Definitions

TitleContent
AAA systems listlist, either by name or other identifier that tracks all distinct AI, algorithmic or Autonomous Systems;
Access Policypolicy that informs employees, contractors, partners and other interested parties of requirements to ensure that all necessary physical access security measures are in place to prevent unauthorised access, damage and interference (malicious or otherwise) to the entity's assets;
Adult Visualsviolence, Language, Substances, Nudity or Sex as idenitified by the body of work established by the MPAA , or as specified by Ofcom broadcasting rules.
Adverse impactwhen the selection rate of a Protected Category is below 4/5th or 80% of the highest selection rate
Affirmative Actionpolicies positively supporting members of disadvantaged or underrepresented groups (aka Protected Classes) that have previously suffered discrimination in areas such as education, employment and housing
Age-Appropriateensuring that where Online Services and Connected Toys and Devices are accessed by Child or a CWCC, The services and content shall be appropriate for the use by Child or CWCC according to the Age Appropriate Policy and meet their development needs according to their age, developmental stage, capacity, and skills
Age-Appropriate Policya public document outlining the organization’s commitment to Age-Appropriate content and disclosure include the identification of target age ranges per the ICO’s breakdown
Appropriate Policy Documentdocument outlining your compliance measures and retention policies for Special Category Data, including procedures for complying with each principle, retention and Deletion / Destruction policies and the intended retention period https://ico.org.uk/media/for-organisations/documents/2616286/appropriate-policy-document.docx
Anti-passbackfunction that stops a single token being used to enable more than one person to enter a facility or to enter multiple facilities. To prevent ‘passback’ the entry system must not let a token be used to gain access more than once without the token then being registered as having left the area. For a fully secure system, anti-passback and anti-tailgating should be combined to prevent both multiple uses of token and multiple entries on a single token transaction.
Algorithmic Risk Assessmentan analysis of all risks associated with the comprehensive lifecycle of an AI, algorithmic or autonomous system, not covered by the TEC AT-Risk report, the Ethical Risk Analysis, the AI Governance Assessment and the Systemic Societal Impact Analysis
Algorithm Listlist, either by name or by algorithm itself, of all algorithms used to compile a system, if the algorithm or the data set contain even a single variable of a Protected Category/Class/Variable
Algorithmic Risk(s)risks and associated definition listed in Appendix B.2
Algorithmic Risk Analysisalysis and hierarchical comparison, prepared by a diverse team of assessors, designed to analyse the likelihood and severity of consequences to stakeholders and to the market for your algorithmic system incorporating feedback as appropriate. When severity and likelihood remain high, resulting in the overall risk of data processing remaining high, then the data processor shall consult directly with the data protection authority prior to beginning any data processing.
Algorithmic Risk Committee (ARC)group of employees (or outsourced expert group) tasked with assuring that all algorithms and autonomous systems have taken the necessary steps to identify, remediate, explain and disclose all instances of Algorithmic Risk
Automatic Threat Recognition (ATR)ATR software interprets physical items or human body scan data, to identify areas where items may be concealed. These areas are flagged on a standardised display, to indicate to a security officer areas to perform a manual search.
Authentic/ Authenticityworthy of acceptance or belief as conforming to or based on fact
Anti-tailgatingfunction of an entry system that enforces ‘one transaction one entry’. For a fully secure system, anti-passback and anti-tailgating should be combined to prevent both multiple uses of token and multiple entries on a single token transaction.
AR/VR Identity Datasubset of Personal Data and Sensitive Personal Data, this refers to unique capture of identity such as retinal scans, eye movements/reactions, fingerprints, voiceprints, hand and face geometry, electrical muscle activity, heart-rate, skin response, and head position (similar to Biometric Data)
Augmented Reality (AR)technology that superimposes a computer-generated image on a user's view of the real world, thus providing a composite view
#Auditor
Artificial Intelligenceautonomous machine or software that replaces a function or task of the human brain
Automationrobotics, cybernetics, machine or software that replaces a task previously performed by a human, generally for the purpose of increased efficiency, quality, or reduced cost
B-Corpin the United States, a benefit corporation (or in several jurisdictions including Delaware, a public-benefit corporation or PBC) is a type of for-profit corporate entity, that includes positive impact on society, workers, the community and the environment in addition to profit as its legally defined goals, in that the definition of "best interest of the corporation" is specified to include those impacts.
