Variances in Privacy Terminology Due to “Legal Speak”
Privacy terminology not only differs in each country, but it can vary from company to company, no matter where they’re located.
The precursor to a full-blown privacy impact assessment (PIA) is sometimes referred to as a Privacy Threshold Analysis (PTA), and other times, a pre-PIA.
The same process in Germany is commonly called a Light PIA, in Canada, it’s called a Screening, and some American companies call it a Privacy Threshold Review (PTR) or simply describe it as: Initial Screening Questions.
With so many ways to designate the same action, it’s a wonder how the privacy industry aligns on terminology. Truth is, the global privacy industry can’t authorize one universal language, which is why each process has so many different names.
One likely explanation for the incongruent privacy lexicon is geographic diversity, but this logic doesn’t quite justify why Personally Identifiable Information (PII) is also called Sensitive Personal Information (SPI) in the U.S.
Not all abbreviations are equivalent, and, for legal purposes, the definitions vary depending on jurisdiction and the purpose(s) for which the term is being used, which only serves to make things even more confusing.
Perhaps the brilliant legal minds who helm the global privacy industry aren’t bothered by the contrasting terms, because they’re so accustomed to reading complex legal documents that are rife with indistinguishable verbiage.
Lawyers often rely on older documents to use as the models for new ones, and because those documents use different terms, there’s no easy way to consolidate them, and thus the vicious cycle continues.
Fortunately, the IAPP offers a permanent online glossary, committed to defining the privacy industry’s most notable acronyms and procedures.
Other international glossary resources: