U.S. flag

An official website of the United States government, Department of Justice.

Appendix E: Glossary

Global Justice Information Sharing Initiative
gonin / shutterstock.com (see reuse policy).

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | PR | S | T | U | V | W

The following terms and definitions are provided as a reference for use during the privacy and civil liberties policy development process and as a resource for the project team, project team leader, and project champion or sponsor. Not all of the terms listed were specifically discussed within the Guide but are terms relative to the subject of privacy and civil liberties and may contribute to an understanding of these issues. 


In respect to privacy, an individual’s ability to view, modify, and contest the accuracy and completeness of personally identifiable information collected about him or her. Access is an element of the Organisation for Economic Co-operation and Development's (OECD) Fair Information Principles (FIPs). See Fair Information Principles (FIPs).

Access Control
The mechanisms for limiting access to certain information based on a user’s identity and membership in various predefined groups. Access control can be mandatory, discretionary, or role-based.

Accountability Principle
One of the eight Fair Information Principles (FIPs) developed by the Organisation for Economic Co-operation and Development (OECD). According to this principle, a data controller should be accountable for complying with measures that give effect to the principles stated above.

Accuracy of Information
In addition to providing individuals with the ability to correct factual inaccuracies in their personally identifiable or prospect information, an organization must also take reasonable steps to ensure that the personally identifiable and prospect information that it collects is accurate, complete, and timely for the purposes for which it is used. See Prospect Information.

Administrative Vulnerability
Failure to observe administrative best practices, such as using a weak password or logging on to an account that has more user rights than the user requires to perform a specific task.

A condition in which an individual’s true identity is unknown.

Appropriate Security
An organization is required to take appropriate data security measures to protect personally identifiable information and prospect information. These measures must include physical security measures, such as doors and locks, as well as electronic security and managerial controls that limit the potential for unauthorized access or misuse by employees and contractors. The security measures necessary to protect information sufficiently will vary based on the risks presented to the individual by an organization’s collection and use of the data. See Prospect Information.

A deliberate attempt to compromise the security of a computer system or deprive others of the use of the system.

Audit Trail
Audit trail is a generic term for recording (logging) a sequence of activities. In computer and network contexts, an audit trail tracks the sequence of activities on a system, such as user log-ins and log-outs. More expansive audit trail mechanisms would record each user’s activity in detail—what commands were issued to the system, what records and files were accessed or modified, etc.

Audit trails are a fundamental part of computer security, used to trace (albeit usually retrospectively) unauthorized users and uses. They can also be used to assist with information recovery in the event of a system failure.

Authentication is the process of validating the credentials of a person, computer process, or device. Authentication requires that the person, process, or device making the request provide a credential that proves it is what or who it says it is. Common forms of credentials are digital certificates, digital signatures, smart cards, biometrics data, and a combination of user names and passwords. See Biometrics.

Authentication of Identity
The process whereby an organization establishes that a party it is dealing with is:

  • A previously known real-world entity (in which case, it can associate transactions with an existing record in the relevant information system).
  • A previously unknown real-world entity (in which case, it may be appropriate to create a new record in the relevant information system and perhaps also to create an organizational identifier for that party).

The process of granting a person, computer process, or device with access to certain information, services, or functionality. Authorization is derived from the identity of the person, computer process, or device requesting access that is verified through authentication. See Authentication.


Biometrics methods can be divided into two categories: physiological and behavioral. Implementations of the former include face, eye (retina or iris), finger (fingertip, thumb, finger length or pattern), palm (print or topography), and hand geometry. The latter includes voiceprints and handwritten signatures.


An encrypted file containing user or server identification information that is used to verify identity and to help establish a security-enhanced link.

Charter (Project Team)
A collection of the project team's written vision, mission, and values statements, as well as the stated goals and objectives. The charter serves as a reference and resource throughout the course of the project team's effort. The most critical feature of the charter is that it memorializes the planning efforts and agreements of the team members to achieve specific goals and, thus, serves as an historical record of team plans and efforts.

Civil Liberties
Civil liberties are fundamental individual rights, such as freedom of speech, press, or religion; due process of law; and other limitations on the power of the government to restrain or dictate the actions of individuals. They are the freedoms that are guaranteed by the Bill of Rights—the first ten Amendments to the Constitution of the United States. Civil liberties offer protection to individuals from improper government action and arbitrary governmental interference. Generally, the term “civil rights” involves positive (or affirmative) government action, while the term “civil liberties” involves restrictions on government.

