Data Breach Management
Expert-defined terms from the Professional Certificate in GDPR and AI Data Privacy Compliance course at London School of Planning and Management. Free to read, free to share, paired with a professional course.
Adequacy Decision refers to a decision made by the European Commission that a no… #
Related terms include Binding Corporate Rules and Standard Contractual Clauses. An example of an adequacy decision is the EU-US Privacy Shield, which allowed for the transfer of personal data between the EU and the US.
Accountability in the context of Data Breach Management refers to the responsibi… #
Related terms include Data Protection by Design and Data Protection by Default. For instance, organizations must implement measures such as data encryption and access controls to ensure the security of personal data.
Algorithmic Decision Making refers to the use of algorithms to make decisions ab… #
Related terms include Artificial Intelligence and Machine Learning. An example of algorithmic decision making is the use of facial recognition technology to identify individuals.
Anonymization refers to the process of removing or altering personal data to pre… #
Related terms include Pseudonymization and Data Minimization. For example, anonymization can be used to protect the identity of individuals in medical research studies.
Artificial Intelligence refers to the use of computer systems to perform tasks t… #
Related terms include Machine Learning and Deep Learning. An example of artificial intelligence is the use of chatbots to provide customer service.
Authentication refers to the process of verifying the identity of individuals or… #
Related terms include Authorization and Access Control. For instance, authentication can be used to ensure that only authorized individuals have access to sensitive data.
Authorization refers to the process of granting access to systems or data based… #
Related terms include Authentication and Access Control. An example of authorization is the use of role-based access control to limit access to sensitive data.
Automated Decision Making refers to the use of automated systems to make decisio… #
Related terms include Algorithmic Decision Making and Artificial Intelligence. For example, automated decision making can be used to approve or reject loan applications.
Availability in the context of Data Breach Management refers to the ability of o… #
Related terms include Confidentiality and Integrity. An example of availability is the use of backup systems to ensure that data is not lost in the event of a disaster.
Backdoor refers to a secret access point to a system or network, often used by h… #
Related terms include Malware and Vulnerability. For instance, a backdoor can be used to install malware on a system.
Binding Corporate Rules refer to a set of rules that govern the transfer of pers… #
Related terms include Adequacy Decision and Standard Contractual Clauses. An example of binding corporate rules is the use of a global data protection policy to ensure consistent data protection practices across an organization.
Bring Your Own Device refers to the practice of allowing employees to use their… #
Related terms include Mobile Device Management and Endpoint Security. For example, bring your own device can increase the risk of data breaches if devices are not properly secured.
Certification in the context of Data Breach Management refers to the process of… #
Related terms include Compliance and Audit. An example of certification is the use of a third-party audit to verify compliance with the General Data Protection Regulation.
Cloud Computing refers to the use of remote servers to store, manage, and proces… #
Related terms include Cloud Storage and Cloud Security. For instance, cloud computing can increase the risk of data breaches if data is not properly secured.
Compliance in the context of Data Breach Management refers to the process of ens… #
Related terms include Certification and Audit. An example of compliance is the use of a compliance program to ensure that an organization is meeting its data protection obligations.
Confidentiality in the context of Data Breach Management refers to the ability o… #
Related terms include Integrity and Availability. For example, confidentiality can be ensured through the use of encryption and access controls.
Consent in the context of Data Breach Management refers to the permission given… #
Related terms include Opt-in and Opt-out. An example of consent is the use of a consent form to obtain permission from individuals to collect their personal data.
Cookie refers to a small text file stored on a user's device to track their brow… #
Related terms include Tracking and Profiling. For instance, cookies can be used to personalize advertising based on a user's browsing history.
Data Breach refers to the unauthorized access, disclosure, or loss of personal d… #
Related terms include Data Loss and Data Theft. An example of a data breach is the hacking of a database to steal sensitive information.
Data Controller refers to an organization that determines the purposes and means… #
Related terms include Data Processor and Data Protection Officer. For example, a data controller may be a company that collects personal data from its customers.
