Definitions
| Title | Content |
|---|---|
| AAA systems list | list, either by name or other identifier that tracks all distinct AI, algorithmic or Autonomous Systems; |
| Access Policy | policy that informs employees, contractors, partners and other interested parties of requirements to ensure that all necessary physical access security measures are in place to prevent unauthorised access, damage and interference (malicious or otherwise) to the entity's assets; |
| Adult Visuals | violence, Language, Substances, Nudity or Sex as idenitified by the body of work established by the MPAA , or as specified by Ofcom broadcasting rules. |
| Adverse impact | when the selection rate of a Protected Category is below 4/5th or 80% of the highest selection rate |
| Affirmative Action | policies positively supporting members of disadvantaged or underrepresented groups (aka Protected Classes) that have previously suffered discrimination in areas such as education, employment and housing |
| Age-Appropriate | ensuring that where Online Services and Connected Toys and Devices are accessed by Child or a CWCC, The services and content shall be appropriate for the use by Child or CWCC according to the Age Appropriate Policy and meet their development needs according to their age, developmental stage, capacity, and skills |
| Age-Appropriate Policy | a public document outlining the organization’s commitment to Age-Appropriate content and disclosure include the identification of target age ranges per the ICO’s breakdown |
| Appropriate Policy Document | document outlining your compliance measures and retention policies for Special Category Data, including procedures for complying with each principle, retention and Deletion / Destruction policies and the intended retention period https://ico.org.uk/media/for-organisations/documents/2616286/appropriate-policy-document.docx |
| Anti-passback | function that stops a single token being used to enable more than one person to enter a facility or to enter multiple facilities. To prevent ‘passback’ the entry system must not let a token be used to gain access more than once without the token then being registered as having left the area. For a fully secure system, anti-passback and anti-tailgating should be combined to prevent both multiple uses of token and multiple entries on a single token transaction. |
| Algorithmic Risk Assessment | an analysis of all risks associated with the comprehensive lifecycle of an AI, algorithmic or autonomous system, not covered by the TEC AT-Risk report, the Ethical Risk Analysis, the AI Governance Assessment and the Systemic Societal Impact Analysis |
| Algorithm List | list, either by name or by algorithm itself, of all algorithms used to compile a system, if the algorithm or the data set contain even a single variable of a Protected Category/Class/Variable |
| Algorithmic Risk(s) | risks and associated definition listed in Appendix B.2 |
| Algorithmic Risk Analysis | alysis and hierarchical comparison, prepared by a diverse team of assessors, designed to analyse the likelihood and severity of consequences to stakeholders and to the market for your algorithmic system incorporating feedback as appropriate. When severity and likelihood remain high, resulting in the overall risk of data processing remaining high, then the data processor shall consult directly with the data protection authority prior to beginning any data processing. |
| Algorithmic Risk Committee (ARC) | group of employees (or outsourced expert group) tasked with assuring that all algorithms and autonomous systems have taken the necessary steps to identify, remediate, explain and disclose all instances of Algorithmic Risk |
| Automatic Threat Recognition (ATR) | ATR software interprets physical items or human body scan data, to identify areas where items may be concealed. These areas are flagged on a standardised display, to indicate to a security officer areas to perform a manual search. |
| Authentic/ Authenticity | worthy of acceptance or belief as conforming to or based on fact |
| Anti-tailgating | function of an entry system that enforces ‘one transaction one entry’. For a fully secure system, anti-passback and anti-tailgating should be combined to prevent both multiple uses of token and multiple entries on a single token transaction. |
| AR/VR Identity Data | subset of Personal Data and Sensitive Personal Data, this refers to unique capture of identity such as retinal scans, eye movements/reactions, fingerprints, voiceprints, hand and face geometry, electrical muscle activity, heart-rate, skin response, and head position (similar to Biometric Data) |
| Augmented Reality (AR) | technology that superimposes a computer-generated image on a user's view of the real world, thus providing a composite view |
| #Auditor | |
| Artificial Intelligence | autonomous machine or software that replaces a function or task of the human brain |
| Automation | robotics, cybernetics, machine or software that replaces a task previously performed by a human, generally for the purpose of increased efficiency, quality, or reduced cost |
| B-Corp | in the United States, a benefit corporation (or in several jurisdictions including Delaware, a public-benefit corporation or PBC) is a type of for-profit corporate entity, that includes positive impact on society, workers, the community and the environment in addition to profit as its legally defined goals, in that the definition of "best interest of the corporation" is specified to include those impacts. |
