- accountability
- principle that people and entities must take responsibility for the decisions they make and be able to explain them
- action plan
- detailed outline of steps to be taken to achieve a particular goal, often aimed at mitigating risk or improving performance
- audit
- process of evaluating the adequacy, effectiveness, and adherence to prescribed procedures, protocols, or standards
- bad actor
- person or entity who hacks or cracks into a computer or system with malicious intent
- California Consumer Privacy Act (CCPA)
- law that increases privacy rights and consumer protection for residents of California
- certification body
- organization accredited to assess and certify the conformity of companies and organizations to specific standards, ensuring they meet the established criteria in their industry or sector
- compliance
- adherence to laws, regulations, and policies governing an industry or operation
- consent
- in the context of data protection, explicit permission given by an individual for the collection, processing, and use of their personal information
- cyber espionage
- use of online methods to obtain secret or confidential information without the permission of the holder of the information, typically for strategic, military, or political advantage
- data breach
- unauthorized access to confidential data, often leading to the exposure of sensitive information
- data center
- facility used to house computer systems and related components, such as telecommunications and storage systems
- data mapping tool
- software application or platform that enables data professionals to automate the process of mapping data fields, attributes, or elements from source systems to target systems or destinations
- data minimization
- principle that organizations should only collect, process, and store the minimum amount of personal data necessary for its purpose
- data privacy
- rights and practices around the proper collection, storage, and use of personal information
- data protection impact assessment (DPIA)
- process to help identify and minimize the data protection risks of a project
- data security
- protection of data from unauthorized access, corruption, or theft
- digital divide
- gap between individuals, communities, or countries that have access to modern information and communication technologies and those that do not
- error handling
- process in software and systems design where potential errors are systematically managed and addressed to prevent system failures and security breaches, and to provide meaningful feedback to users
- gap analysis
- method for comparing current policies, protocols, or performance metrics against desired goals or industry standards to identify areas for improvement
- General Data Protection Regulation (GDPR)
- comprehensive data protection law in the European Union that sets guidelines for the collection and processing of personal information of individuals within the EU
- identity theft
- act of stealing someone’s information and assuming their identity
- IEEE 2413
- architectural framework for IoT developed by the Institute of Electrical and Electronics Engineers (IEEE) to standardize and promote cross-domain interaction
- input validation
- process of checking inputs received from users or from other systems for their data type, length, format, and range
- Internet of Things (IoT)
- network that connects everyday physical objects to the internet, enabling them to collect and share data with other devices or systems
- ISO/IEC 27701
- extension to the ISO/IEC 27001 and ISO/IEC 27002 standards that provides guidelines for establishing, implementing, and maintaining a privacy information management system
- least privilege principle
- cybersecurity practice where users are granted the minimum levels of access, or permissions, needed to perform their job functions, reducing the risk of unauthorized access to sensitive information
- physical security
- measures and systems used to protect people, property, and physical assets from external threats such as theft, vandalism, and natural disasters
- policy
- defined guidelines and procedures established by an organization to regulate actions and ensure compliance with legal and ethical standards
- Privacy by Design
- privacy by design concept and approach in system engineering and data handling practices that integrates privacy and data protection measures from the very beginning of the design process, rather than as an afterthought
- privacy engineering
- incorporating privacy principles directly into the design and development of IT systems, networks, and business practices
- privacy information management system (PIMS)
- framework or set of policies and procedures used by an organization to manage personal data and ensure compliance with privacy laws and regulations
- regulatory framework
- structure of rules and guidelines, often legislated, within which an industry or business must operate
- remote auditing
- modern auditing method that uses digital tools and technologies for assessing systems, processes, and policies when in-person visits are not feasible
- risk assessment
- process of identifying potential risks that could negatively impact an organization’s assets and business operations and evaluating the potential negative outcomes and the likelihood of them occurring
- secure device onboarding
- process that involves adding devices to a network in a secure manner to prevent unauthorized access and protect the integrity of the network
- social responsibility
- in a business context, the obligation of companies to act in ways that benefit society and the environment beyond what is legally required
- third-party access
- ability for external entities or applications, not part of the primary institution, to access certain data or functionalities
- transparency
- openness, communication, and accountability, wherein actions and decisions are clear and understandable to stakeholders