Privacy and Protection Practices

Role-based access control

RBAC; a security approach that grants users access to data and resources based on their assigned roles rather than individual permissions.

Encryption

The process of converting data into an unreadable format to protect it from unauthorized access.

In transit

Encryption applied to data while it is being transferred across network to prevent interception.

At rest

Encryption applied to stored data to protect it from unauthorized access if storage media is accessed or compromised.

Data usage

The policies and practices that define how data can be accessed, analyzed, and applied within an organization.

Data sharing

The controlled distribution of data between users, systems, or organizations for operational or analytical purposes.

NIST

National Institution Standards and Technology; a U.S. agency that develops cybersecurity, data security, and technology standards and frameworks used across industries.

PII

Personal Identifiable Information; any data that can be used to identify an individual, either directly or indirectly.

PHI

Personal Health Information; Any health-related data tied to an individual that is protect under regulations like HIPPA.

Anonymization

The process of removing or altering personal identifiers in data so individuals cannot be re-identified.

Masking

A technique that obscures specific data elements with characters or dummy values to protect sensitive information while keeping data usable.