Playbook: Glossary
A
Aggregation (Data)
The process of combining individual data points into groups or a summary of information. Aggregation can be used to minimize the risk of specific identification of individual data points; however, aggregation alone does not always eliminate re-identification risks in the use (or reuse) of a dataset.
Anonymization (Data)
A process intended to irreversibly remove or transform identifying information so that individuals cannot be re-identified. Anonymization represents a stronger standard than de-identification and implies that re-identification is not reasonably possible.
See also “De-identification,” which refers to a weaker standard where the risk of re-identification is reduced, but not necessarily eliminated.
B
BD4D Adopter (Adoption)
An organization that has adopted the BD4D Standard.
See also “We.”
C
Context
An understanding of (i) the environment and origin/provenance from where data is collected, (ii) people, organizations, or communities that the data is about, and (iii) the social power relations present in relation to the data. Based on a definition in Data Feminism.
D
Data Inventory
A documented record of data assets held or managed by an organization, describing what data exists, where it is stored, how it is used, who is responsible for it, and applicable governance or compliance requirements.
Data Minimization
The practice of collecting only the data necessary for a defined purpose and retaining it only for as long as needed to carry out that purpose or as required by law.
See also “Data Retention.”
Data Privacy
Ensuring that data is collected, stored, and used in ways that respect individuals’ confidentiality and consent.
“Data Privacy” may be defined differently by other organizations, industries, or regulations.
Data Processing
Any operation(s) or transformation(s) done on data, including collection, digitization, storage or transfer, cleaning, analysis, copying, or deletion. Data processing may be carried out by humans (Human Data Processing) or by software and automated systems (Machine Data Processing).
Data Retention
The policies and practices that determine how long data is stored and when it is deleted or archived, based on legal, operational, or ethical requirements.
Data Sharing
The practice of making data available to another individual, organization, or other entity, whether under a set of formal conditions or agreements, or by informal access.
Data Sharing Agreement (DSA)
A mechanism for sharing data, such as a formal document outlining the terms under which data is shared by or between parties. Data sharing agreements may be legally required, and are often used to enable sharing for data that cannot be shared openly.
Data Stewardship
Care of data or digital assets using industry standards and/or best practices for data, often by a nonprofit organization on behalf of a community or individuals.
Data Subject
A person whose information is collected, stored, processed, or shared as data.
Data Subject Request
A request made by a data subject to exercise their rights regarding their personal data, such as access, correction, deletion, or other restrictions on processing.
De-identified / De-identification
A process that changes or removes information from a dataset that can be used to identify a person. De-identification is intended to reduce the risk of re-identification, but it may not eliminate that risk entirely, particularly when datasets can be combined with other data or external information.
See also “Anonymization,” a stronger term that tends to mean that data cannot be re-identified.
Downstream Data Use
Any use, processing, analysis, or application of data that occurs after its initial collection or sharing.
Downstream Users
Individuals, organizations, or other entities that use data after its initial collection or sharing.
M
Monetization
A practice of collecting revenue or other economic value from data (including selling data, exchanging data, charging fees for accessing data).
S
Sensitive Data
Any information that, if disclosed or accessed, could cause harm to an individual and/or would surprise the individual if shared openly. In other contexts, sensitive data may refer to a category of personal information that, if disclosed or accessed without authorization, could result in significant harm to an individual. Laws typically require stronger protections for this type of data, but definitions and laws vary.
Stakeholders (Data)
Individuals, organizations, or communities who are affected by or involved in the collection, use, and governance of data.
T
Trusted Partner
An individual, organization, or other entity such as a research affiliate that collaborates with BD4D Adopters and is authorized to access or use data for defined purposes under agreed-upon terms, including requirements to follow best practices for data protection, de-identification, and responsible research use. Trusted partners have either adopted the BD4D Commitments or agreed to comparable obligations under a formal DSA.
W
We
The organization that has adopted the BD4D Commitments and is responsible for stewarding data in accordance with those commitments.
See the BD4D Standard, Declaration.
Y
You
The individuals, organizations, or other entities served by a BD4D Adopter, whose nonpublic data is collected, analyzed, stored, used, or shared.
See the BD4D Standard, Declaration.
Your Data
Nonpublic data that relates to “You” and that “You” would reasonably expect not to be made public, which “We” steward under the BD4D Commitments.
See the BD4D Standard, Declaration.
Web & Mobile Data Platform
Acknowledgement