论坛公告:应用容器安全指南(SP800-190)中文版   美国政府宣布禁用卡巴斯基软件   《中华人民共和国网络安全法》讨论帖   新手报到专用帖   【论坛公告】关于本站广告贴泛滥问题的整理通知   

当前时区为 UTC + 8 小时


发表新帖 回复这个主题  [ 3 篇帖子 ] 
作者 内容
 文章标题 : 关于隐私框架的术语,欢迎提出高见
帖子发表于 : 2012-02-16 09:56 
离线
新手

注册: 2005-06-21 10:00
最近: 2012-02-20 10:39
拥有: 23.00 安全币

奖励: 0 安全币
在线: 167 点
帖子: 7
2.1
anonymity
characteristic of information that does not permit a personally identifiable information principal to be
identified directly or indirectly
2.2
anonymization
process by which personally identifiable information (PII) is irreversibly altered in such a way that a
PII principal can no longer be identified directly or indirectly, either by the PII controller alone or in
collaboration with any other party
2.3
anonymized data
data that has been produced as the output of a personally identifiable information anonymization
process
2.4
consent
personally identifiable information (PII) principal’s freely given, specific and informed agreement to
the processing of his or her PII


--------本帖迄今已累计获得2安全币用户奖励--------


回到顶部
  用户资料  
 
 文章标题 : 关于隐私的术语,有高人给翻译一下,欢迎探讨
帖子发表于 : 2012-02-16 09:59 
离线
新手

注册: 2005-06-21 10:00
最近: 2012-02-20 10:39
拥有: 23.00 安全币

奖励: 0 安全币
在线: 167 点
帖子: 7
2.5
identifiability
condition which results in a personally identifiable information (PII) principal being identified, directly
or indirectly, on the basis of a given set of PII
2.6
identify
establish the link between a personally identifiable information (PII) principal and PII or a set of PII
2.7
identity
set of attributes which make it possible to identify the personally identifiable information principal
2.8
opt-in
process or type of policy whereby the personally identifiable information (PII) principal is required to
take an action to express explicit, prior consent for their PII to be processed for a particular purpose
NOTE A different term that is often used with the privacy principle ‘consent and choice’ is “opt-out”. It describes a
process or type of policy whereby the PII principal is required to take a separate action in order to withhold or withdraw
consent, or oppose a specific type of processing. The use of an opt-out policy presumes that the PII controller has the right
to process the PII in the intended way. This right can be implied by some action of the PII controller different from consent
(e.g., an order in an online shop).
2.9
personally identifiable information
PII
any information that (a) can be used to identify the PII principal to whom such information relates, or
(b) is or might be directly or indirectly linked to a PII principal
NOTE To determine whether a PII principal is identifiable, account should be taken of all the means which can
reasonably be used by the privacy stakeholder holding the data, or by any other party, to identify that natural person.
2.10
PII controller
privacy stakeholder (or privacy stakeholders) that determines the purposes and means for
processing personally identifiable information (PII) other than natural persons who use data for
personal purposes
NOTE A PII controller sometimes instructs others (e.g., PII processors) to process PII on its behalf while the
responsibility for the processing remains with the PII controller.
2.11
PII principal
natural person to whom the personally identifiable information (PII) relates
NOTE Depending on the jurisdiction and the particular data protection and privacy legislation, the synonym “data
subject” can also be used instead of the term “PII principal”.
2.12
PII processor
privacy stakeholder that processes personally identifiable information (PII) on behalf of and in
accordance with the instructions of a PII controller
2.13
privacy breach
situation where personally identifiable information is processed in violation of one or more relevant
privacy safeguarding requirements
2.14
privacy controls
measures that treat privacy risks by reducing their likelihood or their consequences
NOTE 1 Privacy controls include organizational, physical and technical measures, e.g., policies, procedures, guidelines,
legal contracts, management practices or organizational structures.
NOTE 2 Control is also used as a synonym for safeguard or countermeasure.
2.15
privacy enhancing technology
PET
privacy control, consisting of information and communication technology (ICT) measures, products,