Autonomous Systemself-governing system, which operates without the need for human intervention from start to finish, except for pre-start inputs and design plus maintenance, recalibration, retasking and repair
#Accountability
Commissioning Documentationdrawings and manuals covering the installation, operation and maintenance of a system that are provided to the person responsible for maintenance and operation of the system on the site
Code of Ethics
is a set of principles and rules concerning moral obligations and regards for the rights of humans and nature, which may be specified by a given profession or group
Code of Data Ethics
set of guidelines, principles and procedures by which data is acquired, analyzed, processed, adjusted, compiled or otherwise sold, traded or shared with other entities
Child-Friendly
to present information using diagrams, cartoons, graphics, video and audio content, and gamified or interactive content that will attract and interest Children, rather than relying solely on written communications
Child's Data Oversight Committee (CDOC)
group of employees (or outsourced expert group) tasked with reviewing all aspects of data collection, risk and procedures associated with data related to Children or Minors for the jurisdiction
Children's Core Interests
from the UNCRC (The United Nation's Convention on the Rights of the Child) provisions, the Best Interests of the Child include but are not limited to safety, health, wellbeing, family relationships, physical, psychological and emotional development, identity, freedom of expression, privacy, and agency to form their own views
Child(ren)
individual under the age of 13, Children is the plural (Source:COPPA)
Chief Data Officer
individual responsible for all data policies and compliance with data and privacy laws
#Carer
Business Continuity Plan (BCP)
scheme that describes a system of prevention and recovery from potential threats to a company, ensuring that personnel and assets are protected and are able to function quickly in the event of a discontinuity, threat or disaster. The BCP is integrated with a Contingency plan and restoration prioritisation plan
Bullying
an intentional act that causes harm to others, and may involve verbal harassment, verbal or non-verbal threats, physical assault, stalking, or other methods of coercion such as manipulation, blackmail, or extortion.
Biometric Data
personal data resulting from specific technical processing relating to the physical, physio- logical or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;
Bias Remediation Policy
a policy formed in accordance with Relevant Legal Frameworks, equality and anti-discrimination law that considers the scope, nature, context and purpose of the AI, algorithmic and autonomous system. Encompassing processes such as data inputs, architectural inputs and outcomes and taking note of the Data Quality, Information Quality and Pipeline Quality to identify:
a) Metrics, thresholds and procedures designed to consider data prior to processing
b) Metrics, threshold and procedures to examine architectural inputs for Bias
c) Metrics, thresholds and procedure to examine outputs for fairness and compliance with Relevant Legal Framework
d) Procedures for evaluation of Pipeline Quality, Human-in/on-the-Loop interfaces
e) Procedure for evaluation of Cognitive and Non-Response Bias
f) Frequency of review (a) thru (e)
Baseline Population Norm
statistical expectations made by a reasonable person for the appropriate representation of the Protected Variables in a data training set with the defined Population Parameters
A Primary Consideration
something to be treated with equal importance as shareholder value and/or other inherent interests of the organisation when weighing or balancing tensions and Trade-offs. This shall not prejudice the rights of another Child
Commissioning Tests
tests to assess the functionality and performance of a system to ensure it is installed correctly and performs to the required specification
Conditioning
process of changing behavior by rewarding or punishing a subject each time an action is performed until the subject associates the action with pleasure or distress
Data Protection Impact Assessment
consistent with GDPR, it is a tool for examining the purpose of an algorithm, kinds of data required and collected, who has access to the data in your organization and any Service Providers who might have access
Data Poisoning
an adversarial attack targeted at training, testing/validation, Data Quality, Information Quality, Pipeline Data in an attempt to render the data useless or alter/damage the model’s ability to achieve its scope, nature, context and purpose potentially altering outputs in favour of the adversary. Intentional subversion of Data Quality
Data Portability
ability to move, copy or transfer data easily from one database, storage or IT environment to another. These same data copy/transfer rules apply between companies and/or services
Data Minimisation
limiting data collection to only what is required to fullfill a specific purpose.
