The world of data privacy is vast and complex. Almost everyone has an opinion about the topic, but few truly understand how it actually works.
In this glossary, we’ll help you build your data privacy IQ by explaining some of the most common terms and applications.
Ready? Let’s get started…
Data privacy generally encompasses the laws, regulations, industry standards, and business practices used in the handling of personal information: how it is collected, how it is used, and to whom and under what circumstances it is shared. General issues in data privacy include the rules around data collection, required disclosures, and the rights of individuals.
Data privacy is different from data security, which refers to the technical measures businesses take to prevent unauthorized access to information.
Data governance signifies how businesses intend to use data. According to the Data Governance Institute, which provides vendor-neutral best practices and guidance, adopting a governance framework incorporating best practices will help stakeholders across any organization identify, meet, and enforce their information needs.
Data compliance refers to the specific policies and procedures an organization adopts to comply with applicable data privacy laws, regulations, industry standards, and internal policies. Compliance measures include categorizing the types of data that need protection and specifying what steps to take concerning each data type under the applicable rule.
Consent is an individual’s permission to process that person’s information in a specific way. What constitutes consent depends upon the applicable rule; in some cases, consent must be explicit or even in writing. In other cases, consent can be assumed or inferred based on a person’s action or even based on a person’s inaction (for example, in the case of “opt-out consent”).
Opt In/Opt Out
Opt in versus opt out is a common dichotomy for understanding different types of consent. If explicit consent is required before a business is permitted to process a person’s information, that is referred to as “opt-in” consent (i.e., you can’t use the person’s information until they opt in). For instance, you opt into data processing when you sign up for an online service and agree to have your data collected and processed in specific ways.
By contrast, some rules require only “opt-out” consent. That means anyone is permitted to use your information until you tell them not to. In the opt-out context, a business may collect information about people, but is required to delete the information regarding any person who contacts the business to opt out.
Personal Information (PI)/Personally Identifiable Information (PII)/Personal Data
PI, PII, and personal data are three phrases that all mean the same thing, although the specific meaning depends upon the specific law, rule, or regulation you are talking about. For example, the General Data Protection Regulation (GDPR) has a specific definition of “personal data” that is different from the California Consumer Privacy Act’s (CCPA) definition. As a broad concept, each of these terms refers to information specifically about an individual but each law, rule, or regulation addressing personal information will have its own definition with specific exclusions and exceptions that must be carefully considered.
Publicly Available Information
Publicly available information generally means information that can be found in public sources and is therefore presumed not to be private for purposes of privacy laws. What this means in a particular case depends on the law, rule, or regulation at issue. Some privacy laws exclude publicly available information from their scope, but others do not. Different laws may include varying definitions.
Sensitive Personal Information
Some privacy laws, rules, and regulations define a subset of personal information as “sensitive” personal information and subject this type of information to more stringent obligations. For example, personal information may be defined to include all information about a person, but information about the person’s health history is deemed sensitive personal information.
Sensitive personal information can include information about a person’s race, ethnic origin, religious beliefs, marital status, age, citizenship, immigration status, mental or physical health condition or diagnosis, sexual orientation, political opinions, criminal history, account numbers, Social Security number, genetic information, or biometric information. Some privacy rules may permit the processing of personal information generally with only opt-out consent, whereas the processing of sensitive personal information may require opt-in consent.
So, where does ZoomInfo come in?
As a privacy-first company, Zoominfo endeavors to be fully transparent about how it collects professional contact data and upholds consumers’ rights to data privacy. Our goal is to not only meet but exceed standards in data compliance and data security. ZoomInfo’s database is focused on business contact information; we do not process sensitive personal information on our contacts. And we have implemented privacy practices that go well above and beyond the B2B industry standard.
In March 2021, ZoomInfo announced that it expanded its privacy team by hiring experts in technical, legal, and regulatory privacy. In October 2020, the company attained TrustArc’s TRUSTe Enterprise Privacy Certification Seal by demonstrating responsible data collection and processing practices for the data that populates our more than 120 million contact profiles.
For more about ZoomInfo’s data and technology, visit our FAQ page.