R - S

Ransomware

Malicious software that makes data or systems unusable until the victim makes a payment.See also: Wannacry.

Malicious software that makes data or systems unusable until the victim makes a payment.
See also: Wannacry.

See Records Management.

Records Management

The field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use and disposal of…

The field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use and disposal of records. Also known as Records Information Management or RIM.

Retention

Continued storage and maintenance of records for as long as they are required by the creating or holding organisation until…

Continued storage and maintenance of records for as long as they are required by the creating or holding organisation until their eventual disposal, according to their administrative, financial and historical evaluation.
Organisations usually have a records retention policy and some records will have legally imposed retention periods.

Risk assessment

Identification and assessment of hazards, based on the type of hazard, the likelihood of it occurring and the potential effect…

Identification and assessment of hazards, based on the type of hazard, the likelihood of it occurring and the potential effect of this on individuals, organisations or the environment.

Router

A network device which sends data packets from one network to another based on the destination address. May also be…

A network device which sends data packets from one network to another based on the destination address. May also be called a gateway.

Safe Haven

Secure physical location or agreed set of administrative arrangements within the organisation to ensure confidential personal information is ommunicated safely…

Secure physical location or agreed set of administrative arrangements within the organisation to ensure confidential personal information is ommunicated safely and securely. It is a safeguard for confidential information which enters or leaves the organisation whether this is by fax, post or other means. Any members of staff handling confidential information, whether paper based or electronic, must adhere to the safe haven principles.

Sanitisation

Using electronic or physical destruction methods to securely erase or remove data from memory.

Using electronic or physical destruction methods to securely erase or remove data from memory.

Section 251

This is a short-hand term that refers to section 251 of the National Health Service Act 2006 and its current…

This is a short-hand term that refers to section 251 of the National Health Service Act 2006 and its current Regulations, the Health Service (Control of Patient Information) Regulations 2002.

The NHS Act 2006 and the Regulations enable the common law duty of confidentiality to be temporarily lifted so that confidential patient information can be transferred to an applicant without the discloser being in breach of the common law duty of confidentiality.

In practice, this means that the person responsible for the information (the data controller) can, if they wish, disclose the information to the applicant without being in breach of the common law duty of confidentiality. They must still comply with all other relevant legal obligations e.g. the GDPR and the Data Protection Act 2018.

Approval also provides reassurance that that the person(s) receiving the information has undergone an independent review of their purposes and governance arrangements.

Senior Information Risk Officer

The SIRO is a senior person in an organisation responsible for managing information risk to information assets.

The SIRO is a senior person in an organisation responsible for managing information risk to information assets.

Senior untoward incident

Any incident involving actual or potential loss of personal information that could lead to identity fraud or have other significant…

Any incident involving actual or potential loss of personal information that could lead to identity fraud or have other significant impact on individuals.

SIRO

See Senior Information Risk Officer.

See Senior Information Risk Officer.

Social engineering

Manipulating people into carrying out specific actions, or divulging information, that's of use to an attacker.

Manipulating people into carrying out specific actions, or divulging information, that's of use to an attacker.

Spear phishing

A targeted form of phishing, where the email is designed to look as if it's from a person the recipient…

A targeted form of phishing, where the email is designed to look as if it's from a person the recipient knows and/or trusts.

Special category (personal) data

Article 9 of the GDPR prohibits the processing of personal data revealing racial or ethnic origin political opinions religious or…

Article 9 of the GDPR prohibits the processing of personal data revealing

  • racial or ethnic origin
  • political opinions
  • religious or philosophical beliefs
  • trade union membership

and the processing of

  • genetic data, biometric data for the purpose of uniquely identifying a natural person
  • data concerning health
  • data concerning a natural person's sex life or sexual orientation

except under a number of conditions and exceptions detailed in the regulation.

 

See also 'criminal record data'

Special characters

Characters other than alphanumeric (qv) characters i.e. ! @ $ % & + ? * etc. A term used in…

Characters other than alphanumeric (qv) characters i.e. ! @ $ % & + ? * etc. A term used in connection with passwords. By expanding the number of different characters that are used in a password there are more possible permutations and it becomes somewhat more difficult to determine.

The NCSC however now recommends the use of three random words rather than long, complex and meaningless character-based passwords on grounds of usability and memorability.

Subject rights (under the GDPR)

The GDPR gives data subjects a set of rights Article 15 - Right of access Article 16 - Right of…

The GDPR gives data subjects a set of rights

  1. Article 15 - Right of access
  2. Article 16 - Right of rectification
  3. Article 17 - Right to erasure ('right to be forgotten')
  4. Article 18 - Right to restriction of processing
  5. Article 20 - Right to data portability
  6. Article 21 - Right to object (to processing)
  7. Article 22 - Right not to be subject to a decision based solely on automated processing, including profiling