Data Input Calibration
process of examining training and processing data with respect to Population Parameters, Population Baseline Norms, cognitive bias, accessibility bias, Data Entry Point Attacks
Data Flow Diagram
cartoon or graphic which visually represents all inputs for data collection and locations where data is captured in a database or may leave the system with export interfaces, including notation where processing effects individuals and consent has been granted. The Data Flow Diagram shall include a systematic description of the processing activity, including data flows and stages when AI process any automated decision that may produce effects on individuals. The Data Flow Diagram should also track the jurisdictional location of data and when those data flows move between entities and their relevant jurisdictions, including internal data flows. The Data Flow Diagram should be reviewed and maintained throughout the lifespan of the algorithmic system.
Data Entry Point Attacks
vulnerabilities and attacks associated with the data used for training and processing data, where the adversary manipulates the data in order to attack, alter or otherwise corrupt the intended purpose, scope and nature of the algorithmic system (e.g., data poisoning, model inversion, model evasion)
Data Control Policy
document produced by the entity, which details all corporate policies with regards to Personal Data and/or PII. Includes definitions, procedures, controls, plans for review, plans for amendments, procedures for change and amendments
Data Class/(Data Classification)
group of data with common principles (to group data with common principles)
Data Control Committee (DCC)
group of three or more people, who are entrusted with the same responsibilities as the Chief Data Officer, in support of the Chief Data Officer or Data Protection Officer (DPO)
D&O
directors and Officers insurance, liability insurance payable to the directors and officers of a company, or to the organization itself, as indemnification for losses or advancement of defense costs in the event an insured suffers such a loss as a result of a legal action brought for alleged wrongful acts in their capacity as directors and officers
Controller
means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (but see section 6 of the 2018 Act);
Contingency Plan
a plan to make the system inaccessible and unavailable, or to continue processing, in the context of a security related event
#ContextThe circumstances in which an event occurs; including jurisdiction and/or location, behaviour and functional inputs to an AAA System that are appropriate #EU_ACT
Consent UK GDPR
used as a lawful basis specified in Article 6(1)a of the UK GDPR. Meeting all requirements in that regulation, including enhanced requirements for Consent for Children in Article 8 UK GDPR and Consent for use of Special Category Data, supplemented by requirements in Article 9
Consent
consent to processing personal data is only lawful and  effective if provided by a Child Who Cannot Consent/Child of the age of 13 years and above
Connected Toys and Devices
which are connected to the internet. They are physical products that are supported by the functionality provided through internet or network connection
Data Protection Policy
document produced by the entity, which details all corporate policies with regards to Personal Data and/or PII. Includes definitions, procedures, controls, plans for review, procedures for change, amendments, security and records management, retention policies, integrated with the Business Continuity Plan, Data Security Plan and Security Plan specific scope, nature, context and purpose while limiting accessibility and storage to only necessary persons for processing, including the regular Deletion and Destruction of unnecessary data, all integrated with the Business Continuity Plan, Data Security Plan and Security Plan
Data Protection Officer (DPO)
ensures, in an independent manner, that an organisation applies the laws protecting individuals' personal data. The designation, position and tasks of a DPO within an organisation are described in Articles 37, 38 and 39 of the European Union (EU) General Data Protection Regulation (GDPR).
Data Quality
the quality of data that makes it representative and aligned to the scope, nature, context and purpose of the intended use as applicable to an algorithm. Quality of data refers to data that is reasonably and sufficiently relevant, complete and free from errors in aggregation, annotation, maintenance, enrichment, ground truth constructive (inference or proxy or causative), correct syntax, sampling and training-test split as appropriate to the specific domain and/or industry context from reasonably calibrated sources
Data Security Policy
process of protecting files, databases, and accounts on a network by adopting a set of controls, applications, and techniques that identify the relative importance of different datasets, their sensitivity, regulatory compliance requirements and then applying appropriate protections to secure those resources.