Civil Rights
The term “civil rights” is used to imply that the state has a role in ensuring all citizens have equal protection under the law and equal opportunity to exercise the privileges of citizenship regardless of race, religion, gender, or other characteristics unrelated to the worth of the individual. Civil rights are, therefore, obligations imposed upon government to promote equality. More specifically, they are the rights to personal liberty guaranteed to all United States citizens by the Thirteenth and Fourteenth Amendments and by acts of Congress.

Collection Limitation Principle
One of the eight Fair Information Principles (FIPs) developed by the Organisation for Economic Co-operation and Development (OECD). According to this principle, there should be limits to the collection of personal data, and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.

Computer Security
The protection of information assets through the use of technology, processes, and training.

Confidentiality is closely related to privacy but is not identical. It refers to the obligations of individuals and institutions to use information under their control appropriately once it has been disclosed to them. One observes rules of confidentiality out of respect for and to protect and preserve the privacy of others. See Privacy.

A small data file that is stored on a user’s local computer for record-keeping purposes that contains information about the user that is pertinent to a Web site, such as a user preference.

Credentials are information that includes identification and proof of identification that are used to gain access to local and network resources. Examples of credentials are user names, passwords, smart cards, and certificates.

The study or analysis of codes and encoding methods used to secure information. Cryptographic techniques can be used to enable and ensure confidentiality, data integrity, authentication (entity and data origin), and nonrepudiation. See Nonrepudiation.


Inert symbols, signs, or measures.

Data Controller
A party who, according to domestic law, is competent to decide about the contents and use of personal data, regardless of whether or not such data is collected, stored, processed, or disseminated by that party or by an agent on its behalf.

Data Protection
Data protection encompasses the range of legal, regulatory, and institutional mechanisms that guide the collection, use, protection, and disclosure of information.

Data Quality Principle
One of the eight Fair Information Principles (FIPs) developed by the Organisation for Economic Co-operation and Development (OECD). According to this principle, personal data should be relevant to the purposes for which they are to be used and, to the extent necessary for those purposes, should be accurate, complete, and up to date.

Data Transfer
As a key principle of privacy, it is the movement of personally identifiable information between entities, such as a customer list being shared between two different companies.

A process of destroying computerized data by leaving the domains in random patterns with no preference to orientation, which then renders previous data unrecoverable.

Digital Certificate
A digitally signed statement that binds the identifying information of a user, computer, or service to a public/private key pair. A digital certificate is commonly used in the process of authentication and for securing information on networks. See Authentication.

Digital Signature
A digital signature is data that binds a sender’s identity to the information being sent. A digital signature may be bundled with any message, file, or other digitally encoded information or transmitted separately. Digital signatures are used in public key environments and provide nonrepudiation and integrity services. See Nonrepudiation.

The release, transfer, provision of access to, or divulging of personally identifiable information in any other manner—electronic, verbal, or in writing—to an individual, agency, or organization outside of the agency who collected it.

A determination, disposition, final arrangement, or outcome of a case or charge following a judgment, settlement, or any other basis for termination of a legal action. Disposition can be final or intermediate. Examples of final determinations include dismissal, acquittal, or conviction. Examples of intermediate dispositions include suspended proceedings or the placement of a defendant in one or more programs.

To transfer a copy of a file from a remote computer to a requesting computer by means of a modem or network.


Electronically Maintained
Information stored by a computer or on any electronic medium from which the information may be retrieved by a computer, such as electronic memory chips, magnetic tape, magnetic disk, or compact disk optical media.

Electronically Transmitted
Information exchanged with a computer using electronic media, such as the movement of information from one location to another by magnetic or optical media, transmission over the Internet, intranet, extranet, leased lines, dial-up lines, private networks, telephone voice response, and faxback systems. It does not include faxes, telephone calls, video teleconferencing, or messages left on voice mail. See Extranet.

A privacy principle that provides mechanisms for ensuring compliance with the Organisation for Economic Co-operation and Development's (OECD) Fair Information Principles (FIPs), recourse for individuals affected by noncompliance, and consequences for noncompliant organizations. Methods for enforcement include a review by independent third parties.

An extension of an organization’s intranet used to facilitate communication with the organization’s trusted partners. An extranet allows such trusted partners to gain limited access to the organization’s internal data.


