USA - Illinois
Other key definitions A “data broker” is a covered entity whose principal source of revenue is derived from processing or transferring covered data that the entity did not collect directly from the associated individuals. This does not include employee data collected by and received from a third party for the sole purpose of providing benefits to the employee. The bill defines “biometric information” as covered data generated from the technological processing of an individual’s unique biological, physical, or physiological characteristics that can be linked to the individual. This can include fingerprints, voice prints, retina scans, or hand mapping. “Collection” refers to the buying, renting, gathering, obtaining, receiving, accessing, or otherwise acquiring covered data by any means. “Control” means an entity that has ownership of another entity, control over a voting majority, or the power to exercise controlling influence over the management of an entity. A “covered minor” refers to an individual under the age of 17. To “process” covered data refers to conducting or directing any operation on covered data, including analyzing, organizing, retaining, storing, using, or otherwise handling said data.
The DPPA provides that a covered entity may not collect, process, or transfer covered data unless the collection, processing, or transfer is limited to what is reasonably necessary and proportionate. Definition of covered data Under the DPPA, “covered data” refers to information, including derived data and unique identifiers that identifies or is linked to, alone in combination with other information, to an individual or a device that identifies or is linked to an individual. Covered data does not include de- identified data, employee data, or publicly available information.
https://www.mcdonaldhopkins.com/
Made with FlippingBook - PDF hosting