Glossary

    P

    A B C D E F G H I L M N O P R S U V W

    Passive Data Collection

    • Description: This method involves gathering data without direct user input, such as through the use of log files and cookies.
    • Origin: Used in web analytics since early 2000s; regulated by laws like GDPR.
    • Impacts Data Types: Behavioral data and system logs.
    • Examples: Cookie-based tracking and server access logs.
    • Potential Fines: Indirect — lack of disclosure can result in GDPR penalties.

    PCI DSS (Payment Card Industry Data Security Standard)

    • Description: A security standard for organizations handling cardholder data, enforced by the PCI Security Standards Council.
    • Enacted and Enforced: Established December 15, 2004; enforced from September 2006.
    • Impacts Data Types: Credit card numbers, CVVs, cardholder names.
    • Examples: Encrypted transaction logs and secure payment gateways.
    • Potential Fines: $5,000–$100,000 per month for non-compliance.

    Pennsylvania State Privacy Law SB 712

    • Description: Requires notification to residents when personal information is compromised.
    • Enacted and Enforced: Enacted October 2002; enforced since December 5, 2004.
    • Impacts Data Types: SSNs, driver’s license numbers.
    • Examples: Employee SSNs exposed in a phishing incident.
    • Potential Fines: Up to $500/day, capped at $50,000.

    PHI (Protected Health Information)

    • Description: Any health info that can identify an individual and is transmitted electronically or stored.
    • Enacted and Enforced: Defined in HIPAA Privacy Rule, enforced April 14, 2003.
    • Impacts Data Types: Medical records, billing data, lab results.
    • Examples: X-ray images, insurance claims.
    • Potential Fines: Up to $50,000 per violation; $1.5 million annual cap.

    PII (Personally Identifiable Information)

    • Description: Data that can identify a person — name, SSN, DOB, biometric data, etc.
    • Origin: Defined by FTC interpretations; regulated by many laws.
    • Impacts Data Types: Names, SSNs, emails, addresses.
    • Examples: Email addresses, driver’s license numbers.
    • Potential Fines: Up to $43,280 per FTC violation.

    Purpose Limitation

    • Description: GDPR principle stating data must be collected for specific, legitimate purposes.
    • Enacted and Enforced: GDPR Article 5(1)(b), enforced since May 25, 2018.
    • Impacts Data Types: All personal data.
    • Examples: Using email solely for account creation.
    • Potential Fines: Up to €20M or 4% of global turnover.
    A B C D E F G H I L M N O P R S U V W