Common Acronyms in the Data Privacy Industry

March 2, 2021

The data privacy industry is full of acronyms and initialisms. In addition to general data privacy industry acronyms like PII for personally identifiable information, there are many regulation-specific terms, as well.

For example, the General Data Protection Regulation (GDPR) in the European Union (EU) has terms like EDPS for European Data Protection Supervisor, while the United States has terms like COPPA for the Children’s Online Privacy Protection Act. There are also technological acronyms such as URL for uniform resource locator or advertising acronyms like DSP for demand side platform, which many data privacy professionals will encounter in their day-to-day work. 

List of common data privacy acronyms 

Below is a list of common acronyms in alphabetical order that data privacy professionals may come across in their work.

Acronym Name
2FA Two-factor authentication
AI Artificial intelligence
AML Anti-money laundering
APA Administrative Procedure Act (US)
APEC Asia-Pacific Economic Cooperation
API Application Program Interface
APPI Act on the Protection of Personal Information (Japan)
BCR Binding corporate rules
BSA Bank Secrecy Act of 1970 (US)
BYOD Bring your own device
CalOPPA California Online Privacy Protection Act
CAN-SPAM Controlling the Assault of Non-Solicited Pornography and Marketing Act
CCPA California Consumer Privacy Act (US-California)
CCTV Closed circuit television
CDP Customer data platform
CDPA Consumer Data Privacy Act (US-Virginia)
CFIPA California Financial Information Privacy Act
CFPB Consumer Financial Protection Bureau
CFTC Commodity Futures Trading Commission
CIA Triad Confidentiality, integrity, availability triad
CIAM Customer identity and access management
CID Civil investigative demand
CIPM Certified Information Privacy Manager
CIPP-A Certified Information Privacy Professional - Asia
CIPP-C Certified Information Privacy Professional - Canada
CIPP-E Certified Information Privacy Professional - Europe
CIPP-US Certified Information Privacy Professional - United States
CIPT Certified Information Privacy Technologist
CMP Consent management platform
CNIL Commission Nationale de l'informatique et des Libertés (France)
CNPD Commission Nationale pour la Protection des Données, National Data Protection Commission (Luxembourg)
COBRA Consolidated Omnibus Budget Reconciliation Act
COIT Consumerization of information technology
COPPA Children’s Online Privacy Protection Act
CPA Colorado Privacy Act (US-Colorado)
CPEA Cross-border Privacy Enforcement Arrangement
CPNI Customer Proprietary Network Information
CPO Chief privacy officer
CPPA Consumer Privacy Protection Act (Canada)
CPRA California Privacy Rights Act (US-California)
CSA Canadian Standards Association
CSS Cascading style sheets
DAA Digital Advertising Alliance
DHS Department of Homeland Security (US)
DLP Data loss prevention
DNC Do not call registry
DNPDP Dirección Nacional de Protección de Datos Personales (Argentina)
DNT Do not track for opt-out of web-usage tracking
DOE Department of Energy (US)
DOL Department of Labor (US)
DOT Department of Transportation (US)
DPA Data Protection Authority
DPIA Data Protection Impact Assessment
DPO Data Protection Officer
DQA Data Quality Act
DSAR Data Subject Access Request
DSP Demand side platform
DSR Data Subject Request
ECHR European Convention of Human Rights
ECJ European Court of Justice
ECPA Electronic Communications Privacy Act
ECtHR European Court of Human Rights
EDPB European Data Protection Board
EDPS European Data Protection Supervisor
EEA European Economic Area
EEOC Equal Employment Opportunity Commision (US)
EHR Electronic Health Records
EMM Enterprise mobility management
ePHI Electronic protected health information
ERISA Employee Retirement Income Security Act
EUFRA European Union Agency for Fundamental Rights
EULA End user license agreement
FACTA Fair and Accurate Credit Transactions Act (US)
FATCA Foreign Account Tax Compliance Act of 2010
FCC Federal Communications Commission (US)
FCRA Fair Credit Reporting Act (US)
FDIC Federal Deposit Insurance Corporation
FERPA Family Educational Rights and Privacy Act
FI Financial institution
FinCEN Financial Crimes Enforcement Network (US)
FIP Fellow of Information Privacy designation
FIP Fair Information Practice
FIPP Fair Information Privacy Practice
FISA Foreign Intelligence Surveillance Act
FLSA FLSA (Fair Labor Standards Act
FMLA Family Medical Leave Act
FOIA Freedom of Information Act (US)
FPCA Family Policy Compliance Officer
FTC Federal Trade Commission
GAN Generative adversarial network
GAPP Generally accepted privacy principles