Fair Information Principles (FIPs)
The Fair Information Principles (FIPs) are contained within the Organisation for Economic Co-operation and Development’s (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. These were developed around commercial transactions and the transborder exchange of information; however, they do provide a straightforward description of underlying privacy and information exchange principles and provide a simple framework for the legal analysis that needs to be done with regard to privacy in integrated justice systems. Some of the individual principles may not apply in all instances of an integrated justice system.

The eight FIPs are:

  • Collection Limitation Principle
  • Data Quality Principle
  • Purpose Specification Principle
  • Use Limitation Principle
  • Security Safeguards Principle
  • Openness Principle
  • Individual Participation Principle
  • Accountability Principle

A pattern or mask through which data is passed to separate specified items. For instance, a filter used in e-mail or in retrieving newsgroup messages can allow users to automatically discard messages from designated users.

A security solution that segregates one portion of a network from another portion, allowing only authorized network traffic to pass through according to traffic-filtering rules.


General Information or Data
Information that could include records, documents, or files pertaining to law enforcement operations, such as Computer Aided Dispatch (CAD) data, incident data, and management information. Information that is maintained in a records management, CAD system, etc., for statistical/retrieval purposes. Information could be either resolved or unresolved. The record is maintained per statute, rule, or policy.

Goals (Project)
Project goals are the desired long-term end results that, if accomplished, will mean the team has achieved its mission. Goals provide a framework for more detailed levels of planning. Goals are more specific than mission statements but remain general enough to stimulate creativity and innovation.


Health Insurance Portability and Accountability Act (HIPAA)
A U.S. law that gives patients greater access to their own medical records and more control over how their personally identifiable information is used. The law also addresses the obligations of health-care providers and health plans to protect health information. In general, covered entities such as health plans, health-care clearinghouses, and health-care providers that conduct certain financial and administrative transactions electronically had until April 14, 2003, to comply with this act.

Homeland Security Information
As defined in Section 482(f)(1) of the Homeland Security Act, homeland security information means any information possessed by a federal, state, local, or tribal agency that relates to (A) a threat of terrorist activity; (B) the ability to prevent, interdict, or disrupt terrorist activity; (C) the identification or investigation of a suspected terrorist or terrorist organization or any person, group, or entity associated with or assisting a suspected terrorist or terrorist organization; or (D) a planned or actual response to a terrorist act.


A process whereby a real-world entity is recognized and its identity established. Identity is operationalized in the abstract world of information systems as a set of information about an entity that differentiates it from other similar entities. The set of information may be as small as a single code, specifically designed as an identifier, or may be a compound of such data as a given and family name, date of birth, and address. An organization’s identification process comprises the acquisition of the relevant identifying information.

Individually Identifiable Health Information (IIHI)
Information, including demographic information, that relates to past, present, or future physical or mental health or condition of a member and can be used to identify the member.

Individual Participation Principle
One of the eight Fair Information Principles (FIPs) developed by the Organisation for Economic Co-operation and Development (OECD). As stated in the FIPs, according to this principle, an individual should have the right:

a) To obtain from the data controller, or otherwise, confirmation of whether or not the data controller has data relating to him;

b) To have communicated to him, data relating to him:

  • Within a reasonable time;
  • At a charge, if any, that is not excessive;
  • In a reasonable manner; and
  • In a form that is readily intelligible to him;

c) To be given reasons if a request made under subparagraphs a) and b) is denied, and to be able to challenge such denial; and

d) To challenge data relating to him and, if the challenge is successful, to have the data erased, rectified, completed, or amended.

Individual Responsibility
Since a privacy notice is not self-implementing, an individual within an organization’s structure must also be assigned responsibility for enacting and implementing the notice.

Information includes any data about people, organizations, events, incidents, or objects, regardless of the medium in which it exists. Information received by law enforcement agencies can be categorized into three general areas: general data, tips and leads data, and criminal intelligence data.

Information Disclosure
The exposure of information to individuals who normally would not have access to it.

Information Privacy
Information privacy is the interest individuals have in controlling or at least significantly influencing the handling of data about themselves.

Information Quality
The accuracy and validity of the actual values of the data, data structure, and database/data repository design. The elements of information quality are accuracy, completeness, currency, reliability, and context/meaning.

Invasion of Privacy
Invasion of privacy can be defined as intrusion on one's solitude or into one's private affairs, public disclosure of embarrassing private information, publicity that puts one in a false light to the public, or appropriation of one's name or picture for personal or commercial advantage. See also Right to Privacy.


