Legal Glossary – Defining Data Breach, Computing And Legal Terms

This legal glossary will help you navigate the complex world of data breach claims. Legal circles are notorious for being awash with tricky language, and personal data breach claims are no exception.

So, we’ve created this handy jargon buster to provide definitions for a range of terms related to personal data breach claims. You can get further clarification or find out more about claiming in your particular circumstances by talking to one of our advisors.

Reach out today via the details given here:

  • Call us on 020 8050 6279.
  • Contact us online, and a member of our team will be in touch.
  • Open the live chat window on your screen now.

"Data Breach" highlighted under a magnifying glass in a cloud of other computing and data terms

Legal Glossary – Data Breach Terminology

On this legal glossary page, we’ve tried to explain as many of the more technical terms you might encounter when pursuing a personal data breach claim, but we can’t cover everything. If you have questions, as we expect you might, talk to our advisory team today. 

Advanced Persistent Threat (APT)

An Advanced Persistent Threat (APT) is a sophisticated cyber attack that is sustained over a long period. The attacker establishes themselves inside a computer system and remains undetected, stealing personal information over a period of months or even longer.

These are some of the most complex and challenging forms of cyber attack as they are well planned, extend over long periods of time and are designed to navigate the security of the specific organisation that is being targeted and avoid detection.

Adware

Software that automatically displays advertisements on web pages in the form of banners or pop-ups. These pop-ups are often unwanted,  irritating, and in more malicious instances, target your personal information or redirect you to other sites in order to install viruses and other hostile programs.

App

App is a contraction of “application” and most commonly refers to mobile and tablet programs. Apps can be browsed and installed via the App Store on Apple products. The Android equivalent is the Google Play Store. These apps perform a variety of functions including; word processors, games, video viewers and editors, social media and task organisers.

Authentication

The process of identifying users, devices and systems before granting access. This is primarily done by inputting a username and a password.

Two-Factor Authentication (2FA)

Two-factor authentication is an additional layer of security that provides increased protection. As well as the username and password, users must also enter a randomly generated passcode. 

The passcode can be sent via email or sms, or be generated in a specific app for the relevant system. As the code is always different, it provides a strong level of protection as anyone who has your login credentials still requires your phone or access to emails to get the passcode.

Availability

A metric for assessing the period of time a service, system or physical component is operational and open to users in the way it is supposed to be. Availability can be impacted by both planned (maintenance, hardware upgrades, system checks) and unplanned (cyberattacks, hardware malfunctions, employee errors) interruptions.

Backdoor

A backdoor is a covert method of accessing a computer system or network that bypasses the normal authentication measures. Software developers often have their own backdoors so they can run troubleshooting, fix bugs and make improvements without needing to log in every time.

Backdoors can also be installed, exploited and utilised by cybercriminals to access user data.

Code Injection

A security exploit where an unauthorised person installs their own code into a system by exploiting lax protections or flaws in the existing programming. This enables that person to access any stored information, install malicious software, or otherwise disrupt the usual functionality of the system.

Confidentiality

Confidentiality means secrecy or privacy. Your personal data should be kept secure by the system administrators and those processing your personal information. This is especially the case with sensitive personal information.

Cookies

Cookies are small text files that store user preferences and track their activity. These files can then be subdivided into essential cookies for the webpage’s functionality, and third-party cookies that transmit your data to various organisations to inform advertising.

It’s always safer to reject cookies and only keep those necessary for web page functions. You can read our cookies policy here. 

Credentials

Credentials refer to your login details for a given system. This will be a user ID and password. You should keep your credentials safe, such as with a password manager, and make sure your passwords are strong with random letters, numbers and special characters, as well as creating unique passwords for each system.

2-factor authentication adds an additional random login credential for extra security.

Cyberattack

A cyber attack is any deliberate and unauthorised attempt to gain entry, disrupt or damage computer systems, devices or networks. Such attacks can be done with the aim of accessing personal data in order to blackmail the users into paying to have it back (ransom attacks) or selling it to other parties.