| Autonomous System | self-governing system, which operates without the need for human intervention from start to finish, except for pre-start inputs and design plus maintenance, recalibration, retasking and repair |
| #Accountability | |
| Commissioning Documentation | drawings and manuals covering the installation, operation and maintenance of a system that are provided to the person responsible for maintenance and operation of the system on the site |
| Code of Ethics | is a set of principles and rules concerning moral obligations and regards for the rights of humans and nature, which may be specified by a given profession or group |
| Code of Data Ethics | set of guidelines, principles and procedures by which data is acquired, analyzed, processed, adjusted, compiled or otherwise sold, traded or shared with other entities |
| Child-Friendly | to present information using diagrams, cartoons, graphics, video and audio content, and gamified or interactive content that will attract and interest Children, rather than relying solely on written communications |
| Child's Data Oversight Committee (CDOC) | group of employees (or outsourced expert group) tasked with reviewing all aspects of data collection, risk and procedures associated with data related to Children or Minors for the jurisdiction |
| Children's Core Interests | from the UNCRC (The United Nation's Convention on the Rights of the Child) provisions, the Best Interests of the Child include but are not limited to safety, health, wellbeing, family relationships, physical, psychological and emotional development, identity, freedom of expression, privacy, and agency to form their own views |
| Child(ren) | individual under the age of 13, Children is the plural (Source:COPPA) |
| Chief Data Officer | individual responsible for all data policies and compliance with data and privacy laws |
| #Carer | |
| Business Continuity Plan (BCP) | scheme that describes a system of prevention and recovery from potential threats to a company, ensuring that personnel and assets are protected and are able to function quickly in the event of a discontinuity, threat or disaster. The BCP is integrated with a Contingency plan and restoration prioritisation plan |
| Bullying | an intentional act that causes harm to others, and may involve verbal harassment, verbal or non-verbal threats, physical assault, stalking, or other methods of coercion such as manipulation, blackmail, or extortion. |
| Biometric Data | personal data resulting from specific technical processing relating to the physical, physio- logical or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data; |
| Bias Remediation Policy | a policy formed in accordance with Relevant Legal Frameworks, equality and anti-discrimination law that considers the scope, nature, context and purpose of the AI, algorithmic and autonomous system. Encompassing processes such as data inputs, architectural inputs and outcomes and taking note of the Data Quality, Information Quality and Pipeline Quality to identify: a) Metrics, thresholds and procedures designed to consider data prior to processing b) Metrics, threshold and procedures to examine architectural inputs for Bias c) Metrics, thresholds and procedure to examine outputs for fairness and compliance with Relevant Legal Framework d) Procedures for evaluation of Pipeline Quality, Human-in/on-the-Loop interfaces e) Procedure for evaluation of Cognitive and Non-Response Bias f) Frequency of review (a) thru (e) |
| Baseline Population Norm | statistical expectations made by a reasonable person for the appropriate representation of the Protected Variables in a data training set with the defined Population Parameters |
| A Primary Consideration | something to be treated with equal importance as shareholder value and/or other inherent interests of the organisation when weighing or balancing tensions and Trade-offs. This shall not prejudice the rights of another Child |
| Commissioning Tests | tests to assess the functionality and performance of a system to ensure it is installed correctly and performs to the required specification |
| Conditioning | process of changing behavior by rewarding or punishing a subject each time an action is performed until the subject associates the action with pleasure or distress |
| Data Protection Impact Assessment | consistent with GDPR, it is a tool for examining the purpose of an algorithm, kinds of data required and collected, who has access to the data in your organization and any Service Providers who might have access |
| Data Poisoning | an adversarial attack targeted at training, testing/validation, Data Quality, Information Quality, Pipeline Data in an attempt to render the data useless or alter/damage the model’s ability to achieve its scope, nature, context and purpose potentially altering outputs in favour of the adversary. Intentional subversion of Data Quality |
| Data Portability | ability to move, copy or transfer data easily from one database, storage or IT environment to another. These same data copy/transfer rules apply between companies and/or services |
| Data Minimisation | limiting data collection to only what is required to fullfill a specific purpose. |