Justice Professional
A justice professional is someone who, through his or her work, has access to information from or direct access to a criminal justice information system. Justice professionals can be criminal or civil justice professionals or individuals affiliated or allied with the justice system. The justice system includes, but is not limited to, law enforcement, juvenile courts, prosecutors, probation, corrections, affiliated nongovernmental entities that work with the justice system (e.g., pretrial services), and many other professionals that interface with the justice system. This term is intended to be inclusive of the myriad of groups that work with justice information.


In encryption and digital signatures, a key is a value used in combination with an algorithm to encrypt or decrypt data.


As used by this policy, law includes any local, state, or federal statute, ordinance, regulation, executive order, policy, or court rule, decision, or order as construed by appropriate local, state, or federal officials or agencies.

Least Privilege Administration
A recommended security practice in which every user is provided with only the minimum privileges needed to accomplish the tasks he or she is authorized to perform.

Logs are a necessary part of an adequate security system as they are needed to ensure that data is properly tracked and only authorized individuals are getting access to the data.


Maintenance of Information
The maintenance of information applies to all forms of information storage. This would include electronic systems, such as databases, and nonelectronic storage systems, such as filing cabinets. To meet access requirements, an organization is not required to create new systems to maintain information or maintain information beyond a time when it no longer serves an organization’s purpose.

In its simplest form, metadata is information (data) about information, more specifically information about a particular content. An item of metadata may describe an individual content item or a collection of content items. Metadata is used to facilitate the understanding, use, and management of information. The metadata required for this will vary based upon the type of information and context of use.

Mission Statement
A succinct, comprehensive statement of purpose of an agency, program, subprogram, or project that is consistent with a vision statement. See Vision Statement.


A technique used to ensure that someone performing an action on a computer cannot falsely deny that they performed that action. Nonrepudiation provides undeniable proof that a user took a specific action, such as transferring money, authorizing a purchase, or sending a message.


Objectives (Project)
Objectives are specific and measurable targets for accomplishing goals, which are usually short-term with a target time frame. In contrast to goals, objectives are specific, quantifiable, and time-bound statements of desired accomplishments or results. As such, objectives represent intermediate achievements necessary to achieve goals. See Goals.

Online Collection
A Web site or online service is deemed to collect personally identifiable information or prospect information online, even though that information may be immediately deleted and not maintained for further use by an organization.

Openness Principle
One of the eight Fair Information Principles (FIPs) developed by the Organisation for Economic Co-operation and Development (OECD). According to this principle, there should be a general policy of openness about developments, practices, and policies with respect to personal data. Means should be readily available for establishing the existence and nature of personal data and the main purposes of their use, as well as the identity and usual residence of the data controller.


Authorization to perform operations associated with a specific shared resource, such as a file, directory, or printer. Permissions must be granted by the system administrator to individual user accounts or administrative groups.

Personal Data
Any personally identifiable information that relates to an identified or identifiable individual (or data subject). See also Personally Identifiable Information.

Personal Information
See Personally Identifiable Information.

Personally Identifiable Information
Personally identifiable information is one or more pieces of information that when considered together or when considered in the context of how it is presented or how it is gathered is sufficient to specify a unique individual.

The pieces of information can be:

  • Personal characteristics (such as height, weight, gender, sexual orientation, date of birth, age, hair color, eye color, race, ethnicity, scars, tattoos, gang affiliation, religious affiliation, place of birth, mother’s maiden name, distinguishing features, and biometrics information such as fingerprints, DNA, and retinal scans).
  • A unique set of numbers or characters assigned to a specific individual (including name, address, phone number, social security number, e-mail address, driver’s license number, financial account or credit card number and associated PIN number, Automated Integrated Fingerprint Identification System [AIFIS] identifier, or booking or detention system number).
  • Descriptions of event(s) or points in time (for example, information in documents such as police reports, arrest reports, and medical records).
  • Descriptions of location(s) or place(s) (including geographic information systems [GIS] locations, electronic bracelet monitoring information, etc.).

The term "privacy" refers to individuals’ interests in preventing the inappropriate collection, use, and release of personally identifiable information. Privacy interests include privacy of personal behavior, privacy of personal communications, and privacy of personal data.

Other definitions of privacy include the capacity to be physically alone (solitude); to be free from physical interference, threat, or unwanted touching (assault, battery); or to avoid being seen or overheard in particular contexts.

Privacy Compromise
A privacy compromise is a scenario in which an unauthorized individual or group of individuals is able to gain access to personally identifiable information about another.

