Practice Principles

Foundational principles (notice, choice, access, security, accountability) for responsible data handling.

Source →

FISA Law Foreign Intelligence Surveillance Act

Governs electronic surveillance of foreign intelligence targets.

Source →

FISMA Law Federal Information Security Modernization Act

Requires federal agencies to secure their information systems.

Source →

FOIA Law Freedom of Information Act

Provides public access to federal agency records, with privacy exemptions.

Source →

FTC Acronym Federal Trade Commission

Primary US federal authority for privacy and consumer-protection enforcement (Section 5, unfair or deceptive practices).

Source →

G

GCC High Acronym Government Community Cloud High Security

test

GDPR Regulation General Data Protection Regulation

Regulation (EU) 2016/679

EU regulation governing personal data processing; frequently contrasted with US sectoral law.

Source →

GINA Law Genetic Information Nondiscrimination Act

Prohibits discrimination based on genetic information in employment and health coverage.

Source →

GLBA Law Gramm-Leach-Bliley Act

15 U.S.C. § 6801

Governs how financial institutions handle nonpublic personal information; includes the Privacy and Safeguards Rules.

Source →

H

HHS Acronym US Department of Health and Human Services

Enforces HIPAA through its Office for Civil Rights.

Source →

HIPAA Law Health Insurance Portability and Accountability Act

Sets national standards for protecting individually identifiable health information.

Source →

HITECH Law Health Information Technology for Economic and Clinical Health Act

Strengthened HIPAA enforcement and introduced breach notification requirements.

Source →

I

IoT Acronym Internet of Things

Networked physical devices that collect and exchange data.

Source →

N

NAI Acronym Network Advertising Initiative

Self-regulatory body setting standards for online advertising.

NIST Acronym National Institute of Standards and Technology

Publishes widely used security and privacy frameworks.

Source →

NPI Acronym Nonpublic Personal Information

Consumer financial information protected under the GLBA.

Source →

O

OCR Acronym Office for Civil Rights

HHS office that enforces the HIPAA Privacy, Security, and Breach Notification Rules.

Source →

OECD Acronym Organisation for Economic Co-operation and Development

Issued influential international privacy guidelines underpinning the FIPPs.

Source →

OMB Acronym Office of Management and Budget

Issues privacy and information-management guidance for federal agencies.

Source →

Oxalis Term

Consulting company

Source →

P

PCI DSS Acronym Payment Card Industry Data Security Standard

Industry security standard for organizations that handle payment card data.

PHI Acronym Protected Health Information

Individually identifiable health information protected under HIPAA.

Source →

PIA Acronym Privacy Impact Assessment

A structured analysis of how a system or project handles personal information.

Source →

PII Acronym Personally Identifiable Information

Information that can identify, or be linked to, a specific individual.

Source →

R

RFPA Law Right to Financial Privacy Act

Protects the confidentiality of customer financial records held by banks.

Source →

Red Flags Rule Regulation FACTA Red Flags Rule

Requires certain creditors and financial institutions to maintain an identity-theft prevention program.

Source →

S

SCA Law Stored Communications Act

Governs access to stored electronic communications and records (Title II of ECPA).

Source →

SCCs Acronym Standard Contractual Clauses

Pre-approved contract terms enabling lawful cross-border data transfers.

Source →

SEC Acronym Securities and Exchange Commission

Regulates securities markets, including cybersecurity and breach disclosure.

Source →

SHIELD Act Law Stop Hacks and Improve Electronic Data Security Act

New York law expanding breach-notification obligations and data-security requirements.

Source →

SOX Law Sarbanes-Oxley Act

Imposes corporate financial reporting, records, and internal-control requirements.

Source →

Safeguards Rule Regulation GLBA Safeguards Rule

Requires financial institutions to develop and maintain an information security program.

Source →

T

TCPA Law Telephone Consumer Protection Act

Restricts telemarketing calls, autodialers, prerecorded messages, and texts.

Source →

TSR Regulation Telemarketing Sales Rule

FTC rule implementing telemarketing restrictions and the National Do-Not-Call Registry.

Source →

U

USA PATRIOT Act Law Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act

Expanded government surveillance and information-sharing authorities after 9/11.

Source →

V

VCDPA Law Virginia Consumer Data Protection Act

Virginia's comprehensive consumer privacy law.

Source →

VPPA Law Video Privacy Protection Act

Restricts disclosure of video rental and viewing records.

Source →