A secret series of characters that enable a user to access a restricted area, e.g. computer files, a secure room. The password helps ensure that unauthorised persons are unable to gain access.
Applying updates to firmware or software to improve security and/or enhance functionality.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organisations that handle card holder information for major debit, credit, ATM and POS cards. It was created to increase controls around card holder data in order to reduce credit card fraud.
PECR are the Privacy and Electronic Communications Regulations, formally 'The Privacy and Electronic Communications (EC Directive) Regulations 2003'.
They implement European Directive 2002/58/EC, also known as the 'e-privacy Directive'.
The e-privacy Directive complements the general data protection regime and sets out more-specific privacy rights on electronic communications. It recognises that widespread public access to digital mobile networks and the internet opens up new possibilities for businesses and users, but also new risks to their privacy.
The PECR apply to marketing by electronic means, including telephone calls, texts, emails and faxes. Since the introduction of the GDPR, its rules on consent replace the former PECR rules.
Short for penetration test. An authorised test of a computer network or system designed to look for security weaknesses so that they can be fixed.
The GDPR defines personal data as "... any information relating to an identified or identifiable natural person (data subject);..."
and an identifiable natural person as "... one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;"
An attack on network infrastructure that results in a user being redirected to an illegitimate website despite the user having entered the correct address.
Untargeted, mass emails sent to many people asking for sensitive information (such as bank details) or encouraging them to visit a fake website.
The basic hardware (device) and software (operating system) on which applications can be run.
An older term broadly equivalent to and superseded by the GDPR term, 'Data Protection by design and default' (qv).
In relation to personal data, Article 4 of the GDPR defines 'processing' as "... any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction".
The GDPR defines 'profiling' as "any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements".
Article 4 of the GDPR defines ‚'pseudonymisation as' ... the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person".
In the GDPR sense, pseudonymisation can be seen as a form of security enhancement measure, but not a process that renders personal data impersonal i.e. it is not equivalent to anonymisation qv.