Data Protection Definitions General Privacy Tech & Security

Top 50 Privacy & Security Terms Explained for Beginners

ikeh James September 24, 2025

Why You Must Know These Terms

Data privacy and cybersecurity are filled with technical words that confuse beginners and even professionals. Misunderstanding them can:

Lead to non-compliance with laws like NDPA or GDPR.
Make you vulnerable to scams, breaches, or data theft.
Reduce trust if you run a business handling personal data.

This glossary breaks down 50 essential privacy & security terms in plain English, with examples you can relate to.

Glossary: 50 Key Privacy & Security Terms

Term	Simple Definition	Why It Matters	Example
1. Personal Data	Info that identifies a person.	Core of privacy laws.	Name, phone number.
2. Sensitive Data	Extra-protected info (health, biometrics).	Higher safeguards.	Medical record.
3. Data Subject	The person whose data is collected.	Central to rights.	Customer in a bank.
4. Data Controller	Decides how/why data is used.	Legal obligations.	A hospital.
5. Data Processor	Handles data for a controller.	Must follow rules.	Cloud storage provider.
6. Processing	Any action on data.	Defines scope.	Collecting emails.
7. Consent	Freely given permission.	Legal basis.	Clicking “I Agree.”
8. Lawful Basis	Grounds for processing data.	Ensures legality.	Contract, consent.
9. Data Minimisation	Collect only what’s needed.	Prevents misuse.	Asking for email, not religion.
10. Purpose Limitation	Use data only for stated reasons.	Builds trust.	Using phone number only for delivery.
11. Storage Limitation	Don’t keep data longer than necessary.	Compliance.	Deleting old job applications.
12. Data Breach	Unauthorized access/exposure.	Must report.	Hack leaking customer passwords.
13. Encryption	Converting data into code.	Protects confidentiality.	Encrypted WhatsApp messages.
14. End-to-End Encryption (E2EE)	Only sender & receiver can read messages.	Maximum privacy.	Signal app chats.
15. Two-Factor Authentication (2FA)	Login requires two steps.	Stronger security.	Password + OTP code.
16. Multi-Factor Authentication (MFA)	Uses 2+ verification methods.	Higher protection.	Fingerprint + PIN.
17. Phishing	Fake messages to steal info.	Common cyber threat.	Fake bank email.
18. Spear Phishing	Targeted phishing attack.	More dangerous.	CEO fraud emails.
19. Ransomware	Malware locking data until ransom is paid.	Costly attack.	WannaCry malware.
20. Malware	Malicious software.	Common cyber risk.	Viruses, trojans.
21. Spyware	Software secretly monitoring you.	Invades privacy.	Keyloggers tracking typing.
22. Adware	Unwanted ads software.	Annoying & risky.	Pop-up ads toolbars.
23. Botnet	Network of hacked computers.	Used in attacks.	DDoS with 1,000 PCs.
24. DDoS Attack	Overloading a system with traffic.	Disrupts services.	Website crash.
25. Zero-Day Attack	Exploit before patch is known.	High risk.	New unpatched software bug.
26. Firewall	Blocks unauthorized access.	First defense.	Router firewall.
27. VPN (Virtual Private Network)	Encrypts internet traffic & hides IP.	Protects browsing.	NordVPN, ExpressVPN.
28. Proxy Server	Middle server for browsing.	Adds anonymity.	Using proxy to bypass restrictions.
29. Identity Theft	Using someone’s data illegally.	Leads to fraud.	Stolen SSN used for loans.
30. Social Engineering	Tricking people into giving data.	Exploits humans.	Fake IT helpdesk call.
31. Cyber Hygiene	Everyday security practices.	Prevents breaches.	Regular password updates.
32. Data Protection Impact Assessment (DPIA)	Risk review for high-risk processing.	Required by law.	Fintech biometrics.
33. Privacy by Design	Build systems with privacy first.	Proactive compliance.	App with minimal data tracking.
34. Privacy by Default	Most private settings on by default.	Protects users.	Facebook auto-restricts location sharing.
35. Data Anonymisation	Stripping identifiers forever.	Excludes data from laws.	Publishing statistics.
36. Data Pseudonymisation	Replace identifiers with codes (reversible).	Still personal data.	Employee IDs as codes.
37. Data Portability	Right to move data between services.	User control.	Exporting WhatsApp chats.
38. Right to be Forgotten	Right to delete personal data.	Strengthens privacy.	Deleting old accounts.
39. Data Subject Access Request (DSAR)	Request to see what data is held.	User right.	Asking Google for data copy.
40. Breach Notification	Legal duty to inform of data leaks.	Transparency.	Company alert after hack.
41. Cybersecurity Framework	Guidelines for securing systems.	Standard practices.	NIST, ISO 27001.
42. Data Governance	Managing data availability & security.	Ensures compliance.	Enterprise data strategy.
43. Cloud Security	Protecting data stored online.	Cloud reliance grows.	Securing AWS or Google Cloud.
44. Insider Threat	Employee misusing access.	Often overlooked.	Staff leaking trade secrets.
45. Authentication	Verifying user identity.	Security step.	Logging in with a password.
46. Authorization	Granting user access rights.	Controls usage.	HR can view payroll, not IT.
47. Digital Footprint	All traces of online activity.	Privacy risk.	Social media posts.
48. Tracking Cookies	Files tracking browsing activity.	Online ads targeting.	Google Ads cookies.
49. Dark Web	Hidden internet requiring special tools.	Home to illegal markets.	Access via Tor.
50. Cyber Resilience	Ability to withstand & recover from attacks.	Long-term safety.	Business continuity plan.

Common Confusions

VPN ≠ 100% anonymous: It hides IP but providers may log.
Firewall ≠ antivirus: Firewall blocks access; antivirus removes malware.
Anonymisation ≠ pseudonymisation: One is irreversible, the other reversible.
Encryption ≠ hashing: Encryption can be reversed with keys; hashing cannot.

Practical Use

Businesses: Train staff with these terms to reduce risks.
Individuals: Use them to spot scams, set strong passwords, and stay private.
Students/Researchers: Foundation knowledge for privacy and cybersecurity studies.