GDPR General Data Protection Regulation (European Union)
GINA Genetic Information Nondiscrimination Act (US)
GLBA Gramm-Leech-Billey Act (USA)
GPEN Global Privacy Enforcement Network
GUID Globally unique identifier
HHS US Department of Health and Human Services (US)
HIPAA Health Information Portability and Accountability Act (US)
HITECH Health Information Technology for Economic and Clinical Health
HTML Hypertext markup language
HTML5 The most current version of HTML
HTTP Hypertext transfer protocol
HTTPS Hypertext transfer protocol secure
IAB Interactive Advertising Bureau
IAB TCF Interactive Advertising Bureau (IAB) Transparency and Consent Framework (TCF)
IAM Identity and access management
IAPP International Association of Privacy Professionals
ICDPPC International Conference of Data Protection and Privacy Commissioners
ICO Information Commissioner's Office (United Kingdom)
IDFA Identity for Advertisers
IdP Identity provider
IoT Internet of Things
IP Internet Protocol
IRCA Immigration Reform and Control Act
ISA Independent Supervisory Authority
ISO 270001 International Organization for Standardization 27001
ISO 270002 International Organization for Standardization 27002
ISP Internet Service Provider
KYC Know Your Customer
LGPD Lei Geral de Proteção de Dados (Brazil)
MFA Multi-factor authentication
MOU Memorandum of Understanding
NAI Network Advertising Initiative
NIH National Institutes of Health (US)
NIST National Institute of Standards and Technology
NLP Natural language processing
NLRA National Labor Relations Act
NPICIC Nevada Privacy of Information Collected on the Internet from Consumers Act (US-Nevada)
OBA Online behavioral advertising
OCR Office of Civil Rights (US)
OECD Organisation for Economic Co-operation and Development
OMB President’s Office of Management and Budget (US)
OSHA Occupational Safety and Health Act
PbD Privacy by Design
PCI Payment Card Industry
PCI-DSS Payment Card Industry Data Security Standard
PDP Personal Data Protection Bill (India)
PET Privacy Enhancing Technology
PHI Protected health information
PI Personal information
PIPA Personal Information Protection Act (South Korea)
PIA Privacy impact assessment
PII Personally identifiable information
PIPC Personal Information Protection Commission (South Korea)
PIPEDA Personal Information Protection and Electronic Documents Act (Canada)
PIPL China Personal Information Protection Law (China)
PKI Public Key Infrastructure
PLS Privacy Law Specialist
POPI Protection of Personal Information (South Africa)
PPRA Protection of Pupil Rights Amendment
QSO Qualified service organization
RBAC Role-based access control
RFID Radio-Frequency Identification
RTBF Right-to-be-forgotten
SaaS Software as a Service
SAR Subject Access Request
SCA Stored Communications Act
SCC Standard contractual clauses
SDLC Systems development Life Cycle
SEC US Securities and Exchange Commission
SOX Sarbanes-Oxley Act (US)
SQL Structured Query Language
SSL Secure sockets layer
SSN Social Security Number
SSO Single sign on
SSP Supply side platform
TCP Transmission Control Protocol
TCPA Telephone Consumer Protection Act (US)
TLS Transport layer security
TSR Telemarketing Sales Rule (US)
UDAP Unfair and Deceptive Acts and Practices (US)
URL Uniform resource locator
US-CERT US Computer Emergency Readiness Team
USA PATRIOT ACT Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (US)
VOIP Voice over IP
VPN Virtual Private Network
WAN Wide area network
WORM Write once read many
XML Extensible markup language

The data privacy field is constantly changing with new regulations coming into force and new technologies emerging to support data privacy and related professionals. This list will be periodically updated to reflect new acronyms as they become available.

Data Privacy Management Software ➜

Common Acronyms in the Data Privacy Industry Data privacy professionals use acronyms for regulations, industries, regions, and technologies. Here is a compiled list of such commonly used acronyms.
Merry Marwig, CIPP/US Merry Marwig is a senior research analyst at G2 focused on the privacy and data security software markets. Using G2’s dynamic research based on unbiased user reviews, Merry helps companies best understand what privacy and security products and services are available to protect their core businesses, their data, their people, and ultimately their customers, brand, and reputation. Merry's coverage areas include: data privacy platforms, data subject access requests (DSAR), identity verification, identity and access management, multi-factor authentication, risk-based authentication, confidentiality software, data security, email security, and more.