The pixel


Expand your cybersecurity education with an in-depth glossary of data security terminology and concepts.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Access Control

The process of restricting access to resources, such as computers, files, or services, to authorized users only.

Learn More
Active Data Collection

Active data collection refers to data that is collected knowingly and transparently from the user, such as through a web form, check box, or survey.

Learn More
Adequate Level of Protection

Under the GDPR, "Adequate Level of Protection" refers to the level of data protection that the European Commission requires from a third country or international organization before approving cross-border data transfers to that third country or international organization.In making their judgement, the European Commission considers not only the data protection rules, and security measures of the third country or international org., but also the rule of law, respect for human rights, and the enforcement of compliance and data protection rules.

Learn More

A type of behavior or action that seems abnormal when observed in the context of an organization and a user's historical activity. It is typically analyzed using some sort of machine-learning algorithm that builds a profile based upon historical event information including login locations and times, data-transfer behavior and email message patterns. Anomalies are often a sign that an account is compromised.

Learn More

Data Anonymization is a process that alters personally identifiable data (PII) in such a manner that it can no longer be used to identify an individual. This can be done by removing certain identifying values from data sets, or by generalizing identifying values.

Learn More
Anonymous Data

Anonymous data is data that is not related to an identifiable individual and cannot be used in combination with other data to identify individuals. Anonymous data is not protected by the GDPR.

Learn More
Appropriate Safeguards

In the context of the GDPR, "Appropriate Safeguards" refers to the application of the GDPR's data protection principles to data processing. The GDPR's data protection principles include transparency, data minimization, storage limitation, data quality, legal basis for processing, and purpose limitation.

Learn More
Audit Trail

A trail of files, logs, or paperwork used to record an activity for auditing purposes.

Learn More

The act of systematically examining, evaluating, and analyzing an organization's assets to ensure compliance and security standards are met.

Learn More

The process of verifying a claimed identity and proving that someone is who they claim to be when attempting to access a resource.

Learn More
Automated Processing

Data processing that is performed without human interaction.

Learn More
Brazil General Data Protection Law

Brazil passed a new legal framework in mid-August of 2018 aimed at governing the use and processing of personal data in Brazil: the General Data Protection Law. The law replaces approximately 40 or so laws that currently deal with the protection of privacy and personal data, and is aimed at guaranteeing individual rights, and encouraging economic growth by creating clear and transparent rules for data collection.

Learn More

An acronym for Cloud Access Security Broker. This is a type of security that monitors and controls the cloud applications that an organization's employees might use. Typically, the control is enforced by routing web traffic through a forward- or reverse-proxy. CASBs are good for managing Shadow IT and limiting employee's use of certain SaaS or the activity within those SaaS but do not monitor third-party activity in the cloud–i.e. shared documents or email.

Learn More

An acronym for the California Consumer Privacy Act. This is a state-level privacy law for California, which comes into effect in 2020. The law, which is the first state-level privacy law passed in the US, applies to all businesses that collect personal data from Californians. The CCPA mirrors the requirements of the GDPR in many ways, such as establishing the right of users to access personal data and request deletion.

Learn More

An acronym for Chief Data Officer. This is the executive within an organization who is the head of information security.

Learn More

An acronym for Chief Information Security Officer. This is an executive within an organization responsible for managing compliance with privacy laws and policies.

Learn More

An acronym for Chief Privacy Officer. This is an executive within an organization responsible for managing compliance with privacy laws and policies.

Learn More

An acronym for Cloud Service Provider. This is any company that sells a cloud computing service, be it PaaS, IaaS, or SaaS.

Learn More

A certification is a declaration by a certifying body that an organization or product meets certain security or compliance requirements.

Learn More
Cloud Native Database

A database service which is deployed and delivered through a cloud service provider (CSP) platform.

Learn More

The guarantee that information is only available to those who are authorized to use it.

Learn More

In the context of privacy, consent is the ability of a data subject to decline or consent to the collection and processing of their personal data. Consent can be explicit, such as opting-in via a form, or implied, such as agreeing to an End-User License Agreement, or not opting out. Under many data protection laws, consent must always be explicit.

Learn More
Cross-border Data Transfer

The transfer of personal data from one legal jurisdiction, such as the EU, to another, such as the US. Many data protection laws place major restrictions on cross-border data transfers.

Learn More

The protection of information and communications against damage, exploitation, or unauthorized use.

Learn More

An acronym for Data Leak Prevention or Data Loss Prevention. A type of security that prevents sensitive data, usually files, from being shared outside the organization or to unauthorized individuals within the organization. This is done usually through policies that encrypt data or control sharing settings.

Learn More

An acronym for Data Protection Authority. This is an independent public authority set up to supervise and enforce data protection laws in the EU. Each EU member state has its own DPA.

Learn More

An acronym for Data Protection Officer. This is an individual within an organization who is tasked with advising the organization on GPDR compliance and communicating with their Data Protection Authority. Organizations that process personal data as part of their business model are required to appoint a DPO.

