N - Q
Penetration Testing
Also called pen testing, is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit.
Personal Data Breach
A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. In other words, if any information relating to an individual ...
Personally Disqualified Lawyer
Term used to describe a lawyer in a situation where he or she must be personally disqualified from representing a client and/or to have access to or view a client’s confidential/personal information due to of a conflict of interest.
Processing
Any operation or set of operations which is performed on personal data, such as collecting; recording; reorganizing; storing; adapting or altering; retrieving; consulting; using; disclosing by transmission, dissemination or otherwise making the data ...
Processor
The natural or legal person, public authority, agency or any other body which processes personal data on behalf of the data controller. In other words, if your company handles or administers the data – like a payroll company or a cloud storage ...
Nefarious Purposes
With intent to use confidential or personal information for criminal, evil, malicious or wicked objectives.
Personal Information
The information about an individual that can directly or indirectly distinguish or trace an individual’s identity, associate or link an individual to private information, distinguish one person from another, or could be used to re-identify anonymous ...
Physical Destruction
Use of incineration, pulverization, shredding, melting, chemical treatment etc. to destroy or dispose of confidential or personal information.
Physical Records (or Physical Data)
Refers to information in a tangible form. This type of data is generally thought of as paper printouts and handwritten notes/documents. The state of New York “Disposal of Records Containing Personal Identifying Information” law (GBS, Article 26, § ...
POLP (Principle of Least Privilege)
The practice of providing only the minimal level of access to information necessary for completing a given task.
Pseudonymizing
A method by which identifying fields within a data record are replaced by one or more artificial identifiers, or pseudonyms.
Private Information
(Legal-New York) The term used in a New York state law that represents personal information in combination with specific data elements.
Notice
Provides a clear, user friendly explanation of an individual’s rights with respect to their personal information and the privacy practices of the business
Protected Health Information (PHI)
Any individually identifiable health information transmitted or maintained in any form or medium that is held by a covered entity or its business associate; identifies the individual or offers a reasonable basis for identification; is created or ...
Privacy Policy
A policy that documents and governs an organization’s or entity’s handling practices of personal information. A Privacy Policy provides information regarding the organization, describes how the organization collects, uses, retains and discloses ...
Privacy (Data Protection) Officer
An official responsible for the coordination and implementation of all privacy, data protection and confidentiality efforts within an organisation. They are generally responsible to Data Protection Authorities (DPAs) or senior management for ensuring ...
Privacy Notice
A statement made to a data subject that describes how the organization collects, uses, retains and discloses personal information. A privacy notice is sometimes referred to as a privacy statement, a fair processing statement or sometimes a privacy ...
Privacy by Design
The concept that organizations need to build privacy directly into technology, systems and practices at the design phase, thereby ensuring the existence of privacy from the outset. Originating in the mid-1990s by the Information and Privacy ...
Privacy Assessment
An assessment of an organization’s compliance with its privacy policies and procedures, applicable laws, regulations, service-level agreements, standards adopted by the entity and other contracts. The assessment or audit measures how closely the ...
Phishing
E-mails or other communications that are designed to trick a user into believing that he or she should provide a password, account number or other information. The user then typically provides that information to a website controlled by the attacker. ...
Personally Identifiable Information (PII)
NIST Special Publication 800-122 defines PII as "any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date ...
Personal Data
Any information relating to an identified or identifiable natural person 'data subject' by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, ...
PCI Data Security Standard (PCI DSS)
A self-regulatory system that provides an enforceable security standard for payment card data. The rules were drafted by the Payment Card Industry Security Standards Council, which built on previous rules written by the various credit card companies. ...
Opt-Out
One of two central concepts of choice. With absent action by an individual, such as “unchecking” a tick box, it is assumed that the individual has granted consent or given permission. Many companies use the ‘opt-out’ method in order to easily ...
Opt-In
One of two central concepts of choice. An individual actively affirms their choice by checking a box or performing another action that indicates their consent in the affirmative. The box would not already be checked. Individuals often ‘opt-in’ to ...
National Institute of Standards and Technology (NIST)
It is an agency within the US Department of Commerce. NIST has the lead responsibility for the development and issuance of security standards and guidelines for the US federal government, contractors, and the United States critical information ...