Other cyberattacks aim to disrupt or destroy specific computer systems. These attacks are intended to render a system inoperable for a certain period of time or, in some instances, permanently.

Data Breach

A personal data breach is a security breach that results in the:

  • Accidental or unlawful destruction,
  • Alteration,
  • Loss,
  • Unauthorised disclosure or access of personal information.

In more general terms, a personal data breach is any incident that affects the availability, integrity or confidentiality of personal data. 

Data Broker

Data brokers are organisations that collect, analyse and then sell or license personal information to third parties for particular uses. This is done for a number of reasons, including marketing, fraud prevention and background checks for loans and employment.

Data Controller

A data controller is any organisation that decides when, why and how personal data will be processed. They are required under data protection legislation, such as the UK GDPR and DPA, to keep this personal data sufficiently protected. 

Data Exfiltration

The unauthorised covert transfer of data from a computer system or digital device. This can be copying, a transfer to an external drive or digital retrieval.

Data Leak

A data leak is any unauthorised exposure of personal information. Usually this refers to an accidental exposure. You’ll often see this team in media circles, where information is “leaked to the press.”

Data Processor

Data processors are organisations that are contracted by data controllers to conduct processing services. They too are required under the UK GDPR to keep any personal data they are processing protected. 

Data Protection Act 2018

The Data Protection Act 2018 or “DPA” is a law that works in combination with the UK GDPR to protect personal information. The DPA and UK GDPR governs how organisations handle personal data, establishing rules for its collection, storage and use to protect individuals’ data rights. 

Encryption

Encryption is where plain text files are scrambled so they can’t be read, unless unscrambled using a string of characters called an encryption key. The higher the number of “bits” in an encryption key, the more secure the encryption is. 128 bit encryption is commonly used in online banking, e-commerce and communications.

Endpoint

An endpoint is the physical device used to connect to a network. The name comes from the fact your computer is the “end” of the network.

Firewall

A firewall is a digital barrier between a device, or private network such as office computers, and the broader external network that is the internet. The firewall acts as a filter and screening system, preventing harmful software and unauthorised access from damaging the device or private network.

Hardware

Hardware is quite simply the physical parts and components of digital devices. These can be built in such as storage drives, cooling systems and the circuit boards, or external like speakers, keyboards and screens.

Information Commissioner’s Office (ICO)

The Information Commissioner’s Office (ICO) is the independent UK body responsible for protecting information rights. They have significant powers to investigate, discipline and fine organisations for breaches of the UK GDPR.

Integrity

Integrity means that personal information remains accurate, unaltered and complete for its entire lifecycle. Data integrity can be maintained through multiple methods, and data controllers and processors should utilise these methods to ensure the integrity of any data they have collected.

Intrusion Detection System

Software that monitors either an individual computer system or a wider network for unauthorised access attempts.

Intrusion Prevention System

Software that works with intrusion detection to block malicious threats such as hacking attempts. You can get software that does both detection and prevention, or just detection.

Limitation Period

A Limitation period, also called a time limit, is the length of time you have you start a claim for the harm you have sustained. For the mental harm caused by the data breach, the time limit is 3 years.

Malware

Malicious software, or malware, is any software that is designed to disrupt, destroy or harm a computer system or network. There are many different types of malware, some are designed to extract personal information, others just disrupt the functionality of the systems and prevent access.

Material Damage

Material damage is the financial harm caused by a personal data breach. Examples of such costs we could help you seek compensation for are:

  • A loss of earnings if you are off work due to psychological distress.
  • Medical costs.
  • Security installations for your home or, in the most serious cases, relocation if your address has been exposed and your safety compromised.

A cyber criminal reaching for a password

Network

A system of interconnected devices that can share information and resources with each other. Educational institutions and workplaces often have their own internal “intranet” networks, allowing members to work collaboratively on various projects. The Internet is an example of a global computer network.