Learn More

Digital Rights Management: a set of access control technologies for restricting the use of confidential information, proprietary hardware and copyrighted works, typically using encryption and key management.

Learn More
Data Breach

Any unauthorized access to, movement of, or disclosure of sensitive or personal data.

Learn More
Data Breach Notification

The act of notifying regulators as well as victims of data breaches that an incident has occurred. Under Article 34 of the GDPR, an organization must notify affected users within 72 hours of the incident.

Learn More
Data Broker

According to the GDPR, a Data Broker is any entity that collects and sells individuals’ personal data.

Learn More
Data Catalog

An organized inventory of data assets in the organization. Data catalogs use metadata to help organizations manage their data. They also help data professionals collect, organize, access, and enrich metadata to support data discovery and governance.

Learn More
Data Categorization

The process of dividing the data into groups of entities whose members are in some way similar to each other. Data privacy and security professionals can then categorize that data as high, medium, and low sensitivity data.

Learn More
Data Class

A definition that allows each type of data in a data store to be programmatically detected, typically using a test or algorithm. Data privacy and security professionals associate data classes with rules that define actions that should be taken when a given data class is detected. For example, sensitive information or PII should be tagged with a business term or classification, and further for some sensitive data classes a specific data quality constraint should be applied.

Learn More
Data Classification

Data Classification is the process of categorizing data in order to take more efficient actions on them. The process is used to describe a higher level business classification on the data set itself, such as confidential, sensitive, or personally identifiable. This kind of data classification can be helpful to implement a data protection policy or other data governance rules.

Learn More
Data Controller

According to the GDPR, a Data Controller is an organization, agency, public authority, or individual that determines the how and why of data processing. The data controller may also be a data processor, or they may employ a third-party data processor.

Learn More
Data Flow

In communications, data flow is the path taken by a message from origination to destination that includes all nodes through which the data travels.

Learn More
Data Flow Diagram

An illustration that shows the way information flows through a process or system. Data flow diagrams include data inputs and outputs, data stores, and the various subprocesses the data moves through.

Learn More
Data Inventory

Also known as records of authority, data inventories identify personal data within systems and help in the mapping of how data is stored and shared. Data inventories are defined under privacy regulations including the GDPR, CCPA, and CPRA.

Learn More
Data Localization

The requirement that data is physically stored in the same country or group of countries that it originated from. This is a common requirement in modern privacy and data protection bills, such as the GDPR, China’s CSL, and Brazil’s Security Law. For example, under the GDPR, a company collecting the data of an EU citizen would have to store that data on a server in the EU.

Learn More
Data Loss

The accidental loss of data, whether via accidental deletion, destruction, or theft.

Learn More
Data Minimization

A privacy concept that states data collectors should only collect and retain the bare minimum of personal data that is necessary for the data processor to perform their duties, and should delete that data when it is no longer necessary.

Learn More
Data Processing

Any action that is performed on personal data or sets of personal data, such as collecting, structuring, storing, or disseminating that data.

Learn More
Data Processor

GDPR defines a data processor in GDPR as any organization that collects, processes, stores or transmits personal data of EU citizens.

Learn More
Data Protection

A legal term referring to laws and regulations aimed at protecting the personal data of individuals and determining that data’s fair use.

Learn More
Data Protection Principle

This is a principle set forth in Article 5 of the GDPR. The principles listed in Article 5 are: Lawfulness, fairness and transparency; Purpose limitation; Data minimization; Accuracy; Storage limitation; Integrity and confidentiality.

Learn More
Data Residency

A concept that refers to the physical or geographic location of an organization's data. Privacy and security professionals focus on the data laws or regulatory requirements imposed on data based on the data laws that govern a country or region in which it resides. When a businesses uses cloud services (IaaS, PaaS, or SaaS), they may not be aware of their data's physical location. This can create data residency concerns when, for example, data for a citizen of the European Union is stored in a US-based cloud datacenter.

Learn More
Data Security Posture Management (DSPM)

Data is every business’s most crucial asset – the foundation of any security program. Data Security Posture Management (DSPM) is an emerging security trend named by Gartner in its 2022 Hype Cycle for Data Security. The aim of DSPM solutions is to enable security teams to answer three fundamental questions:

  • Where is our sensitive data?
  • What sensitive data is at risk?
  • How can we take action to remediate that risk?

The cloud has fundamentally changed how businesses function. Moving workloads and data assets is now simpler than ever, and is a boon for productivity, enabling businesses to quickly respond to customer demands and create new revenue opportunities. However, the pace and permissive nature of the cloud also dramatically expands a company’s threat surface and raises the likelihood of a data breach. Put simply, the distributed nature of the cloud seriously complicates data security.

Historically, a number of technologies have attempted to address challenges related to data security, including:

  • Data Discovery and Classification
  • Data Loss Prevention (DLP)
  • Data Access Governance (DAG)

DSPM solutions combine capabilities from all three of these areas, and represent the next generation approach.  