| Data Input Calibration | process of examining training and processing data with respect to Population Parameters, Population Baseline Norms, cognitive bias, accessibility bias, Data Entry Point Attacks |
| Data Flow Diagram | cartoon or graphic which visually represents all inputs for data collection and locations where data is captured in a database or may leave the system with export interfaces, including notation where processing effects individuals and consent has been granted. The Data Flow Diagram shall include a systematic description of the processing activity, including data flows and stages when AI process any automated decision that may produce effects on individuals. The Data Flow Diagram should also track the jurisdictional location of data and when those data flows move between entities and their relevant jurisdictions, including internal data flows. The Data Flow Diagram should be reviewed and maintained throughout the lifespan of the algorithmic system. |
| Data Entry Point Attacks | vulnerabilities and attacks associated with the data used for training and processing data, where the adversary manipulates the data in order to attack, alter or otherwise corrupt the intended purpose, scope and nature of the algorithmic system (e.g., data poisoning, model inversion, model evasion) |
| Data Control Policy | document produced by the entity, which details all corporate policies with regards to Personal Data and/or PII. Includes definitions, procedures, controls, plans for review, plans for amendments, procedures for change and amendments |
| Data Class/(Data Classification) | group of data with common principles (to group data with common principles) |
| Data Control Committee (DCC) | group of three or more people, who are entrusted with the same responsibilities as the Chief Data Officer, in support of the Chief Data Officer or Data Protection Officer (DPO) |
| D&O | directors and Officers insurance, liability insurance payable to the directors and officers of a company, or to the organization itself, as indemnification for losses or advancement of defense costs in the event an insured suffers such a loss as a result of a legal action brought for alleged wrongful acts in their capacity as directors and officers |
| Controller | means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (but see section 6 of the 2018 Act); |
| Contingency Plan | a plan to make the system inaccessible and unavailable, or to continue processing, in the context of a security related event |
| #Context | The circumstances in which an event occurs; including jurisdiction and/or location, behaviour and functional inputs to an AAA System that are appropriate #EU_ACT |
| Consent UK GDPR | used as a lawful basis specified in Article 6(1)a of the UK GDPR. Meeting all requirements in that regulation, including enhanced requirements for Consent for Children in Article 8 UK GDPR and Consent for use of Special Category Data, supplemented by requirements in Article 9 |
| Consent | consent to processing personal data is only lawful and effective if provided by a Child Who Cannot Consent/Child of the age of 13 years and above |
| Connected Toys and Devices | which are connected to the internet. They are physical products that are supported by the functionality provided through internet or network connection |
| Data Protection Policy | document produced by the entity, which details all corporate policies with regards to Personal Data and/or PII. Includes definitions, procedures, controls, plans for review, procedures for change, amendments, security and records management, retention policies, integrated with the Business Continuity Plan, Data Security Plan and Security Plan specific scope, nature, context and purpose while limiting accessibility and storage to only necessary persons for processing, including the regular Deletion and Destruction of unnecessary data, all integrated with the Business Continuity Plan, Data Security Plan and Security Plan |
| Data Protection Officer (DPO) | ensures, in an independent manner, that an organisation applies the laws protecting individuals' personal data. The designation, position and tasks of a DPO within an organisation are described in Articles 37, 38 and 39 of the European Union (EU) General Data Protection Regulation (GDPR). |
| Data Quality | the quality of data that makes it representative and aligned to the scope, nature, context and purpose of the intended use as applicable to an algorithm. Quality of data refers to data that is reasonably and sufficiently relevant, complete and free from errors in aggregation, annotation, maintenance, enrichment, ground truth constructive (inference or proxy or causative), correct syntax, sampling and training-test split as appropriate to the specific domain and/or industry context from reasonably calibrated sources |
| Data Security Policy | process of protecting files, databases, and accounts on a network by adopting a set of controls, applications, and techniques that identify the relative importance of different datasets, their sensitivity, regulatory compliance requirements and then applying appropriate protections to secure those resources. |
| Data Subject | means an identifiable natural person who can be identified, directly or indirectly, in particular by referencing an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person |
