O - P

Password

A secret series of characters that enable a user to access a restricted area, e.g. computer files, a secure room.…

A secret series of characters that enable a user to access a restricted area, e.g. computer files, a secure room. The password helps ensure that unauthorised persons are unable to gain access.

Patching

Applying updates to firmware or software to improve security and/or enhance functionality.

Applying updates to firmware or software to improve security and/or enhance functionality.

PCI - Payment Card Industry (standards)

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organisations that handle card…

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organisations that handle card holder information for major debit, credit, ATM and POS cards. It was created to increase controls around card holder data in order to reduce credit card fraud.

PECR - Privacy and Electronic Communications Regulations

PECR are the Privacy and Electronic Communications Regulations, formally 'The Privacy and Electronic Communications (EC Directive) Regulations 2003'.They implement European…

PECR are the Privacy and Electronic Communications Regulations, formally 'The Privacy and Electronic Communications (EC Directive) Regulations 2003'.
They implement European Directive 2002/58/EC, also known as the 'e-privacy Directive'.
The e-privacy Directive complements the general data protection regime and sets out more-specific privacy rights on electronic communications. It recognises that widespread public access to digital mobile networks and the internet opens up new possibilities for businesses and users, but also new risks to their privacy.
The PECR apply to marketing by electronic means, including telephone calls, texts, emails and faxes. Since the introduction of the GDPR, its rules on consent replace the former PECR rules.

Pen test

Short for penetration test. An authorised test of a computer network or system designed to look for security weaknesses so…

Short for penetration test. An authorised test of a computer network or system designed to look for security weaknesses so that they can be fixed.

Personal Data

The GDPR defines personal data as "... any information relating to an identified or identifiable natural person (data subject);..."and an…

The GDPR defines personal data as "... any information relating to an identified or identifiable natural person (data subject);..."
and an identifiable natural person as "... one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;"

Pharming

An attack on network infrastructure that results in a user being redirected to an illegitimate website despite the user having…

An attack on network infrastructure that results in a user being redirected to an illegitimate website despite the user having entered the correct address.

Phishing

Untargeted, mass emails sent to many people asking for sensitive information (such as bank details) or encouraging them to visit…

Untargeted, mass emails sent to many people asking for sensitive information (such as bank details) or encouraging them to visit a fake website.

Platform

The basic hardware (device) and software (operating system) on which applications can be run.

The basic hardware (device) and software (operating system) on which applications can be run.

Privacy by design

An older term broadly equivalent to and superseded by the GDPR term, 'Data Protection by design and default' (qv).

An older term broadly equivalent to and superseded by the GDPR term, 'Data Protection by design and default' (qv).

Processing

In relation to personal data, Article 4 of the GDPR defines 'processing' as "... any operation or set of operations…

In relation to personal data, Article 4 of the GDPR defines 'processing' as "... any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction".

Profiling

The GDPR defines 'profiling' as "any form of automated processing of personal data consisting of the use of personal data…

The GDPR defines 'profiling' as "any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements".

Pseudonymisation

Article 4 of the GDPR defines ‚'pseudonymisation as' ... the processing of personal data in such a manner that the…

Article 4 of the GDPR defines ‚'pseudonymisation as' ... the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person".
In the GDPR sense, pseudonymisation can be seen as a form of security enhancement measure, but not a process that renders personal data impersonal i.e. it is not equivalent to anonymisation qv.