Access. The Principle that obligates companies to guarantee consumers the right to inspect the personal information collected by those companies. Consumers may instruct companies to correct or remove data that is not timely, accurate, relevant, or complete.
Adequacy. A term, referring to countries, that have “adequate protection”, that assures data meets the levels mandated by Article 25 (2) of the EU Data Protection Directive for transfers to countries outside the 28 member States of the European Economic Area. (Austria, Belgium, Denmark, Finland, France, Germany, Greece, Iceland, Ireland, Italy, Liechtenstein, Luxembourg, Netherlands, Norway, Portugal, Spain, Sweden, United Kingdom, Cyprus, Malta, Slovakia, Estonia, Latvia, Slovenia, Lithuania, Hungary, Poland, Czech Republic).
Agents. Persons or entities authorized to act for and under the direction of another person or entity (e.g., an outside company or independent contractor that provides the service of local records checks on behalf of their clients).
Applicant. Also known as the Data Subject.
The Authority. The relevant data protection authority in the territory in which the Data Exporter is established.
APEC (Asia Pacific Economic Cooperation). a newer group of 21 countries surrounding the Pacific Rim in Asia, and the Americas, is seeking to influence the privacy legislation of their member countries.
Data Controller. A natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Data Exporter. Authorized persons or their authorized agents who transfer personal data to the country where the Data Importer is situated.
Data Importer. The party to a contract that receives personal data from the Data Exporter for processing in accordance with the terms of the contract.
Data Processor“ means a natural or legal person, public authority, agency or any other body which processes data on behalf of the Data Controller. The data processor is a third party not employed by the data controller.
Data Subject. is the natural person identified by personal data.
Disclosure to Third Parties. Release of personal information by a company to any entity that is not an affiliate of that company.
EU Data Directive, or European Union Data Protection Directive. Short title for the Directive 95/46/EC of the European Parliament and of the Council of Ministers of 24 October 1995 on the protection of individuals with regard to the processing of personal data, the free movement of such data. It is the principal EU instrument relating to data privacy.
European Economic Area (EEA). An economic relationship that allows three nations–Iceland, Norway and Liechtenstein–to participate in the European Union’s Single Market with the fifteen European Union Member States, without assuming the full responsibility of membership in the European Union.
Fair Information Practices. The principles of Fair Information Practices are reflected in the legal data protection structure found in many countries, and they have helped to spawn privacy laws and institutional privacy practices in this country and abroad. Fair Information Practices include such concepts as notice, choice, access, and consent.
International Professional Background Screening Provider. an agent that provides research for their clients and is typically located within the territory or area where they will provide that research.
Legal Status. a status defined by law (U.S. or Host Country).
Notice. Companies must provide a statement of their information practices before collecting personal information, or before disclosing personal information to others. In some cases, the term also refers to restrictions placed on companies as to the notice that they give to consumers about certain disclosures of personal information required to be given to governmental authorities.
Personal Data. Primarily a European term, Any data relating to an individual, who can be identified from either the data or the data in combination with other information possessed by the data controller.
Personally Identifiable Information (PII). Any information that can be linked to a specific individual, and may include, but not necessarily be limited to a mailing address, phone number, Social Security number, e-mail address, or any other biographical information.
Private Data. That data that is to a large extent defined as Private Data in many countries (i.e. not available to the public), only accessible to the subject of the data search, and/or otherwise restricted by various laws.
Processing. Any operation or set of operations which is performed on personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, blocking, erasure or destruction, or otherwise make available by alignment or combining data.
Sensitive Data. Means any information about a living individual that includes personal data revealing racial or ethnic origin, criminal record information, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life.
Statutory Provision. A law established by legislative enactment, an established law or rule.
Subject Access Request. Countries that have enacted EU modeled Data Privacy Directives state that a “data subject” (the person about whom the personal data refers) is entitled, upon written request, to be informed whether or not personal data is held or processed about them. This means that the subject themselves personally requests information directly from the relevant authority and not through a third-party such as a screening provider.
Third-Party Access. refers to the process of utilizing someone other than the subject/owner of the information normally a local Agent, to locate, research, collect, and process personal “sensitive” information held by a government entity. This term generally implies that anyone can simply walk into a court or police station and request information held about an another individual with or without consent from the subject themselves.
Third Country. In the context of international transfers of personal data, a country outside of the European Union or European Economic Area.
Third Party Vendor. Any person that is neither a company’s affiliate nor a person employed jointly by a company and any other company that is not an affiliate.
Trans border Data Flow (TBDF). term derived from the EU Privacy Directives, the EU Standard Data Transfer Clauses, European data protection laws, and guidelines setup by other organizations such as OEDC and APEC, to describe the requirements to be followed to transfer personal data across national boundaries.