Data Subject
means an identifiable natural person who can be identified, directly or indirectly, in particular by referencing an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person
Data Subject Access Requests (DSAR)
a process that is transparent, concise, intelligible and easily accessed using clear and plain language in written or where appropriate in electronic form, to handle requests to exercise one or more of the Data Subject rights detailed in UK GDPR articles 15 to 22, including the right of access, right to rectification, right to erasure, right to restriction of processing, the notification obligation, right to portability and right to object.
Data Transparency Document
a public report created by the Algorithm Risk Committee designed to collect and document Publicly all relevant steps taken by the Ethics Committee and the Algorithm Risk Committee to mitigate risk of Bias, Data Quality, Information Quality and Pipeline Quality in data sets both prior to processing
De-Anonymization
the practice of willfully processing aggregate anonymized data for the purposes of re-identifying individual persons specifically regardless of the rationale or merit. De-Anonymizations does not include security tests which are designed with the knowledge of the owner and anonymizer of the aggregate data to verify the quality and security of the anonymization process
Deletion
(delete) in the context of data, is when data is removed and is no longer available in plain sight or can easily be recovered
Destruction
(destroy) in the context of data, is when data is removed from your device and can never be restored, even be professional data recovery experts
Digital
characterized by electronic and especially computerized technology
Disabled Person
person who has an impairment that substantially limits one or more major life activites
#Disaster Recovery
Disparate Impact
a legal doctrine which declares that a policy can be considered discriminatory if it “adversely impacts” a group based on that group’s traits, such as its race, color, religion, or sex.
Diverse Inputs and Multi Stakeholder Feedback
as accepted by the Ethics Committee in compliance with the Code of Ethics and/or a diversity policy, it is a collection of individuals noteworthy by their myriad representation of lived experience, background, and culture, diversity of thought process, skills and expertise, and representation of protected categories and intersection thereof. This group is used for risk inputs, risk evaluation, assessment of foreseen misuse and this evaluation occurs throughout the algorithmic lifecycle from design to decommissioning (captured in an Algorithm Risk Assessment)
Employment Impact Assessment
analysis, prepared by a reputable third party, which examines the projected job losses from an increase in automation
Entry Breach Protocol
procedure detailing the required physical human response to entry breach events, malicious and otherwise
Escorted
act of an employee or group of employees accompanying a visitor for guidance and protection of valuable or sensitive assets
Ethical Choice
awareness of a set of options to be made In the context of automated and intelligent systems, using a set of principles and rules concerning moral obligations and regards for the rights of humans and for nature, which may be specified by a given profession or group. The result, outcome or judgment is made using a shared moral framework. or set of moral principles based upon the entity’s Code of Ethics
Ethics Committee
a group of persons trained in Algorithm Ethics and Ethical Choice, guided by the Code of Ethics and Code of Data Ethics, which they create and maintain on behalf of the organisation. The Ethics Committee is responsible for all instance of Ethical Choice related to AI, algorithmic and autonomous systems and producing the Ethical Risk Analysis
Ethics Curriculum
body of work highlighted for teaching the nuance and process for including ethics and ethical thinking into the design and implementation of autonomous systems - SEE CURRICULUM TAB
#Explainability
Explainability plus
a human-centric process by which a Data Subject or user is helped to understand the decision making process and educated on how they could have earned a favourable result from the system, in order to improve their interaction, their outcome or their satisfaction
External Contacts
person or organization that is not an employee or retained contractor of the entity
Fail Safe
locking device that unlocks the entry portal if power fails and requires the continuous application of power to stay locked.