Data Minimization refers to the principle of collecting and processing only the… #
An example of data minimization is the use of a minimal dataset to achieve a specific purpose.
Data Portability refers to the ability of individuals to transfer their personal… #
Related terms include Data Subject Rights and Right to Access. For instance, data portability can be used to transfer personal data from one social media platform to another.
Data Processor refers to an organization that processes personal data on behalf… #
Related terms include Data Controller and Data Protection Officer. An example of a data processor is a company that provides cloud storage services to a data controller.
Data Protection by Design refers to the principle of designing systems and proce… #
Related terms include Data Protection by Default and Data Minimization. For example, data protection by design can be achieved through the use of privacy-enhancing technologies.
Data Protection by Default refers to the principle of setting default settings t… #
Related terms include Data Protection by Design and Data Minimization. An example of data protection by default is the use of encryption to protect personal data.
Data Protection Impact Assessment refers to the process of assessing the potenti… #
Related terms include Risk Assessment and Privacy Impact Assessment. For instance, a data protection impact assessment can be used to identify potential risks and mitigation strategies.
Data Protection Officer refers to an individual responsible for ensuring that an… #
Related terms include Data Controller and Data Processor. An example of a data protection officer is an individual responsible for implementing data protection policies and procedures.
Data Subject Rights refer to the rights of individuals to control their personal… #
Related terms include Right to Access and Right to Erasure. For example, data subject rights can be exercised through the use of a data subject access request.
Data Theft refers to the unauthorized removal or copying of personal data #
Related terms include Data Breach and Data Loss. An example of data theft is the hacking of a database to steal sensitive information.
Deep Learning refers to a type of machine learning that uses neural networks to… #
For instance, deep learning can be used to analyze images and speech.
Disaster Recovery refers to the process of recovering data and systems after a d… #
Related terms include Business Continuity and Backup. An example of disaster recovery is the use of backup systems to restore data after a disaster.
Encryption refers to the process of converting plaintext data into unreadable ci… #
Related terms include Decryption and Key Management. For example, encryption can be used to protect personal data in transit or at rest.
Endpoint Security refers to the process of protecting endpoint devices, such as… #
Related terms include Network Security and Cloud Security. An example of endpoint security is the use of antivirus software to protect endpoint devices.
EU #
US Privacy Shield refers to a framework that allows for the transfer of personal data from the EU to the US, while ensuring that the data is protected in accordance with EU data protection standards. Related terms include Adequacy Decision and Binding Corporate Rules. For instance, the EU-US Privacy Shield can be used to transfer personal data from the EU to the US.
Fraud Detection refers to the process of identifying and preventing fraudulent a… #
Related terms include Risk Management and Compliance. An example of fraud detection is the use of machine learning algorithms to detect suspicious activity.
GDPR refers to the General Data Protection Regulation, a regulation that governs… #
Related terms include Data Protection and Privacy. For example, the GDPR requires organizations to implement data protection by design and by default.
Incident Response refers to the process of responding to and managing security i… #
Related terms include Disaster Recovery and Business Continuity. An example of incident response is the use of an incident response plan to respond to a data breach.
Information Security refers to the process of protecting information from unauth… #
Related terms include Data Security and Network Security. For instance, information security can be achieved through the use of access controls and encryption.
Integrity in the context of Data Breach Management refers to the ability of orga… #
Related terms include Confidentiality and Availability. An example of integrity is the use of checksums to ensure that data is not modified during transmission.
Key Management refers to the process of managing cryptographic keys, including g… #
Related terms include Encryption and Decryption. For example, key management can be used to manage the encryption and decryption of personal data.
Machine Learning refers to a type of artificial intelligence that allows systems… #
Related terms include Artificial Intelligence and Deep Learning. An example of machine learning is the use of algorithms to analyze and interpret data.
Malware refers to software that is designed to harm or exploit a system or netwo… #
Related terms include Virus and Trojan. For instance, malware can be used to steal sensitive information or disrupt system operations.
