Vendor Management

Operational

The lifecycle of evaluating, contracting with, monitoring, and exiting third-party provider with attention to the data they touch, the safeguards they apply, and the regulatory obligations that flow through to them.

Sources & Further Reading

Definitions above are written in original prose and informed by widely used industry references, regulatory text, and standards. For deeper treatment of any term, the following sources are recommended starting points.

IAPP Glossary of Privacy Terms

iapp.org/resources/glossary: the most comprehensive industry glossary; useful for cross-referencing variations in terminology.

NIST Privacy Framework and SP 800-188

csrc.nist.gov: particularly NIST SP 800-188 (de-identification of personal information) and the NIST Privacy Framework Resource Repository.

HHS/OCR Guidance on De-identification

hhs.gov/hipaa: the official Safe Harbor and Expert Determination methodology, with worked examples.

European Data Protection Board (EDPB) Guidelines

edpb.europa.eu: authoritative interpretation of GDPR concepts and cross-border transfer mechanics.

California Privacy Protection Agency Regulations

cppa.ca.gov , current text of CCPA/CPRA regulations, including ADMT and risk-assessment rules.

U.S. Federal Trade Commission Privacy Guidance

ftc.gov/business-guidance/privacy-security , enforcement priorities and operational expectations under GLBA Safeguards and Section 5.

ENISA Pseudonymisation Techniques and Best Practices

enisa.europa.eu , an excellent technical reference for tokenization, hashing, and pseudonymization in practice.

NIST AI Risk Management Framework (AI RMF 1.0)

nist.gov/itl/ai-risk-management-framework: governance vocabulary for AI deployments, complementary to the EU AI Act.

Article 29 Working Party / EDPB Opinions on Anonymisation

EDPB Opinion 05/2014 (still influential) on anonymisation techniques and re-identification risk thresholds.

This glossary is maintained as a living document. New terms enter the privacy vocabulary every quarter; old terms shift meaning as enforcement clarifies them. Treat any single edition as a snapshot, not a settled record.

See also

Detect & redact sensitive data in your documents

PII Anomalyzer scans PDFs, Word, and Excel files for 55+ entity types using on-device AI. Your data never leaves your machine.

Free 7-day trial Back to glossary