Fail Secure
locking device that locks the entry portal if power fails and requires the application of power to unlock the door
Field of Vision
data input from an Augmented Reality system which is provided by the user as a function of their reality, location, activities and interactions, treated as a user generated data input
GDPR
General Data Protection Regulation, passed by the EU and put into effect in 2018, governs certain rights and principles around personal data for individuals GDPR.EU
Genetic Data
means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question;
Governance
structure of rules, practices, and processes used to direct, manage and oversee an entity
Membership Inference
data mining technique designed to analyzing data in order to uncover Personal Data, Sensitive Personal Data or PII
Key Words
natural language words, spoken or typed, which may be read by a system and trigger a recording protocol or flagging protocol
Key Performance Indicators (KPIs)
measurements indicated in advance to determine the success or failure of an algorithmic model to achieve its purposes
Jurisdiction
geographic area containing a defined legal authority
Joint Risk Assessment
specific risk assessment using DPIAs and all relevant risk inputs to determine incompatibilities, gaps or insufficiencies that arise from duty designations, interfaces and the collective responsibilities of data protection to Data Subject
Intruder Detection
process of detecting unauthorized access to a Physical Space, for example jumping a barrier, forcing open a gate, or tailgating through an open gate
Information & Communication Technologies (ICT)
all technologies and services involved in computing, data management, telecommunications provision, and the internet.
Information Quality
the quality of the content of AI, algorithm or autonomous systems that is representative of the fitness for use (scope, nature, context and purpose). It refers to accuracy of data in representing ground truth and relevance of the data for the slated scope, nature, context and purpose
Inference
assumption or conclusion reached by a data processing algorithm, which may not be treated as fact and shall be labelled as such.
Independent Governance
independent means not influenced or controlled by others in matters of opinion, conduct, etc.; thinking or acting for oneself. Members of the governance body must not be affiliated with the entity providing the tracing systems. Further, if the government is the implementing authority, the independent panel shall represent the people and have the means to be transparent, hear from and interact with the people of the Jurisdiction. Governance means supervision; watchful care and the authority to call for change
Identity and Access Management (IAM)
framework of business processes, policies and technologies that facilitates the management of electronic or digital identities. With an IAM framework in place, information technology (IT) managers can control user access to critical information within their organizations. Systems used for IAM include single sign-on systems, two-factor authentication, multifactor authentication and privileged access management. These technologies also provide the ability to securely store identity and profile data as well as data governance functions to ensure that only data that is necessary and relevant is shared.
ICO’s Target Age Range Guide
0-5: Pre-literate and early literacy, 6-9 core primary school years, 10-12 transition years, 13-15 early teens, 16-17 approaching adulthood
Human-on-the-loop
human supervision and/or control of AI, algorithmic or autonomous systems, however the system is able to conclude processing without the need for human intervention
Human-in-the-loop
any model that is unable to offer an answer or conclude processing without human intervention
Hate Speech
abusive language specifically attacking a person or persons because of their race, color, religion, ethnic group, gender, or sexual orientation
Guardian
person of legal age and ability who can act on behalf of a Child, Child Who Cannot Consent, or Disabled person
Geolocation
process of finding, determining and providing the exact location of a computer, networking device or equipment
Primary Consideration
something to be treated with equal importance as shareholder value and/or other inherent interests of the organisation when weighing or balancing tensions and Trade-offs. This shall not prejudice the rights of another Child
Preferential Treatment
output where a reasonable person can argue that one Data Subject is offered better or improved circumstances, prices, economic benefits or measurable advantage over another Data Subject
Population Parameters
realized statistical properties of a dataset with respect to Protected Category Variables.
Personally Identifiable Information (PII)
representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means
Personal Data
any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to their physical, physiological, mental, economic, cultural or social identity. Personal Data may be a collective term encompassing specialised terms such as Inferences, Proxy Variables, and Special Category Data
Penetration Testing
testing technique aiming to exploit security vulnerabilities (known or unknown) to gain unauthorised access
Parental Controls
features which may be included in systems (such as digital television services, computer and video games, mobile devices and software) that allow parents to restrict the access of content to their children. These controls were created to assist parents in their ability to restrict certain content viewable by their children
#Parent
Opt-In Diagram
cartoon or simplified visual representation of the interfaces with an entity that is contributing data to a system with an explanation of choice and disclosure at the interface
Opt Out or Opts-out
having the characteristic of individual choice, free from coercion to leave a service or data collection process
Opt-In
having the characteristic of individual choice free from coercion or persuasion
Online Service
a service that is accessible by a Child through the internet
Nudging
concept in behavioral economics, political theory, and behavioral sciences which proposes positive reinforcement and indirect suggestions as ways to influence the behavior and decision making of groups or individuals.