Mobile Device Management refers to the process of managing and securing mobile d… #
Related terms include Endpoint Security and Cloud Security. An example of mobile device management is the use of mobile device management software to secure and manage mobile devices.
Network Security refers to the process of protecting networks from unauthorized… #
Related terms include Information Security and Data Security. For example, network security can be achieved through the use of firewalls and intrusion detection systems.
Opt #
in refers to the process of obtaining explicit consent from individuals to collect, use, or disclose their personal data. Related terms include Opt-out and Consent. An example of opt-in is the use of a consent form to obtain permission from individuals to collect their personal data.
Opt #
out refers to the process of allowing individuals to withdraw their consent to collect, use, or disclose their personal data. Related terms include Opt-in and Consent. For instance, opt-out can be used to allow individuals to withdraw their consent to receive marketing emails.
Password Management refers to the process of managing and securing passwords, in… #
Related terms include Authentication and Authorization. An example of password management is the use of password management software to generate and store complex passwords.
Personal Data refers to any information that can be used to identify an individu… #
Related terms include Sensitive Data and Pseudonymized Data. For example, personal data can include information such as names, addresses, and dates of birth.
Phishing refers to a type of social engineering attack that involves tricking in… #
Related terms include Spear Phishing and Whaling. An example of phishing is the use of fake emails to trick individuals into revealing sensitive information.
Privacy Impact Assessment refers to the process of assessing the potential risks… #
Related terms include Data Protection Impact Assessment and Risk Assessment. For instance, a privacy impact assessment can be used to identify potential risks and mitigation strategies.
Privacy Policy refers to a statement that outlines an organization's data protec… #
Related terms include Data Protection Policy and Compliance. An example of a privacy policy is a statement that outlines an organization's data collection and use practices.
Pseudonymization refers to the process of replacing personal data with pseudonym… #
Related terms include Anonymization and Data Minimization. For example, pseudonymization can be used to protect the identity of individuals in medical research studies.
Right to Access refers to the right of individuals to access their personal data… #
Related terms include Data Subject Rights and Right to Erasure. An example of the right to access is the use of a data subject access request to obtain a copy of personal data.
Right to Erasure refers to the right of individuals to request the erasure of th… #
For instance, the right to erasure can be used to request the deletion of personal data that is no longer necessary.
Risk Assessment refers to the process of identifying and assessing potential ris… #
Related terms include Privacy Impact Assessment and Data Protection Impact Assessment. An example of risk assessment is the use of a risk assessment framework to identify and mitigate potential risks.
Risk Management refers to the process of identifying, assessing, and mitigating… #
Related terms include Risk Assessment and Compliance. For example, risk management can be used to implement controls and mitigation strategies to reduce the risk of data breaches.
Security Information and Event Management refers to the process of monitoring an… #
Related terms include Incident Response and Disaster Recovery. An example of security information and event management is the use of security information and event management software to monitor and analyze security-related data.
Sensitive Data refers to personal data that is particularly sensitive, such as h… #
Related terms include Personal Data and Pseudonymized Data. For instance, sensitive data can include information such as medical records or credit card numbers.
Standard Contractual Clauses refer to a set of contractual clauses that govern t… #
An example of standard contractual clauses is the use of a data transfer agreement to govern the transfer of personal data between organizations.
Tracking refers to the process of monitoring and analyzing the behavior of indiv… #
Related terms include Profiling and Cookies. For example, tracking can be used to personalize advertising based on an individual's browsing history.
Vulnerability refers to a weakness or flaw in a system or network that can be ex… #
Related terms include Malware and Backdoor. An example of a vulnerability is a flaw in a software program that can be exploited by hackers to gain unauthorized access.
Whaling refers to a type of social engineering attack that involves tricking hig… #
Related terms include Phishing and Spear Phishing. For instance, whaling can be used to trick executives into revealing sensitive information.
Zero #
Day Exploit refers to a type of exploit that takes advantage of a previously unknown vulnerability in a system or network. Related terms include Vulnerability and Malware. An example of a zero-day exploit is a hack that takes advantage of a previously unknown flaw in a software program to gain unauthorized access.