Up
SB166,4,223(g) Consumer means an individual who is a resident of this state acting only
1in an individual or household context. Consumer does not include an individual
2acting in a commercial or employment context.
SB166,4,43(h) Controller means a person that, alone or jointly with others, determines
4the purpose and means of processing personal data.
SB166,4,55(i) Covered entity has the meaning given in 45 CFR 160.103.
SB166,4,76(ja) Cures Act means the federal 21st Century Cures Act and valid federal
7regulations enacted pursuant to such provisions.
SB166,4,108(jd) Dark pattern means a user interface designed or manipulated with the
9substantial effect of subverting or impairing user autonomy, decision making, or
10choice.
SB166,4,1511(jg) Decisions that produce legal or similarly significant effects concerning a
12consumer means a decision made by the controller that results in the provision or
13denial by the controller of financial and lending services, housing, insurance,
14education enrollment, criminal justice, employment opportunities, health care
15services, or access to basic necessities, such as food and water.
SB166,4,1716(ka) Deidentified data means data that cannot reasonably be linked to an
17identified or identifiable individual, or a device linked to such person.
SB166,4,2018(kb) Identified or identifiable individual means a person who can be readily
19identified, directly or indirectly, in particular by reference to an identifier such as a
20name, an identification number, specific geolocation data, or an online identifier.
SB166,4,2321(La) HIPAA means the federal Health Insurance Portability and
22Accountability Act and valid federal regulations enacted pursuant to the act,
23including 45 CFR 164.500 to 164.534.
SB166,5,3
1(Lg) HITECH means the federal Health Information Technology for
2Economic and Clinical Health Act and valid federal regulations enacted pursuant
3to the act.
SB166,5,44(m) Institution of higher education has the meaning given in s. 39.32 (1) (a).
SB166,5,75(n) Nonprofit organization means any corporation organized under ch. 181,
6any organization identified under s. 895.486 (2) (e), or any organization exempt
7from taxation under section 501 (c) (3), (6), or (12) of the Internal Revenue Code.
SB166,5,108(o) Personal data means any information that is linked or reasonably
9linkable to an identified or identifiable individual. Personal data does not include
10deidentified data or publicly available information.
SB166,5,1711(p) Precise geolocation data means information derived from technology,
12including global positioning system level latitude and longitude coordinates or other
13mechanisms, that directly identifies the specific location of an individual with
14precision and accuracy within a radius of 1,750 feet. Precise geolocation data
15does not include the content of communications or any data generated by or
16connected to advanced utility metering infrastructure systems or equipment for use
17by a utility.
SB166,5,2118(q) Process or processing means any operation or set of operations
19performed, whether by manual or automated means, on personal data or on sets of
20personal data, such as the collection, use, storage, disclosure, analysis, deletion, or
21modification of personal data.
SB166,5,2322(r) Processor means an individual or person that processes personal data on
23behalf of a controller.
SB166,6,4
1(s) Profiling means any form of automated processing performed on
2personal data to evaluate, analyze, or predict personal aspects related to an
3identified or identifiable individuals economic situation, health, personal
4preferences, interests, reliability, behavior, location, or movements.
SB166,6,95(t) Pseudonymous data means personal data that cannot be attributed to a
6specific individual without the use of additional information, provided that such
7additional information is kept separately and is subject to appropriate technical
8and organizational measures to ensure that the personal data is not attributed to
9an identified or identifiable individual.
SB166,6,1510(u) Publicly available information means information that is lawfully made
11available through federal, state, or local government records, or information that a
12business has a reasonable basis to believe is lawfully made available to the general
13public through widely distributed media, by the consumer, or by a person to whom
14the consumer has disclosed the information, unless the consumer has restricted the
15information to a specific audience.
SB166,6,1816(v) Sale of personal data means the exchange of personal data for monetary
17or other valuable consideration by the controller to a 3rd party. Sale of personal
18data does not include any of the following:
SB166,6,20191. The disclosure of personal data to a processor that processes the personal
20data on behalf of the controller.
SB166,6,22212. The disclosure of personal data to a 3rd party for purposes of providing a
22product or service requested by the consumer.
SB166,7,2233. The disclosure of personal data based on the consumer directing the
1controller to disclose the personal data or intentionally using the controller to
2interact with a 3rd party.
SB166,7,334. The disclosure or transfer of personal data to an affiliate of the controller.
SB166,7,645. The disclosure of information that a consumer intentionally made available
5to the general public via a channel of mass media and did not restrict to a specific
6audience.
SB166,7,976. The disclosure or transfer of personal data to a 3rd party as an asset that is
8part of a merger, acquisition, bankruptcy, or other transaction in which the 3rd
9party assumes control of all or part of the controllers assets.
SB166,7,1010(w) Sensitive data includes the following:
SB166,7,12111. Personal data revealing racial or ethnic origin, religious beliefs, mental or
12physical health diagnosis, sexual orientation, or citizenship or immigration status.
SB166,7,14132. The processing of genetic or biometric data for the purpose of uniquely
14identifying an individual.
Down