Network Provider
entity which delivers the signal between a device and the database, or the database and the Contact Tracer
Need to know basis
granting of access or permission to information only at the time the Data Subject is deemed by the entity to need to access this information
Necessity Assessment
the determination by an Ethics Committee that AI, algorithmic and autonomous systems are the only or best solution considering a comprehensive set of stakeholders in the context of the lawful basis. Including an analysis and determination of the vital inclusion of each Personal Datum collected and processed by AI, algorithmic and Autonomous system.
#NatureThe forces and processes that influence and control the variables and features. #EU_ACT
#Natural Person
Model Inversion
the process of reverse-engineering Personal Data via the understanding and replication of the algorithmic system and the output
Min/Max Pair
determined by the Ethics Committee, this is lowest reasonable Baseline Population Norm combined with the greatest reasonable Baseline Population Norm
Minor
a person, who has not reached the legislated age of majority for the jurisdiction of their residence (see also Underaged, Child for distinction)
Security Clearance
status granted to individuals allowing them access to classified information (state or organizational secrets) or to restricted areas, after completion of a thorough background check. A clearance by itself is normally not sufficient to gain access; the organization must also determine that the cleared individual needs to know specific information. Jurisdictional differences in terminology and levels apply.
#ScopeThe boundaries of a system, what is covered, what is not covered #EU_ACT
#Restoration Prioritisation Plan
Relevant Legal Frameworks
can contain a broad range of applicable law such as the laws that govern an entity or organisation, that govern the rights and privileges of a Data Subject, that restrict the activities and behaviors of a Data Controller or Data Processor, or put positive obligations upon an entity Note: These include consideration for human rights, equalities and anti-discrimination law, access to goods and services (having due regard to who is included/excluded from such goods and services), Children's law and laws with regard to the platform and/or laws with regard to the sector in and through which the AI (and data processing) is being provided, amongst other risks law, as it applies to Data Subjects, specific to the Jurisdiction of Data Subject being included in the data processing for the audit or certification.
Recommendation Systems
information filtering system that seeks to predict the "rating" or "preference" a user would give to an item to provide preferential ordering and/or appearance
#PurposeThe aim or goal of a system #EU_ACT
Publicly
open to all; open to common use. not limited or restricted to any particular class of the community.
Pseudonymisation
means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person
Protected Variables
data item, that can be directly or indirectly connected to one of the protected categories of people groups, such as Ethnicity, Gender, Age, Ability, Religion, Sexual Orientation
Protected Classes/Categories
defined by jurisdiction legally, may include race, age, gender, religion, ability/disability, sexual orientation, color, nation of origin, socioeconomic class etc.
Proportionality Study
conducted prior to a DPIA, it is a study conducted by the Algorithm Risk Committee to assess tensions and tradeoffs between risks to and sacrifices of, rights and freedoms of individuals or groups balanced against the potential benefits and gains to an individual or group in the context of the Relevant Legal Frameworks
Processor
a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; processes means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or Destruction
Processing
means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements
Profiling
means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements
Privacy Policy
the notification regarding details of data processing to data subjects according to the requirement for Transparency in Article 5(1)a of the UK GDPR and specific requirements in Articles 13.1 and 13.2 and 14.1 and 14.2. Inclusions differ depending on whether personal data is obtained directly or indirectly from Data Subjects and additional details are needed when processing involves joint controllers (Article 26).