| Data Subject Access Requests (DSAR) | a process that is transparent, concise, intelligible and easily accessed using clear and plain language in written or where appropriate in electronic form, to handle requests to exercise one or more of the Data Subject rights detailed in UK GDPR articles 15 to 22, including the right of access, right to rectification, right to erasure, right to restriction of processing, the notification obligation, right to portability and right to object. |
| Data Transparency Document | a public report created by the Algorithm Risk Committee designed to collect and document Publicly all relevant steps taken by the Ethics Committee and the Algorithm Risk Committee to mitigate risk of Bias, Data Quality, Information Quality and Pipeline Quality in data sets both prior to processing |
| De-Anonymization | the practice of willfully processing aggregate anonymized data for the purposes of re-identifying individual persons specifically regardless of the rationale or merit. De-Anonymizations does not include security tests which are designed with the knowledge of the owner and anonymizer of the aggregate data to verify the quality and security of the anonymization process |
| Deletion | (delete) in the context of data, is when data is removed and is no longer available in plain sight or can easily be recovered |
| Destruction | (destroy) in the context of data, is when data is removed from your device and can never be restored, even be professional data recovery experts |
| Digital | characterized by electronic and especially computerized technology |
| Disabled Person | person who has an impairment that substantially limits one or more major life activites |
| #Disaster Recovery | |
| Disparate Impact | a legal doctrine which declares that a policy can be considered discriminatory if it “adversely impacts” a group based on that group’s traits, such as its race, color, religion, or sex. |
| Diverse Inputs and Multi Stakeholder Feedback | as accepted by the Ethics Committee in compliance with the Code of Ethics and/or a diversity policy, it is a collection of individuals noteworthy by their myriad representation of lived experience, background, and culture, diversity of thought process, skills and expertise, and representation of protected categories and intersection thereof. This group is used for risk inputs, risk evaluation, assessment of foreseen misuse and this evaluation occurs throughout the algorithmic lifecycle from design to decommissioning (captured in an Algorithm Risk Assessment) |
| Employment Impact Assessment | analysis, prepared by a reputable third party, which examines the projected job losses from an increase in automation |
| Entry Breach Protocol | procedure detailing the required physical human response to entry breach events, malicious and otherwise |
| Escorted | act of an employee or group of employees accompanying a visitor for guidance and protection of valuable or sensitive assets |
| Ethical Choice | awareness of a set of options to be made In the context of automated and intelligent systems, using a set of principles and rules concerning moral obligations and regards for the rights of humans and for nature, which may be specified by a given profession or group. The result, outcome or judgment is made using a shared moral framework. or set of moral principles based upon the entity’s Code of Ethics |
| Ethics Committee | a group of persons trained in Algorithm Ethics and Ethical Choice, guided by the Code of Ethics and Code of Data Ethics, which they create and maintain on behalf of the organisation. The Ethics Committee is responsible for all instance of Ethical Choice related to AI, algorithmic and autonomous systems and producing the Ethical Risk Analysis |
| Ethics Curriculum | body of work highlighted for teaching the nuance and process for including ethics and ethical thinking into the design and implementation of autonomous systems - SEE CURRICULUM TAB |
| #Explainability | |
| Explainability plus | a human-centric process by which a Data Subject or user is helped to understand the decision making process and educated on how they could have earned a favourable result from the system, in order to improve their interaction, their outcome or their satisfaction |
| External Contacts | person or organization that is not an employee or retained contractor of the entity |
| Fail Safe | locking device that unlocks the entry portal if power fails and requires the continuous application of power to stay locked. |
| Fail Secure | locking device that locks the entry portal if power fails and requires the application of power to unlock the door |
| Field of Vision | data input from an Augmented Reality system which is provided by the user as a function of their reality, location, activities and interactions, treated as a user generated data input |
| GDPR | General Data Protection Regulation, passed by the EU and put into effect in 2018, governs certain rights and principles around personal data for individuals GDPR.EU |
| Genetic Data | means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question; |
| Governance | structure of rules, practices, and processes used to direct, manage and oversee an entity |
| Membership Inference | data mining technique designed to analyzing data in order to uncover Personal Data, Sensitive Personal Data or PII |
