Compliance & Frameworks
CCPA
Also known as: California Consumer Privacy Act, CPRA
Definition
The California Consumer Privacy Act, a U.S. state privacy law granting California residents rights over their personal information held by businesses.
Examples
- A large U.S. retailer publishing a "Do Not Sell or Share My Personal Information" link on its website.
- A SaaS company executing a CCPA service-provider addendum with its data processors.
Related terms
GDPR
The European Union's General Data Protection Regulation governing the processing of personal data of individuals in the EU and EEA.
Data Protection Impact Assessment
Data Protection Impact Assessment — definition coming soon.
Compliance
The discipline of meeting legal, regulatory, contractual, and internal security requirements through documented controls, evidence collection, and ongoing assessment.
HIPAA
The U.S. Health Insurance Portability and Accountability Act, which sets national standards for protecting individually identifiable health information.
Incident Response
The organised process of preparing for, detecting, analysing, containing, eradicating, and recovering from cyber security incidents, then capturing lessons learned.
ISO/IEC 27001
The international standard specifying requirements for an Information Security Management System (ISMS), against which organizations can be formally certified.