FAQ Library

The FAQ section provides a general overview of common questions we get asked and simple responses we can provide to help aid. For a deeper legal overview, head back to the Policy Center.

Data Literacy 101

The internet is hard to understand if you don't understand how data works, a problem the majority of internet users have. Below are a handful of common questions and answers about how data works.

What is the difference between data privacy and data security?

Data privacy and data security have been used interchangeably, however, they are different. Data privacy is about the governance of personal information. This is typically defined by privacy legislation and provides the laws to give consumers and individuals more rights when it comes to companies who collect, use and disclose the use of their personal information.

Data security specifies the rules and best practices that a company should follow to ensure the personal information they store and use within their systems are kept safe. Most of this requires technical safeguards to minimize the chances information is leaked or data is breached from the system.

What does consent mean and what does that mean for me?

When a company collects personal information, individual consent or permission must be given to allow that company to collect, use and disclosure this information. Generally speaking, there are two types of consent an organization may obtain:

1) Explicit Consent (also known as express consent.) In this case, there needs to be clear, documented consent, given either verbally, written or through another form of digital attestation (for example, video or audio.) Disclosure of the purpose for which the data is being used must be made at that time. A common example: an individual subscribes to an email newsletter. When s/he will submits their information, they subsequently receive a link in their email to provide “explicit consent."

2) Implicit Consent (also known as indirect or inferred consent.) Individuals may voluntarily provide information to a company to collect and use the information for specific purpose(s) given at the time. For example, retailers may ask customers for implicit consent to send them emails so they can receive relevant offers.

For the most stringent privacy legislation—known as the GDPR—this means that the personal information must be freely given, consent must relate to a specific purpose, and the individual must fully understand why the data is being collected.

As easily as consent is granted by an individual, a company must make it just as easy to allow an individual to remove their consent or opt-out.

Don't see the answer you're looking for?

Take a moment to submit a question to us. If you'd like a direct response or if you'd like to be notified when the question has been answered, please add your name and email address so we can reach out to you.
FAQ Submissions will be responded to as quickly as possible, please be patient. If you do not get a response in what you feel to be a reasonable amount of time please email us using the contact info on our policy center home page.

Thanks For Asking!

There are thousands of questions that need to be answered and there's no way we could possible answer them all without you asking. Thank you for your submission, we will respond as quickly as possible!
Oops! Something went wrong while submitting the form.