The data privacy industry is full of acronyms and initialisms. In addition to general data privacy industry acronyms like PII for personally identifiable information, there are many regulation-specific terms, as well.
For example, the General Data Protection Regulation (GDPR) in the European Union (EU) has terms like EDPS for European Data Protection Supervisor, while the United States has terms like COPPA for the Children’s Online Privacy Protection Act. There are also technological acronyms such as URL for uniform resource locator or advertising acronyms like DSP for demand side platform, which many data privacy professionals will encounter in their day-to-day work.
Below is a list of common acronyms in alphabetical order that data privacy professionals may come across in their work.
| Acronym | Name |
| 2FA | Two-factor authentication |
| AI | Artificial intelligence |
| AML | Anti-money laundering |
| APA | Administrative Procedure Act (US) |
| APEC | Asia-Pacific Economic Cooperation |
| API | Application Program Interface |
| APPI | Act on the Protection of Personal Information (Japan) |
| BCR | Binding corporate rules |
| BSA | Bank Secrecy Act of 1970 (US) |
| BYOD | Bring your own device |
| CalOPPA | California Online Privacy Protection Act |
| CAN-SPAM | Controlling the Assault of Non-Solicited Pornography and Marketing Act |
| CCPA | California Consumer Privacy Act (US-California) |
| CCTV | Closed circuit television |
| CDP | Customer data platform |
| CDPA | Consumer Data Privacy Act (US-Virginia) |
| CFIPA | California Financial Information Privacy Act |
| CFPB | Consumer Financial Protection Bureau |
| CFTC | Commodity Futures Trading Commission |
| CIA Triad | Confidentiality, integrity, availability triad |
| CIAM | Customer identity and access management |
| CID | Civil investigative demand |
| CIPM | Certified Information Privacy Manager |
| CIPP-A | Certified Information Privacy Professional - Asia |
| CIPP-C | Certified Information Privacy Professional - Canada |
| CIPP-E | Certified Information Privacy Professional - Europe |
| CIPP-US | Certified Information Privacy Professional - United States |
| CIPT | Certified Information Privacy Technologist |
| CMP | Consent management platform |
| CNIL | Commission Nationale de l'informatique et des Libertés (France) |
| CNPD | Commission Nationale pour la Protection des Données, National Data Protection Commission (Luxembourg) |
| COBRA | Consolidated Omnibus Budget Reconciliation Act |
| COIT | Consumerization of information technology |
| COPPA | Children’s Online Privacy Protection Act |
| CPA | Colorado Privacy Act (US-Colorado) |
| CPEA | Cross-border Privacy Enforcement Arrangement |
| CPNI | Customer Proprietary Network Information |
| CPO | Chief privacy officer |
| CPPA | Consumer Privacy Protection Act (Canada) |
| CPRA | California Privacy Rights Act (US-California) |
| CSA | Canadian Standards Association |
| CSS | Cascading style sheets |
| DAA | Digital Advertising Alliance |
| DHS | Department of Homeland Security (US) |
| DLP | Data loss prevention |
| DNC | Do not call registry |
| DNPDP | Dirección Nacional de Protección de Datos Personales (Argentina) |
| DNT | Do not track for opt-out of web-usage tracking |
| DOE | Department of Energy (US) |
| DOL | Department of Labor (US) |
| DOT | Department of Transportation (US) |
| DPA | Data Protection Authority |
| DPIA | Data Protection Impact Assessment |
| DPO | Data Protection Officer |
| DQA | Data Quality Act |
| DSAR | Data Subject Access Request |
| DSP | Demand side platform |
| DSR | Data Subject Request |
| ECHR | European Convention of Human Rights |
| ECJ | European Court of Justice |
| ECPA | Electronic Communications Privacy Act |
| ECtHR | European Court of Human Rights |
| EDPB | European Data Protection Board |
| EDPS | European Data Protection Supervisor |
| EEA | European Economic Area |
| EEOC | Equal Employment Opportunity Commision (US) |
| EHR | Electronic Health Records |
| EMM | Enterprise mobility management |
| ePHI | Electronic protected health information |
| ERISA | Employee Retirement Income Security Act |
| EUFRA | European Union Agency for Fundamental Rights |
| EULA | End user license agreement |
| FACTA | Fair and Accurate Credit Transactions Act (US) |
| FATCA | Foreign Account Tax Compliance Act of 2010 |
| FCC | Federal Communications Commission (US) |
| FCRA | Fair Credit Reporting Act (US) |
| FDIC | Federal Deposit Insurance Corporation |
| FERPA | Family Educational Rights and Privacy Act |
| FI | Financial institution |
| FinCEN | Financial Crimes Enforcement Network (US) |
| FIP | Fellow of Information Privacy designation |
| FIP | Fair Information Practice |
| FIPP | Fair Information Privacy Practice |
| FISA | Foreign Intelligence Surveillance Act |
| FLSA | FLSA (Fair Labor Standards Act |
| FMLA | Family Medical Leave Act |