or services that protect privacy by eliminating or reducing personally identifiable information (PII) or
by preventing unnecessary and/or undesired processing of PII, all without losing the functionality of
the ICT system
NOTE 1 Examples of PETs include, but are not limited to, anonymization and pseudonymization tools that eliminate,
reduce, mask, or de-identify PII or that prevent unnecessary, unauthorized and/or undesirable processing of PII.
NOTE 2 Masking is the process of obscuring elements of PII.
2.16
privacy policy
overall intention and direction, rules and commitment, as formally expressed by the personally
identifiable information (PII) controller related to the processing of PII in a particular setting
2.17
privacy preferences
specific choices made by a personally identifiable information (PII) principal about how his or her PII
should be processed for a particular purpose
2.18
privacy principles
set of shared values governing the privacy protection of personally identifiable information (PII) when
processed in information and communication technology systems
2.19
privacy risk
effect of uncertainty on privacy
NOTE 1 Risk is defined as the “effect of uncertainty on objectives” in ISO Guide 73 and ISO 31000.
NOTE 2 Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an
event, its consequence, or likelihood.
2.20
privacy risk assessment
overall process of risk identification, risk analysis and risk evaluation with regard to the processing of
personally identifiable information (PII)
NOTE This process is also known as a privacy impact assessment.
2.21
privacy safeguarding requirements
set of requirements an organization has to take into account when processing personally identifiable
information (PII) with respect to the privacy protection of PII
2.22
privacy stakeholder
natural or legal person, public authority, agency or any other body that can affect, be affected by, or
perceive themselves to be affected by a decision or activity related to personally identifiable
information (PII) processing
2.23
processing of PII
operation or set of operations performed upon personally identifiable information (PII)
NOTE Examples of processing operations of PII include, but are not limited to, the collection, storage, alteration,
retrieval, consultation, disclosure, anonymization, pseudonymization, dissemination or otherwise making available, deletion
or destruction of PII.
2.24
pseudonymization
process applied to personally identifiable information (PII) which replaces identifying information with
an alias
NOTE 1 Pseudonymization can be performed either by PII principals themselves or by PII controllers. Pseudonymization
can be used by PII principals to consistently use a resource or service without disclosing their identity to this resource or
service (or between services), while still being held accountable for that use.
NOTE 2 Pseudonymization does not rule out the possibility that there might be (a restricted set of) privacy stakeholders
other than the PII controller of the pseudonymized data which are able to determine the PII principal’s identity based on the
alias and data linked to it.
2.25
secondary use
processing of personally identifiable information (PII) in conditions which differ from the initial ones
NOTE Conditions that differ from the initial ones could involve, for example, a new purpose for processing PII, a new
recipient of the PII, etc.
2.26
sensitive PII
category of personally identifiable information (PII), either whose nature is sensitive, such as those
that relate to the PII principal’s most intimate sphere, or that might have a significant impact on the
PII principal
NOTE In some jurisdictions or in specific contexts, sensitive PII is defined in reference to the nature of the PII and can
consist of PII revealing the racial origin, political opinions or religious or other beliefs, personal data on health, sex life or
criminal convictions, as well as other PII that might be defined as sensitive.
2.27
third party
privacy stakeholder other than the personally identifiable information (PII) principal, the PII controller
and the PII processor, and the natural persons who are authorized to process the data under the
direct authority of the PII controller or the PII processor


