Predictability is the enabling of reliable assumptions by individuals, owners, and operators about personal information and its processing by an information system. Manageability is providing the capability for granular administration of personal information including alteration, deletion, and selective disclosure. Disassociability is enabling the processing of personal information or events without association to individuals or devices beyond the operational requirements of the system.

Data actions are information system operations that process personal information. “Processing” can include, but is not limited to, the collection, retention, logging, generation, transformation, disclosure, transfer, and disposal of personal information.

Personal Information: For the purpose of risk assessment, personal information is 963 considered broadly as any information that ca n uniquely identify an individual as well as 964 any other information, events or behavior th at can be associated with an individual. 965 Where agencies are conducting activities subj ect to specific laws, regulation or policy, 966 more precise definitions may apply.