The world of data privacy is vast and complex. Almost everyone has an opinion about the topic, but few truly understand how it actually works.
In this glossary, we’ll help you build your data privacy IQ by explaining some of the most common terms and applications.
Ready? Let’s get started…
Data Privacy
Data privacy generally encompasses the laws, regulations, industry standards, and business practices used in the handling of personal information: how it is collected, how it is used, and to whom and under what circumstances it is shared. General issues in data privacy include the rules around data collection, required disclosures, and the rights of individuals.
Data privacy is different from data security, which refers to the technical measures businesses take to prevent unauthorized access to information.
Data Governance
Data Compliance
Data compliance refers to the specific policies and procedures an organization adopts to comply with applicable data privacy laws, regulations, industry standards, and internal policies. Compliance measures include categorizing the types of data that need protection and specifying what steps to take concerning each data type under the applicable rule.
Consent
Consent is an individual’s permission to process that person’s information in a specific way. What constitutes consent depends upon the applicable rule; in some cases, consent must be explicit or even in writing. In other cases, consent can be assumed or inferred based on a person’s action or even based on a person’s inaction (for example, in the case of “opt-out consent”).
Opt In/Opt Out
Opt in versus opt out is a common dichotomy for understanding different types of consent. If explicit consent is required before a business is permitted to process a person’s information, that is referred to as “opt-in” consent (i.e., you can’t use the person’s information until they opt in). For instance, you opt into data processing when you sign up for an online service and agree to have your data collected and processed in specific ways.
By contrast, some rules require only “opt-out” consent. That means anyone is permitted to use your information until you tell them not to. In the opt-out context, a business may collect information about people, but is required to delete the information regarding any person who contacts the business to opt out.
Personal Information (PI)/Personally Identifiable Information (PII)/Personal Data
Publicly Available Information
Publicly available information generally means information that can be found in public sources and is therefore presumed not to be private for purposes of privacy laws. What this means in a particular case depends on the law, rule, or regulation at issue. Some privacy laws exclude publicly available information from their scope, but others do not. Different laws may include varying definitions.
Sensitive Personal Information
Some privacy laws, rules, and regulations define a subset of personal information as “sensitive” personal information and subject this type of information to more stringent obligations. For example, personal information may be defined to include all information about a person, but information about the person’s health history is deemed sensitive personal information.
Sensitive personal information can include information about a person’s race, ethnic origin, religious beliefs, marital status, age, citizenship, immigration status, mental or physical health condition or diagnosis, sexual orientation, political opinions, criminal history, account numbers, Social Security number, genetic information, or biometric information. Some privacy rules may permit the processing of personal information generally with only opt-out consent, whereas the processing of sensitive personal information may require opt-in consent.
So, where does ZoomInfo come in?
As a privacy-first company, Zoominfo endeavors to be fully transparent about how it collects professional contact data and upholds consumers’ rights to data privacy. Our goal is to not only meet but exceed standards in data compliance and data security. ZoomInfo’s database is focused on business contact information; we do not process sensitive personal information on our contacts. And we have implemented privacy practices that go well above and beyond the B2B industry standard.
For more about ZoomInfo’s data and technology, visit our FAQ page.