--------本帖迄今已累计获得2安全币用户奖励--------


回到顶部
  用户资料  
 
 文章标题 : 关于隐私的术语,有高人给翻译一下,欢迎探讨
帖子发表于 : 2012-02-16 10:00 
离线
新手

注册: 2005-06-21 10:00
最近: 2012-02-20 10:39
拥有: 23.00 安全币

奖励: 0 安全币
在线: 167 点
帖子: 7
2.5
identifiability
condition which results in a personally identifiable information (PII) principal being identified, directly
or indirectly, on the basis of a given set of PII
2.6
identify
establish the link between a personally identifiable information (PII) principal and PII or a set of PII
2.7
identity
set of attributes which make it possible to identify the personally identifiable information principal
2.8
opt-in
process or type of policy whereby the personally identifiable information (PII) principal is required to
take an action to express explicit, prior consent for their PII to be processed for a particular purpose
NOTE A different term that is often used with the privacy principle ‘consent and choice’ is “opt-out”. It describes a
process or type of policy whereby the PII principal is required to take a separate action in order to withhold or withdraw
consent, or oppose a specific type of processing. The use of an opt-out policy presumes that the PII controller has the right
to process the PII in the intended way. This right can be implied by some action of the PII controller different from consent
(e.g., an order in an online shop).
2.9
personally identifiable information
PII
any information that (a) can be used to identify the PII principal to whom such information relates, or
(b) is or might be directly or indirectly linked to a PII principal
NOTE To determine whether a PII principal is identifiable, account should be taken of all the means which can
reasonably be used by the privacy stakeholder holding the data, or by any other party, to identify that natural person.
2.10
PII controller
privacy stakeholder (or privacy stakeholders) that determines the purposes and means for
processing personally identifiable information (PII) other than natural persons who use data for
personal purposes
NOTE A PII controller sometimes instructs others (e.g., PII processors) to process PII on its behalf while the
responsibility for the processing remains with the PII controller.
2.11
PII principal
natural person to whom the personally identifiable information (PII) relates
NOTE Depending on the jurisdiction and the particular data protection and privacy legislation, the synonym “data
subject” can also be used instead of the term “PII principal”.
2.12
PII processor
privacy stakeholder that processes personally identifiable information (PII) on behalf of and in
accordance with the instructions of a PII controller
2.13
privacy breach
situation where personally identifiable information is processed in violation of one or more relevant
privacy safeguarding requirements
2.14
privacy controls
measures that treat privacy risks by reducing their likelihood or their consequences
NOTE 1 Privacy controls include organizational, physical and technical measures, e.g., policies, procedures, guidelines,
legal contracts, management practices or organizational structures.
NOTE 2 Control is also used as a synonym for safeguard or countermeasure.
2.15
privacy enhancing technology
PET
privacy control, consisting of information and communication technology (ICT) measures, products,
or services that protect privacy by eliminating or reducing personally identifiable information (PII) or
by preventing unnecessary and/or undesired processing of PII, all without losing the functionality of
the ICT system
NOTE 1 Examples of PETs include, but are not limited to, anonymization and pseudonymization tools that eliminate,
reduce, mask, or de-identify PII or that prevent unnecessary, unauthorized and/or undesirable processing of PII.
NOTE 2 Masking is the process of obscuring elements of PII.
2.16
privacy policy
overall intention and direction, rules and commitment, as formally expressed by the personally
identifiable information (PII) controller related to the processing of PII in a particular setting
2.17
privacy preferences
specific choices made by a personally identifiable information (PII) principal about how his or her PII
should be processed for a particular purpose
2.18
privacy principles
set of shared values governing the privacy protection of personally identifiable information (PII) when
processed in information and communication technology systems
2.19
privacy risk
effect of uncertainty on privacy
NOTE 1 Risk is defined as the “effect of uncertainty on objectives” in ISO Guide 73 and ISO 31000.
NOTE 2 Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an
event, its consequence, or likelihood.
2.20
privacy risk assessment
overall process of risk identification, risk analysis and risk evaluation with regard to the processing of
personally identifiable information (PII)
NOTE This process is also known as a privacy impact assessment.
2.21
privacy safeguarding requirements
set of requirements an organization has to take into account when processing personally identifiable
information (PII) with respect to the privacy protection of PII
2.22
privacy stakeholder
natural or legal person, public authority, agency or any other body that can affect, be affected by, or
perceive themselves to be affected by a decision or activity related to personally identifiable
information (PII) processing
2.23
processing of PII
operation or set of operations performed upon personally identifiable information (PII)
NOTE Examples of processing operations of PII include, but are not limited to, the collection, storage, alteration,
retrieval, consultation, disclosure, anonymization, pseudonymization, dissemination or otherwise making available, deletion
or destruction of PII.
2.24
pseudonymization
process applied to personally identifiable information (PII) which replaces identifying information with
an alias
NOTE 1 Pseudonymization can be performed either by PII principals themselves or by PII controllers. Pseudonymization
can be used by PII principals to consistently use a resource or service without disclosing their identity to this resource or
service (or between services), while still being held accountable for that use.
NOTE 2 Pseudonymization does not rule out the possibility that there might be (a restricted set of) privacy stakeholders
other than the PII controller of the pseudonymized data which are able to determine the PII principal’s identity based on the
alias and data linked to it.
2.25
secondary use
processing of personally identifiable information (PII) in conditions which differ from the initial ones
NOTE Conditions that differ from the initial ones could involve, for example, a new purpose for processing PII, a new
recipient of the PII, etc.
2.26
sensitive PII
category of personally identifiable information (PII), either whose nature is sensitive, such as those
that relate to the PII principal’s most intimate sphere, or that might have a significant impact on the
PII principal
NOTE In some jurisdictions or in specific contexts, sensitive PII is defined in reference to the nature of the PII and can
consist of PII revealing the racial origin, political opinions or religious or other beliefs, personal data on health, sex life or
criminal convictions, as well as other PII that might be defined as sensitive.
2.27
third party
privacy stakeholder other than the personally identifiable information (PII) principal, the PII controller
and the PII processor, and the natural persons who are authorized to process the data under the
direct authority of the PII controller or the PII processor


--------本帖迄今已累计获得2安全币用户奖励--------


回到顶部
  用户资料  
 
显示帖子 :  排序  
发表新帖 回复这个主题  [ 3 篇帖子 ] 

当前时区为 UTC + 8 小时


在线用户

正在浏览此版面的用户:没有注册用户 和 2 位游客


不能 在这个版面发表主题
不能 在这个版面回复主题
不能 在这个版面编辑帖子
不能 在这个版面删除帖子
不能 在这个版面提交附件

前往 :  
cron
华安信达(CISPS.org) ©2003 - 2012