| Key Words | natural language words, spoken or typed, which may be read by a system and trigger a recording protocol or flagging protocol |
| Key Performance Indicators (KPIs) | measurements indicated in advance to determine the success or failure of an algorithmic model to achieve its purposes |
| Jurisdiction | geographic area containing a defined legal authority |
| Joint Risk Assessment | specific risk assessment using DPIAs and all relevant risk inputs to determine incompatibilities, gaps or insufficiencies that arise from duty designations, interfaces and the collective responsibilities of data protection to Data Subject |
| Intruder Detection | process of detecting unauthorized access to a Physical Space, for example jumping a barrier, forcing open a gate, or tailgating through an open gate |
| Information & Communication Technologies (ICT) | all technologies and services involved in computing, data management, telecommunications provision, and the internet. |
| Information Quality | the quality of the content of AI, algorithm or autonomous systems that is representative of the fitness for use (scope, nature, context and purpose). It refers to accuracy of data in representing ground truth and relevance of the data for the slated scope, nature, context and purpose |
| Inference | assumption or conclusion reached by a data processing algorithm, which may not be treated as fact and shall be labelled as such. |
| Independent Governance | independent means not influenced or controlled by others in matters of opinion, conduct, etc.; thinking or acting for oneself. Members of the governance body must not be affiliated with the entity providing the tracing systems. Further, if the government is the implementing authority, the independent panel shall represent the people and have the means to be transparent, hear from and interact with the people of the Jurisdiction. Governance means supervision; watchful care and the authority to call for change |
| Identity and Access Management (IAM) | framework of business processes, policies and technologies that facilitates the management of electronic or digital identities. With an IAM framework in place, information technology (IT) managers can control user access to critical information within their organizations. Systems used for IAM include single sign-on systems, two-factor authentication, multifactor authentication and privileged access management. These technologies also provide the ability to securely store identity and profile data as well as data governance functions to ensure that only data that is necessary and relevant is shared. |
| ICO’s Target Age Range Guide | 0-5: Pre-literate and early literacy, 6-9 core primary school years, 10-12 transition years, 13-15 early teens, 16-17 approaching adulthood |
| Human-on-the-loop | human supervision and/or control of AI, algorithmic or autonomous systems, however the system is able to conclude processing without the need for human intervention |
| Human-in-the-loop | any model that is unable to offer an answer or conclude processing without human intervention |
| Hate Speech | abusive language specifically attacking a person or persons because of their race, color, religion, ethnic group, gender, or sexual orientation |
| Guardian | person of legal age and ability who can act on behalf of a Child, Child Who Cannot Consent, or Disabled person |
| Geolocation | process of finding, determining and providing the exact location of a computer, networking device or equipment |
| Primary Consideration | something to be treated with equal importance as shareholder value and/or other inherent interests of the organisation when weighing or balancing tensions and Trade-offs. This shall not prejudice the rights of another Child |
| Preferential Treatment | output where a reasonable person can argue that one Data Subject is offered better or improved circumstances, prices, economic benefits or measurable advantage over another Data Subject |
| Population Parameters | realized statistical properties of a dataset with respect to Protected Category Variables. |
| Personally Identifiable Information (PII) | representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means |
| Personal Data | any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to their physical, physiological, mental, economic, cultural or social identity. Personal Data may be a collective term encompassing specialised terms such as Inferences, Proxy Variables, and Special Category Data |
| Penetration Testing | testing technique aiming to exploit security vulnerabilities (known or unknown) to gain unauthorised access |
| Parental Controls | features which may be included in systems (such as digital television services, computer and video games, mobile devices and software) that allow parents to restrict the access of content to their children. These controls were created to assist parents in their ability to restrict certain content viewable by their children |
| #Parent | |
| Opt-In Diagram | cartoon or simplified visual representation of the interfaces with an entity that is contributing data to a system with an explanation of choice and disclosure at the interface |
| Opt Out or Opts-out | having the characteristic of individual choice, free from coercion to leave a service or data collection process |