Privacy Policy
A privacy policy is a written, published statement that articulates the policy position of an organization on how it handles the personally identifiable information that it gathers and uses in the normal course of business. The policy should include information relating to the processes of information collection, analysis, maintenance, dissemination, and access. The purpose of the privacy policy is to articulate that the agency will adhere to those legal requirements and agency policy determinations that enable gathering and sharing of information to occur in a manner that protects personal privacy interests. A well-developed and -implemented privacy policy uses justice entity resources wisely and effectively; protects the agency, the individual, and the public; and promotes public trust.

Privacy Protection
This is a process of finding appropriate balances between privacy and multiple competing interests, such as justice information sharing.

Project Champion (or Sponsor)
The project champion or sponsor is a high-level individual within the organization who has been selected to drive the privacy and civil liberties policy development effort. The champion helps steer the development of the policy, identifies and allocates the necessary resources (both human and other support), and oversees policy implementation. This person provides a strong voice for the team effort, particularly when there is competition for scarce resources, and provides the mechanism for efficient decision making when the project team leader or project manager does not have the authority to make decisions in selected areas.

Project Team
The project team is a multidisciplinary group of individuals, representing a broad array of perspectives, who collaborate on the development of the privacy and civil liberties policy. This team represents the core agencies that are entrusted with the protection of private information for justice information sharing. See Stakeholder.  

Project Team Leader
A project team leader is someone who will direct and manage the privacy and civil liberties policy development project on a day-to-day basis. The project team leader should possess the following essential characteristics: organizational credibility, organizational authority, ability to build and manage coalitions, and ability to manage day-to-day tasks over an extended period of time.

Prospect Information
Prospect information is defined the exact same way as personally identifiable information except that it is submitted by an individual who is not the subject of the data and who is giving personally identifiable information about someone else. This personally identifiable information about someone else is considered prospect information.

Protected Information
Protected information is information about United States citizens and lawful permanent residents that is subject to information privacy or other legal protections under the Constitution and laws of the United States. For local, state, and tribal governments, it would include applicable state and tribal constitutions and local, state, and tribal laws, ordinances, and codes. For the (federal) intelligence community, protected information includes information about “United States persons” as defined in Executive Order 12333. Protected information may also include other information that the U.S. government expressly determines by Executive Order, international agreement, or other similar instrument should be covered.

Public includes:

  • Any person and any for-profit or nonprofit entity, organization, or association;
  • Any governmental entity for which there is no existing specific law authorizing access to the agency’s information;
  • Media organizations; and
  • Entities that seek, receive, or disseminate information for whatever reason, regardless of whether it is done with the intent of making a profit, and without distinction as to the nature or intent of those requesting information from the agency.

Public does not include:

  • Employees of the agency;
  • People or entities, private or governmental, who assist the agency in the operation of the justice information system, and agency in the operation of the justice information system; and
  • Public agencies whose authority to access information gathered and retained by the agency is specified in law.

Public Access
Public access relates to what information can be seen by the public, that is, information whose availability is not subject to privacy interests or rights.

Purpose Specification Principle
One of the eight Fair Information Principles (FIPs) developed by the Organisation for Economic Co-operation and Development (OECD). According to this principle, the purposes for which personal data are collected should be specified no later than at the time of collection and the subsequent use limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose. 


Any item, collection, or grouping of information that includes personally identifiable information and is maintained, collected, used, or disseminated by or for the collecting agency or organization.

Internal procedures to address complaints from persons regarding protected information about them that is under the agency’s control.

The ability of a user to deny having performed an action that other parties cannot prove otherwise. For example, a user who deleted a file can successfully deny doing so if no mechanism (such as audit files) can contradict that claim.

Refer to Storage.

Retrievable Information
Information is retrievable in the ordinary course of business if it can be retrieved by taking steps that are taken on a regular basis in the conduct of business with respect to that information or that an organization is capable of taking with the procedures it uses on a regular basis in the conduct of its business.

Information is not considered retrievable in the ordinary course of business if retrieval would impose an unreasonable burden or violate the legitimate rights of a person that is not the subject of the information. The unreasonableness of burden is balanced against the significance of the information’s use.

Right to Privacy
The possible right to be let alone, in the absence of some reasonable public interest in a person’s activities. Invasion of the right to privacy can be the basis for a lawsuit for damages against the person or entity violating that right. See Privacy.