| FOIA | Freedom of Information Act (US) |
| FPCA | Family Policy Compliance Officer |
| FTC | Federal Trade Commission |
| GAN | Generative adversarial network |
| GAPP | Generally accepted privacy principles |
| GDPR | General Data Protection Regulation (European Union) |
| GINA | Genetic Information Nondiscrimination Act (US) |
| GLBA | Gramm-Leech-Billey Act (USA) |
| GPEN | Global Privacy Enforcement Network |
| GUID | Globally unique identifier |
| HHS | US Department of Health and Human Services (US) |
| HIPAA | Health Information Portability and Accountability Act (US) |
| HITECH | Health Information Technology for Economic and Clinical Health |
| HTML | Hypertext markup language |
| HTML5 | The most current version of HTML |
| HTTP | Hypertext transfer protocol |
| HTTPS | Hypertext transfer protocol secure |
| IAB | Interactive Advertising Bureau |
| IAB TCF | Interactive Advertising Bureau (IAB) Transparency and Consent Framework (TCF) |
| IAM | Identity and access management |
| IAPP | International Association of Privacy Professionals |
| ICDPPC | International Conference of Data Protection and Privacy Commissioners |
| ICO | Information Commissioner's Office (United Kingdom) |
| IDFA | Identity for Advertisers |
| IdP | Identity provider |
| IoT | Internet of Things |
| IP | Internet Protocol |
| IRCA | Immigration Reform and Control Act |
| ISA | Independent Supervisory Authority |
| ISO 270001 | International Organization for Standardization 27001 |
| ISO 270002 | International Organization for Standardization 27002 |
| ISP | Internet Service Provider |
| KYC | Know Your Customer |
| LGPD | Lei Geral de Proteção de Dados (Brazil) |
| MFA | Multi-factor authentication |
| MOU | Memorandum of Understanding |
| NAI | Network Advertising Initiative |
| NIH | National Institutes of Health (US) |
| NIST | National Institute of Standards and Technology |
| NLP | Natural language processing |
| NLRA | National Labor Relations Act |
| NPICIC | Nevada Privacy of Information Collected on the Internet from Consumers Act (US-Nevada) |
| OBA | Online behavioral advertising |
| OCR | Office of Civil Rights (US) |
| OECD | Organisation for Economic Co-operation and Development |
| OMB | President’s Office of Management and Budget (US) |
| OSHA | Occupational Safety and Health Act |
| PbD | Privacy by Design |
| PCI | Payment Card Industry |
| PCI-DSS | Payment Card Industry Data Security Standard |
| PDP | Personal Data Protection Bill (India) |
| PET | Privacy Enhancing Technology |
| PHI | Protected health information |
| PI | Personal information |
| PIPA | Personal Information Protection Act (South Korea) |
| PIA | Privacy impact assessment |
| PII | Personally identifiable information |
| PIPC | Personal Information Protection Commission (South Korea) |
| PIPEDA | Personal Information Protection and Electronic Documents Act (Canada) |
| PIPL | China Personal Information Protection Law (China) |
| PKI | Public Key Infrastructure |
| PLS | Privacy Law Specialist |
| POPI | Protection of Personal Information (South Africa) |
| PPRA | Protection of Pupil Rights Amendment |
| QSO | Qualified service organization |
| RBAC | Role-based access control |
| RFID | Radio-Frequency Identification |
| RTBF | Right-to-be-forgotten |
| SaaS | Software as a Service |
| SAR | Subject Access Request |
| SCA | Stored Communications Act |
| SCC | Standard contractual clauses |
| SDLC | Systems development Life Cycle |
| SEC | US Securities and Exchange Commission |
| SOX | Sarbanes-Oxley Act (US) |
| SQL | Structured Query Language |
| SSL | Secure sockets layer |
| SSN | Social Security Number |
| SSO | Single sign on |
| SSP | Supply side platform |
| TCP | Transmission Control Protocol |
| TCPA | Telephone Consumer Protection Act (US) |
| TLS | Transport layer security |
| TSR | Telemarketing Sales Rule (US) |
| UDAP | Unfair and Deceptive Acts and Practices (US) |
| URL | Uniform resource locator |
| US-CERT | US Computer Emergency Readiness Team |
| USA PATRIOT ACT | Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (US) |
| VOIP | Voice over IP |
| VPN | Virtual Private Network |
| WAN | Wide area network |
| WORM | Write once read many |
| XML | Extensible markup language |
The data privacy field is constantly changing with new regulations coming into force and new technologies emerging to support data privacy and related professionals. This list will be periodically updated to reflect new acronyms as they become available.
There have been a flurry of updates in the last few days to the California Consumer Privacy...
by Merry Marwig, CIPP/US
The Australian Competition and Consumer Commission (ACCC) filed a lawsuit against Google for...
by Merry Marwig, CIPP/US
The users of multi-factor authentication (MFA) software products have spoken. They’ve told us...
by Merry Marwig, CIPP/US