| Opt-In | having the characteristic of individual choice free from coercion or persuasion |
| Online Service | a service that is accessible by a Child through the internet |
| Nudging | concept in behavioral economics, political theory, and behavioral sciences which proposes positive reinforcement and indirect suggestions as ways to influence the behavior and decision making of groups or individuals. |
| Network Provider | entity which delivers the signal between a device and the database, or the database and the Contact Tracer |
| Need to know basis | granting of access or permission to information only at the time the Data Subject is deemed by the entity to need to access this information |
| Necessity Assessment | the determination by an Ethics Committee that AI, algorithmic and autonomous systems are the only or best solution considering a comprehensive set of stakeholders in the context of the lawful basis. Including an analysis and determination of the vital inclusion of each Personal Datum collected and processed by AI, algorithmic and Autonomous system. |
| #Nature | The forces and processes that influence and control the variables and features. #EU_ACT |
| #Natural Person | |
| Model Inversion | the process of reverse-engineering Personal Data via the understanding and replication of the algorithmic system and the output |
| Min/Max Pair | determined by the Ethics Committee, this is lowest reasonable Baseline Population Norm combined with the greatest reasonable Baseline Population Norm |
| Minor | a person, who has not reached the legislated age of majority for the jurisdiction of their residence (see also Underaged, Child for distinction) |
| Security Clearance | status granted to individuals allowing them access to classified information (state or organizational secrets) or to restricted areas, after completion of a thorough background check. A clearance by itself is normally not sufficient to gain access; the organization must also determine that the cleared individual needs to know specific information. Jurisdictional differences in terminology and levels apply. |
| #Scope | The boundaries of a system, what is covered, what is not covered #EU_ACT |
| #Restoration Prioritisation Plan | |
| Relevant Legal Frameworks | can contain a broad range of applicable law such as the laws that govern an entity or organisation, that govern the rights and privileges of a Data Subject, that restrict the activities and behaviors of a Data Controller or Data Processor, or put positive obligations upon an entity Note: These include consideration for human rights, equalities and anti-discrimination law, access to goods and services (having due regard to who is included/excluded from such goods and services), Children's law and laws with regard to the platform and/or laws with regard to the sector in and through which the AI (and data processing) is being provided, amongst other risks law, as it applies to Data Subjects, specific to the Jurisdiction of Data Subject being included in the data processing for the audit or certification. |
| Recommendation Systems | information filtering system that seeks to predict the "rating" or "preference" a user would give to an item to provide preferential ordering and/or appearance |
| #Purpose | The aim or goal of a system #EU_ACT |
| Publicly | open to all; open to common use. not limited or restricted to any particular class of the community. |
| Pseudonymisation | means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person |
| Protected Variables | data item, that can be directly or indirectly connected to one of the protected categories of people groups, such as Ethnicity, Gender, Age, Ability, Religion, Sexual Orientation |
| Protected Classes/Categories | defined by jurisdiction legally, may include race, age, gender, religion, ability/disability, sexual orientation, color, nation of origin, socioeconomic class etc. |
| Proportionality Study | conducted prior to a DPIA, it is a study conducted by the Algorithm Risk Committee to assess tensions and tradeoffs between risks to and sacrifices of, rights and freedoms of individuals or groups balanced against the potential benefits and gains to an individual or group in the context of the Relevant Legal Frameworks |
| Processor | a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; processes means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or Destruction |
| Processing | means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements |
| Profiling | means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements |
| Privacy Policy | the notification regarding details of data processing to data subjects according to the requirement for Transparency in Article 5(1)a of the UK GDPR and specific requirements in Articles 13.1 and 13.2 and 14.1 and 14.2. Inclusions differ depending on whether personal data is obtained directly or indirectly from Data Subjects and additional details are needed when processing involves joint controllers (Article 26). |
| Sensitive Personal Data | data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation. (SOURCE:GDPR) |
| Security Policy | document outlining how to protect the organisation from threats, including technical, organisational and/or socially engineered security threats, and how to handle situations when they do occur |
