Solving the Mystery of Privacy Acronyms

Not Everyone Has a Degree in Privacy

In today’s business world, everyone is impacted by privacy legislation. Cybersecurity has become the number one concern of every business, both large and small. If your business accepts any type of credit card data as payment, then your business, even if operated out of your home, must comply with privacy laws. Even though these laws impact every type and size of business, not everyone has a privacy degree.

A business may have a great concept, a great product, or even a great business plan, but the chances are that the company owner does not have a degree in privacy law. Many great business leaders, CEO’s, and even those who are technically savvy don’t have a background in privacy but do a great job in running their companies. In fact, today’s CFO’s who have primarily been responsible for a corporation’s financial health are now responsible for the privacy policies of their company. These individuals may have an MBA, but a background in cybersecurity or privacy matters may not be in their portfolio. To stay ahead of the competition, learning on the job has become a necessity. Keeping up with changes that happen continuously and come with hefty penalties for non-compliance is necessary for success. You can succeed without a degree in privacy if you are willing to learn the essential details needed for compliance and hire the right individuals to handle privacy management.

When it comes to hiring professionals, most businesses are at a loss. The world of privacy is filled with acronyms. Many acronyms describe the type of privacy professionals and their background. How does one know if their company would do better by hiring a CISSP, CISM, or a CIPP? Even the legislation and mandates required by governments to follow to protect privacy are filled with acronyms. How do you know if your company in Maine must comply with the CCPA, which stands for the California Consumer Privacy Act? If you are working on documentation describing the privacy rules you are using, how do you know if you are using an ATS or if an individual is a CE? It can be confusing. To help you make sense, read further to get a detailed explanation of some of the most commonly used privacy acronyms and how they may impact you and your business.

Acronyms Describing Laws

The number of privacy laws can seem endless. How they apply to your business can be confusing. Referring back to the question about having a company located in Maine being required to follow the California Consumer Privacy Act – the answer is a possible yes. If you only do business locally in Maine, then it is true that the CCPA does not apply to your business. However, if your business is national, international, or even global, then yes, the CCPA applies to your location, regardless of where your office resides. If your business handles transactions with consumers in the state of California, then your business must follow the law or be prepared for lawsuits and penalties enforced by the state’s Attorney General.

Keeping abreast of new information, newly passed legislation, and privacy news is required for any business to stay ahead of compliance. It can ruin a business’s reputation to be caught unaware and face public scrutiny because of a lawsuit for failing to comply with privacy law. Learn what the most commonly used privacy legislation acronyms are, who they impact, and what they mean from the following:

• CCPA – California Consumer Privacy Act is a state statute passed and signed into law in 2018 that impacts California residents. The misguided thought is that it only applies to California. Any business worldwide that wants to do business with California residents must comply or face penalties or lawsuits.
• GDPR – General Data Privacy Regulation is an EU law or regulation on data protection and privacy for residents in the EU. Like the CCPA, these laws impact all businesses that do business with or handle the personal data of residents of the EU.
• LGPD – Lei Geral de Proteção de Dados is the Brazilian version of the GDPR. It unifies 40 different federal statutes into one easy to understand and comply with privacy law.
• PoPI – Protection of Personal Information Act, as South America’s data protection law, PoPI works to regulate how and when South American citizens’ personal information is collected, stored, processed, or shared.
• FISMA – Federal Information Security Management Act – Enacted in 2002, recognizes the importance of information security to the United States’ national security and economic security. FISMA was the act that brought attention to cybersecurity across all levels of government.
• HIPAA – Health Insurance Portability and Accountability Act is a federal statute signed into effect by President Bill Clinton. The purpose was to primarily modernize the flow of healthcare information while protecting private data. It also addressed how data should be protected from fraud or theft and create rules regarding limitations on healthcare coverage.
• FERPA – Family Education Rights and Privacy Act – This privacy law was enacted in 1974. It governs access to educational information and records to protect student privacy. This was to prevent access from future employers, publicly funded educational institutions, and foreign governments.
  While there are far more privacy laws than listed above, in order to stay on top of compliance, it is essential to go over your company’s business methods with a privacy professional. While many large companies may have their own privacy staff, smaller companies may hire someone to simply do an overview and help them write privacy policies. These companies may find a yearly review helpful to stay on top of new legislation.

Acronyms Describing Professionals

When it comes to hiring a professional, where do you start? It would seem there are just as many job titles or educational backgrounds and certification acronyms as there are laws across the globe. How do you know which is the best fit for your situation? Below is a list of commonly used acronyms that describe different privacy professionals; however, you may find the number of varying employment variations to be endless.

• DPO – Required by the GDPR, a data protection officer takes on the enterprise security leadership role. The DPO handles oversight of the company’s data protection strategy and implements policies. It is their job to ensure compliance.
• CISM – A certified information security manager has an advanced certification in information security. This individual has the knowledge necessary to implement an enterprise-level information security program to help protect a company’s data.
• CIPP – Someone who has a CIPP is known as a certified information privacy professional. A CIPP has a solid foundation in privacy know-how. A CIPP would be responsible for ensuring compliance and bolster risk mitigation practices, providing the practical insight necessary to handle meeting and exceeding legislation requirements.
• CISSP – A certified information systems security professional may be hard to find. There are less than 150,000 registered worldwide. A cybersecurity professional considered at the masters level and above, qualified by the DOD or Department of Defense when it comes to providing security as an Information Assurance Technical Manager or IATM.

There are many other types of privacy and security professionals. Deciphering the specific level or job description that goes along with these acronyms may help decide which type of professional is right for you.

Privacy Acronyms Used in Business

The number of acronyms used in the world of business under the realm of privacy is vast. Learning what every one of them means could take a great deal of effort. More will be added and created as you learn as it is a still-growing industry. Currently, there are over 2500 well-known acronyms used frequently in the field of privacy. Here are a few you may likely come across in your day to day business. If there is an acronym that you come across that is unknown to you in the course of business, it doesn’t hurt to look up its meaning and understand its definition. It may help you better understand how to implement its use.

• CDP – A customer data platform is a collection of software applications that create a unified customer database accessible to other linked systems. Data is pulled from multiple sources, scrubbed, and combined to create a single customer profile.
• CMP – A consent management platform stores customer proof-of-consent and preference choices. It can also handle visitors who request to alter data the website collects about them. It can provide an additional level of transparency into a site’s data collection and usage practices.
• DNT – A basic acronym for Do Not Track.
• GLB – Gramm-Leach-Bliley Act is also known as the Financial Services Modernization Act of 1999. Along with data privacy protections for consumers for personal data such as social security numbers, it also does not allow for one institution to act as a bank, a securities company, and an insurance company all-in-one.
• PHI – This acronym stands for protected health information and is generally used in the healthcare industries.
• NPP – This is known by most everyone globally as the Notice of Privacy Practices.
• PHI – This is known in the medical fields as either Patient Health Information or Personal Health Information.
• PIA – A privacy impact assessment is a review done each year with a privacy professional to help a company follow the trail of data processing through its use in the business from onset to destruction and be sure that privacy practices are being followed to mitigate risk.
• PII – This stands for personally identifiable information, which can include any data that can single out an individual, such as social security number, birth date, or driver’s license number.

While this is just a brief overview of the thousands of acronyms used in the privacy industry, it is in the best interest of anyone involved in handling information security to become familiar with the ones used often in your company. A privacy professional may know most, but as this is a new and growing field, many definitions are multiplying. It may be a continual process of education to keep ahead of privacy regulations.