Glossary of Terms

Access: The process of enabling individuals to find out what information has been collected or is stored in an organization’s files/databases. Also may mean giving individuals the ability to correct, amend, update or delete information in their records. A superior example of this type of access would be a Web-based account page, in which the user could modify any and all personal information and submit those changes automatically. Access and modification, however, are not dependent on superior technology. If it can be conducted in the normal course of business, such access and modification could be conducted via email messages or phone calls.

Cookie: A small amount of data, which often includes an anonymous unique identifier, that is sent to a user’s browser from a website’s computers and stored on their computer. Examples of ways cookies are used include to personalize search engines, to store shopping lists of items a user has selected while browsing through a virtual shopping mall, and to automatically log users into a website when revisiting. Each website can send its own cookie to a browser if the browser’s preferences allow it, but (to protect privacy) browsers only permit a website to access the cookies it has already sent to you, not the cookies sent to you by other websites. Users can set their browser to accept all cookies, reject all cookies, or notify them when a cookie is being sent. Disabling cookies may restrict some valuable features on websites often visited, such as automatic “sign-in” features and tailored content.

The following websites contain information about how to adjust cookie settings:

Dispute Resolution Process: The process by which an individual can bring complaints to the attention of an organization and obtain a mutually agreeable solution. The first objective of the dispute resolution process is to present the customer’s views to the business and offer the business’ viewpoint to the customer in a neutral way. In most cases, the dispute resolution process can provide a quick and easy substitute for litigation. The dispute resolution mechanism will help enforce the principles of privacy protection stated in the organization’s privacy policy.

Family Educational Rights and Privacy Act (FERPA): The Family Educational Rights and Privacy Act of 1974, better known as the Buckley Amendment or FERPA, generally governs that students have the right to access their educational records, and limits the release of such educational records by educational institutions to non-school employees without consent of the student. For more information about FERPA, visit the U.S. Department of Education website.

Limit usage or sharing: The practice of giving users choice or control over how their information is used or shared. This is especially important when using or sharing data for reasons other than to fulfill the customer’s request. For example, if a customer shares their personal information in order to purchase a pair of shoes and the shoe company also wants to use that information to send marketing materials, the shoe company should give the customer the choice to receive that marketing material or not. Most organizations give users a choice by providing an opt-in or opt-out feature. In the above example, OPT-IN would require the shoe company to obtain documented customer consent PRIOR to ANY use of the customer’s personal information. The shoe company would not send marketing materials to the customer until given approval. If the shoe company provided an OPT-OUT feature, they would use a customer’s personal information to send marketing materials until the customer asked the company to stop. The tools used to OPT OUT or OPT IN could be as simple as an email notification of a request to be removed; or it may be an “unsubscribe” application accessible via a webpage. Some unsubscribe applications also include the ability to modify personal information preferences.

Non-Personally Identifiable Information: Information that may be collected by a website or browser that does not by itself identify a specific individual. This information often includes which pages visitors view on a website, which browser they use to view a website and terms they use to search a website. This technical data is often aggregated to provide an overview of the browsing patterns of large groups of visitors and is usually used to measure and improve the effectiveness of a website.

Online Behavior: When a Web browser or email application requests a webpage or email from another computer on the Internet, it automatically gives that computer the address where it should send the information. This is called the computer’s “IP address” (IP stands for “internet protocol”). For most users, accessing the Internet from a dial-up and broadband Internet service provider (ISP), the IP address will be different every time they log on. Finally, some IP addresses are identifiable with certain ISPs, corporations, or universities, although they are not identifiable to a specific person at those institutions.

When an organization’s webpage is requested and viewed, that request is usually logged on the organization’s servers with information including the IP address of the computer that requested the page. This information is stored in the organization’s Web server log files.

The information typically traced via Web server log files includes, but is not limited to:

  • IP address registered users
  • browser selection
  • Operating Systems
  • site cookies
  • number of page views
  • entry page, exit pages

Personal Information: Any information that you provide to an entity that is unique to you. Examples of personal information include name, home address, social security number, credit card number, and email address. Pictures, symbols, or other identifiers assigned to you could also be considered “personal information.”

Personally Identifiable Information (PII): Any information that you provide that an entity may use to track or identify you as an individual.

Security: The means an organization uses (industry accepted and proven tools, methods, and procedures) to prevent unauthorized access, use or destruction of personal information. Companies deploy security technology and implement procedural security measures that address conceivable threats (e.g., firewalls, encryption).

Sensitive Information: Personal information that, if collected by the wrong party, could be used to steal an individual’s identity or otherwise harm that person. For the purposes of this policy, sensitive information is defined to be the combination of name, home address, birth date, and any additional information. Social security number and credit card number are always considered to be sensitive information, regardless of the other information submitted. For the purposes of this policy, name and email address in combination are not considered to be sensitive.

Sharing: Companies may share their customer’s personal information with third parties (entities that are not an affiliate of, or related by common ownership or affiliated by corporate control with the entity) in order to provide services relate to, or to complete, document, or enforce a transaction that a customer has authorized. Companies may also share data with third parties for purposes unrelated to the customer’s request (e.g., to market the third party’s products or services to the customer).

Spyware: Spyware is any software that covertly gathers user information through the user’s Internet connection without his or her knowledge, usually for advertising purposes (to learn more about spyware, visit Webopedia).

Third-Party Ad Server: Many online companies use third-party ad servers or ad networks to serve advertisements (e.g., banners) within their webpages. Because your web browser must request these advertising banners from the ad network website, these advertising companies can send their own cookies to your cookie file, just as if you had requested a webpage from the third party ad server’s website. If you want to prevent a third-party ad server from sending and reading cookies on your computer, you must visit each ad network’s website individually and opt out (if the ad server company offers this capability). Alternatively, you can set your browser’s preferences to notify you when a cookie is sent to your computer (or deny the transmission all together). This will not stop the ad server from sending the banner, but it will prevent them from placing a cookie on the computer of a consumer who clicks on a banner. They will not be able to track personally identifiable behavior without sending a cookie. They could, however, track the behavior of a unique IP address.

Web Beacons: A Web beacon is an often-transparent graphic image used in combination with cookies, usually no larger than 1 pixel x 1 pixel, that is placed on a website to monitor the behavior of the user visiting the website (to learn more about Web beacons.