| Service Provider | Third-party contracted provider who is supplying critical infrastructure and services to the entity |
| Social Responsibility | practice of producing goods and services in a way that is not harmful to employees, society or the environment |
| Special Category Data | data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, Biometric Data, data concerning health or data concerning a natural person's sex life or sexual orientation [SOURCE: UK GDPR] |
| Specific Children's Risk | a set of risks designated as terms, phrases or definitions designed by a local jurisdiction to indicate special concerns related to the data control or data process of children's data |
| #Sustantial Public Interest | |
| Surveillance | event or time period during which the activities of a particular individual are observed or documented |
| Sustainability | managing an entity's activity so that society, its members and its economies are able to meet their needs and express their greatest potential in the present, while preserving biodiversity and natural ecosystems, planning and acting for the ability to maintain these ideals for future generations |
| System Drawings | diagrams and schedules to show all the information necessary so that the system can be safely operated, maintained, inspected and tested, as far as is reasonably practicable. The drawings should be fully crossreferenced and co-ordinated with the Data Flow Diagram and operation and maintenance manual. |
| #Tension and trade offs | |
| Time zoning | time periods when an entry system system will allow or disallow entry/exit. Time zoning can be used to simply prevent entry or can generate alarms in the event that a user is within a secured area outside a permitted time. For example time zoning may allow for cleaners to enter between 2000-2400, with access only to non-sensitive areas. |
| Traceability | the ability to trace a data right back to its origin through documentation, including a chain-of-custody (“paper trail,” physical or otherwise) for data provenance that chronologically records the ownership, viewing, analysis, and transformations of a data record or data sources |
| Toxic Combination | conflict of system access permissions that allows a user to break the law, violate rules of ethics, damage customers' trust, or even create the appearance of impropriety |
| Training Data | a subset of testing/validation data to which algorithms are applied seeking the best fit to train a model |
| Triple Bottom Line | the triple bottom line (TBL) is a framework or theory that recommends that companies commit to focus on social and environmental concerns just as they do on profits. |
| Underaged | an individual who has not reached a minimum age as defined by corporate policy and requiring a guardian consent (see also Minor, Child for distinction) |
| Validity Test | refers to how an algorithmic model is tested; to measure how well the test measures real properties, characteristics, and variations in the physical or social world |
| Verifiable Parental Consent | required under COPPA to make sure parents know what information is shared with who; approved methods can be found on the FTC's website |
| Virtual Reality (VR) | computer-generated simulation of a three-dimensional image or environment that can be interacted with in a seemingly real or physical way by a person using special electronic equipment, such as a helmet with a screen inside or gloves fitted with sensors. |
| Welcome Package | documents that are provided to a new hire upon either the acceptance of an offer or accompanying the offer which explain the details of the relationships between the employer and employee |
| Non-Response Bias | systematic exclusion of a Protected Category group related to that group's inability or reluctance to participate in the gathering of data |
| Bias | systematic and repeatable errors in a computer system that create unfair outcomes, applied specifically to Protected Categories, Classes or Variable |
| Cognitive Bias | the way a particular person understands events, facts, and other people, which is based on their own particular set of beliefs and experiences and may not be reasonable or accurate |
| Component Risk | elements of construction, which may have their own points of failure, such as data pipeline, hardware, software, processors |
| Component Risk | elements of construction, which may have their own points of failure, such as data pipeline, hardware, software, processors |
| Concept Drift | the observation that the correlation between the inputs and the outputs of an AI system may change over time, including situations where training data labels change over time. |
| Consent Risk | failure to assure a chain of custody or appropriate consent for the data processing being conducted |
| Data Ethics | see Ethics section of the CDO/DPO/DCC |
| Proxy Variables | the use of second order variables combined with Inferences, designed to associate a Data Subject with Personal Data |
| Reliability | the extent to which the results can be reproduced when the research is repeated under the same conditions. |
| Testing Frequency | the rate at which an algorithm has its output compared to acceptable parameters of operation |
| Validity | the extent to which the results really measure what they are supposed to measure presently and as time passes |