The right to privacy as a matter of constitutional law is understood to have begun with a pioneering law review article in the Harvard Law Review in the 1890s written by lawyers Samuel D. Warren and future Supreme Court Justice Louis D. Brandeis.

Role-Based Authorization
A type of authorization that uses roles to determine access rights and privileges. A role is a symbolic category of users that share the same security privilege.


A safeguard is considered a technology, policy, or procedure that counters a threat or protects assets.

Secondary Data Uses
Uses of personally identifiable information for purposes other than those for which the information was originally collected. The Organisation for Economic Co-operation and Development's (OECD) Fair Information Principles (FIPs) state that a person can provide personally identifiable information for a specific purpose without the fear that it may later be used for an unrelated purpose without that person’s knowledge or consent. 

Secure Sockets Layer (SSL)
A protocol that provides secure data communication through data encryption. This protocol enables authentication, integrity, and data privacy over networks through a combination of digital certificates, public-key cryptography, and bulk data encryption. This protocol does not provide authorization or nonrepudiation.

Security refers to the range of administrative, technical, and physical mechanisms that aim to preserve privacy and confidentiality by restricting information access to authorized users for authorized purposes.

Computer and communications security efforts also have the goal of ensuring the accuracy and timely availability of data for the legitimate user set, as well as promoting failure resistance in the electronic systems overall.

Security Policy
A security policy is different from a privacy policy. A security policy alone may not adequately address the protection of personally identifiable information or the requirements of a privacy policy in their entirety. A security policy addresses information classification, protection, and periodic review to ensure that information is being stewarded in accordance with an organization’s privacy policy. See Privacy Policy.  

Security Safeguards Principle
One of the eight Fair Information Principles (FIPs) developed by the Organisation for Economic Co-operation and Development (OECD). According to this principle, personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification, or disclosure of data.

A stakeholder is an agency or individual that is essential to the development and implementation of the privacy and civil liberties policy and who contributes to, but is not a member of, the project team. Stakeholders have interests in the outcome of the policy and provide input (for example, focus groups, surveys, documents for public comment, or invited speakers at team meetings). See Project Team.

In a computer, storage is the place where data is held in an electromagnetic or optical form for access by a computer processor. There are two general usages:

  1. Storage is frequently used to mean the devices and data connected to the computer through input/output operations—that is, hard disk and tape systems and other forms of storage that do not include computer memory and other in-computer storage. This meaning is probably more common in the information technology industry than meaning 2.
  2. In a more formal usage, storage has been divided into (1) primary storage, which holds data in memory (sometimes called random access memory or RAM) and other “built-in” devices such as the processor’s L1 cache, and (2) secondary storage, which holds data on hard disks, tapes, and other devices requiring input/output operations. Primary storage is much faster to access than secondary storage because of the proximity of the storage to the processor or because of the nature of the storage devices. On the other hand, secondary storage can hold much more data than primary storage.


Transborder Flows of Personal Data
Movements of personal data across national borders. See Fair Information Principles (FIPs).


With respect to personally identifiable information, the sharing, employment, application, utilization, examination, or analysis of such information within the agency or organization that maintains the designated record set. 

Use Limitation Principle
One of the eight Fair Information Principles (FIPs) developed by the Organisation for Economic Co-operation and Development (OECD). According to this principle, personal data should not be disclosed, made available, or otherwise be used for purposes other than those specified in accordance with the Purpose Specification Principle, except with the consent of the data subject or by the authority of law. See Purpose Specification Principle.


Values Statement
The core principles and philosophies that describe how an agency conducts itself in carrying out its mission.  

Virtual Private Network (VPN)
The extension of a private network that provides encapsulated, encrypted, and authenticated logical (not physical) links across shared or public networks. VPN connections typically provide remote access and router-to-router connections to private networks over the Internet.

A code written with the express intention of replicating itself. A virus attempts to spread from computer to computer by attaching itself to a host program. It may damage hardware, software, or data. See Worm.

Vision Statement
A compelling and conceptual image of the desired, successful outcome.  

Any weakness, administrative process, act, or physical exposure that makes a computer susceptible to exploitation by a threat.


A self-propagating malicious code that can automatically distribute itself from one computer to another through network connections. A worm can take harmful action, such as consuming network or local system resources, possibly causing a denial-of-service attack.  

Glossary of Terms and Definitions' Cited Resources

  • Warren, Samuel D., and Louis D. Brandeis. "The Right to Privacy," Harvard Law Review 4, 1890:193.