Sensitive Personal Data
data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation. (SOURCE:GDPR)
Security Policy
document outlining how to protect the organisation from threats, including technical, organisational and/or socially engineered security threats, and how to handle situations when they do occur
Service Provider
Third-party contracted provider who is supplying critical infrastructure and services to the entity
Social Responsibility
practice of producing goods and services in a way that is not harmful to employees, society or the environment
Special Category Data
data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, Biometric Data, data concerning health or data concerning a natural person's sex life or sexual orientation [SOURCE: UK GDPR]
Specific Children's Risk
a set of risks designated as terms, phrases or definitions designed by a local jurisdiction to indicate special concerns related to the data control or data process of children's data
#Sustantial Public Interest
Surveillance
event or time period during which the activities of a particular individual are observed or documented
Sustainability
managing an entity's activity so that society, its members and its economies are able to meet their needs and express their greatest potential in the present, while preserving biodiversity and natural ecosystems, planning and acting for the ability to maintain these ideals for future generations
System Drawings
diagrams and schedules to show all the information necessary so that the system can be safely operated, maintained, inspected and tested, as far as is reasonably practicable. The drawings should be fully crossreferenced and co-ordinated with the Data Flow Diagram and operation and maintenance manual.
#Tension and trade offs
Time zoning
time periods when an entry system system will allow or disallow entry/exit. Time zoning can be used to simply prevent entry or can generate alarms in the event that a user is within a secured area outside a permitted time. For example time zoning may allow for cleaners to enter between 2000-2400, with access only to non-sensitive areas.
Traceability
the ability to trace a data right back to its origin through documentation, including a chain-of-custody (“paper trail,” physical or otherwise) for data provenance that chronologically records the ownership, viewing, analysis, and transformations of a data record or data sources
Toxic Combination
conflict of system access permissions that allows a user to break the law, violate rules of ethics, damage customers' trust, or even create the appearance of impropriety
Training Data
a subset of testing/validation data to which algorithms are applied seeking the best fit to train a model
Triple Bottom Line
the triple bottom line (TBL) is a framework or theory that recommends that companies commit to focus on social and environmental concerns just as they do on profits.
Underaged
an individual who has not reached a minimum age as defined by corporate policy and requiring a guardian consent (see also Minor, Child for distinction)
Validity Test
refers to how an algorithmic model is tested; to measure how well the test measures real properties, characteristics, and variations in the physical or social world
Verifiable Parental Consent
required under COPPA to make sure parents know what information is shared with who; approved methods can be found on the FTC's website
Virtual Reality (VR)
computer-generated simulation of a three-dimensional image or environment that can be interacted with in a seemingly real or physical way by a person using special electronic equipment, such as a helmet with a screen inside or gloves fitted with sensors.
Welcome Package
documents that are provided to a new hire upon either the acceptance of an offer or accompanying the offer which explain the details of the relationships between the employer and employee
Non-Response Bias
systematic exclusion of a Protected Category group related to that group's inability or reluctance to participate in the gathering of data
Bias
systematic and repeatable errors in a computer system that create unfair outcomes, applied specifically to Protected Categories, Classes or Variable
Cognitive Bias
the way a particular person understands events, facts, and other people, which is based on their own particular set of beliefs and experiences and may not be reasonable or accurate
Component Risk
elements of construction, which may have their own points of failure, such as data pipeline, hardware, software, processors
Component Risk
elements of construction, which may have their own points of failure, such as data pipeline, hardware, software, processors
Concept Drift
the observation that the correlation between the inputs and the outputs of an AI system may change over time, including situations where training data labels change over time.
Consent Risk
failure to assure a chain of custody or appropriate consent for the data processing being conducted
Data Ethics
see Ethics section of the CDO/DPO/DCC
Proxy Variables
the use of second order variables combined with Inferences, designed to associate a Data Subject with Personal Data
Reliability
the extent to which the results can be reproduced when the research is repeated under the same conditions.
Testing Frequency
the rate at which an algorithm has its output compared to acceptable parameters of operation
Validity
the extent to which the results really measure what they are supposed to measure presently and as time passes