Non-material Damage

Non-material damage is psychological harm. This can vary greatly in severity and encompass a number of different mental health conditions, including:

  • General Distress.
  • Anxiety.
  • Depression.
  • Exacerbation of existing conditions.
  • Post-Traumatic Stress Disorder (PTSD).

No Win No Fee

A No Win No Fee contract is any agreement between a client and solicitor where the success fees are only paid if the claim is successful. Our solicitors work under a particular type of contract called a Conditional Fee Agreement (CFA). 

Personal Data

Personal data, or personal information, is any data that may be used to identify a living person, whether by direct or indirect means. Examples of personal data, are names, contact information, bank card details and your address.

Phishing

Phishing scams are cyber attacks where individuals are tricked into revealing personal information of their login credentials. Often this done through emails and text messages that appear to be legitimate. 

Ransomware

Ransomware programs are malicious software that can either encrypt specific files or lock an entire computer system, preventing the user from accessing their data. The attacker will then demand payment in exchange for the decryption key. Ransomware attacks can be especially dangerous as the malware can cause substantial damage to the computer system, and data recovery is not guaranteed even with payment. 

Skimmers

Skimming is a particularly insidious form of cybercrime as the hardware is installed in ATMs or electronic points of sale (EPoS). When someone inserts or swipes their card, or inputs their card details online, the card data is “skimmed” and then transmitted to the cyber criminals.

Social Engineering

Social engineering is a psychological manipulation tactic where an attacker builds trust with the intended victim, encouraging them to compromise their data security. For example, an attacker may masquerade as IT or customer support, the user then reveals key personal details to “IT Support,” giving the attacker access to your accounts.

Software

Software are computer programs that fulfil a range of functions. Essentially, they are a series of instructions that tell the hardware what to do. There are broadly two main types of software:

  1. System software manages the computer operations. Also referred to as the operating system (OS), examples include Microsoft Windows, Android and Apple iOS.
  2. Application software is for user-oriented tasks such as video editing, web browsing, word processing. 

Special Category Data

The UK GDPR also covers “special category data.” This is personal information that is more sensitive and therefore requires higher standards of protection. This includes data relating to health, your sexual orientation and sex life, genetic information and data relating to your racial or ethnic origin. 

Spyware

Spyware programs covertly gather your personal information and then transfer it to a third party. These programs can monitor your keystrokes to garner passwords, your browsing habits or even access the microphone and camera.

UK GDPR

The UK General Data Protection Regulation (UK GDPR) forms part of the data protection legislation in the UK. It places obligations on both data controllers and processors to protect the personal information of data subjects. In addition to this, it contains the lawful bases for processing personal data.

In order to stay on the right side of the law, a data controller must show that at least one of the 6 bases applies to the processing of the personal data in question. The bases are:

  1. Consent: The data subject has given clear consent for their data to be processed for the specified purpose.
  2. Contract: data processing is necessary for the fulfilment of a contract. So for example, if you buy something online, the seller or marketplace will need to give your name, address and contact details to the delivery or postal service to ship your goods.
  3. Legal Obligation: Any data processing is necessary for compliance with the law.
  4. Vital Interests: Processing is necessary to preserve life. You often see this in healthcare settings. So if you’re having a medical emergency, paramedics won’t ask if they can inform the hospital of the situation; they will just do it. 
  5. Public Task: Processing is required for public interest or official functions. An example of this would be your council tax bill. 
  6. Legitimate interests: the data processing is for your legitimate interests or those of a third party. This is a very broad basis that is applied in many different scenarios.

A solicitor explaining to a client how a legal glossary can help them understand the claims process better

Contact Our Advisors

We fully appreciate that we’ve just thrown a lot of information at you here. To get answers to your questions, or to learn more about starting a claim in your particular circumstances, talk to our team today using the details given here:

  • Call us on 020 8050 6279.
  • Contact us online, and a member of our team will be in touch.
  • Open the live chat window on your screen now.

Thank you for taking the time to browse our legal glossary.