DSPM represents a next-generation approach to data security

DSPM vendors are taking a cloud-first approach to make it easier to discover, classify, assess, prioritize, and remediate data security issues. They are solving cloud security concerns by automating data detection and protection activities in a dynamic environment and at a massive scale.

Gartner Research summarizes the DSPM space, saying, “Data security posture management provides visibility as to where sensitive data is, who has access to that data, how it has been used and what the security posture of the data store or application is. In simple terms, DSPM vendors and products provide “data discovery+” — that is, in-depth data discovery plus varying combinations of data observability features. Such features may include real-time visibility into data flows, risk and compliance with data security controls. The objective is to identify security gaps and undue exposure. DSPM accelerates assessments of how data security posture can be enforced through complementary data security controls.”  To summarize Gartner’s definition, DSPM provides visibility as to where sensitive data is, who has access to that data, how it has been used, and what the security posture of the data store or application is. 

The foundation of a DSPM offering is data discovery and classification. Reports like Forrester’s Now Tech: Data Discovery And Classification, Q4 2020 dive deep into data discovery and classification technologies, which in Forrester’s case aligns to five segments: data management, information governance, privacy, security, and specialist concerns. These segments align to three major buying centers: global risk and compliance, security, and business units/product owners. 

DSPM focuses on delivering automated, continuous, and highly accurate data discovery and classification for security teams. The following list provides clarity on how these approaches align to buying centers, all of which have data discovery and classification needs, but as you will see below, want to leverage it for different purposes: 

  • Global Risk and Compliance Teams including governance, IT, and privacy groups use:
  • Data management prepares data for use, and typically supports efforts like data governance, data quality and accuracy, as well as data mapping and lineage analysis.
  • Information governance supports data lifecycle management and helps with ROT (redundant, obsolete, trivial) reduction, cloud migration, storage reduction and infrastructure optimization, data lifecycle requirements like retention, deletion, and disposition. 
  • Privacy facilitates privacy processes and compliance, and helps to enable the fulfillment of data subject access rights (DSARs) like data access or deletion requests, track cross-border data transfers, and manage privacy processes to support requirements like CCPA and GDPR. 
  • Security Teams aim to understand data in order to apply controls to develop a resilient posture, minimize their threat surface, and improve ransomware resilience and use:
  • Data Loss Prevention (DLP) enables teams to take actions to protect their data and enforce security policies.
  • Data Access Governance (DAG) focuses on the implementation of data security access policies for unstructured data.
  • Tokenization and Format-Preserving Encryption (FPE) solutions aim to protect sensitive data or create a deidentified copy of a dataset.
  • Specialists translate into business units or product owners. Products that appeal to this buying center can include an emphasis on user-driven classification labels, or identification of specific types of intellectual property like source code or sensitive data like non-disclosure agreements. 

Posture management solutions abound

Today there are three prevailing types of posture management solutions: cloud security posture management (CSPM), SaaS security posture management (SSPM), and data security posture management (DSPM).  The solutions can be disintermediated as follows:

  • CSPM focuses on the cloud infrastructure, seeking to provide cloud assets visibility and alerts on risky misconfigurations. 
  • SSPM identifies misconfigurations, unnecessary user accounts, excessive user permissions, compliance risks, and other cloud security issues.
  • DSPM focuses on the data itself and its application context by analyzing data both at rest and in motion, classifying the data for its sensitivity, such as PII, PHI, and financial information, and providing remediation guidance as well as workflows to automatically close security gaps. 

While DSPM solutions have focused on a cloud-first approach, data security is not limited only to cloud environments.  Therefore more mature DSPM solutions will also include on-prem use cases since most businesses maintain some form of on-prem data, and will for years to come.  In addition, as the DSPM space evolves, and solutions gain maturity, some will become more robust data security platforms, which will include the ability to: 

  • Discover and classify sensitive data
  • Reduce the attack surface
  • Detect and respond to data security issues
  • Automate risk remediation workflows
  • Maintain operational resilience and preparedness

DSPM solutions address key security use cases

Businesses thrive on collaboration. The current reality of highly distributed environments - many of which leverage cloud technologies - means that any file or data element can be easily shared at the click of a button. DSPM provides the missing piece to complete most security programs’ puzzles – a means of identifying, contextualizing, and protecting sensitive data.

DSPM solutions empower security teams to:

  • Understand the data an enterprise manages, and what’s at risk - agentless integration gives security teams immediate visibility into all of their data assets. DSPM solutions automatically classify and assess the security of an enterprise’s data, giving actionable insights to reduce risk.
  • Protect sensitive data from breaches and data leaks - proactive assessments of internet-facing exposure, and access permissions, coupled with detection and response capabilities, keep an enterprise’s most precious data assets safe from attack.
  • Anticipate threats and respond to attacks faster - intelligent machine learning algorithms eliminate cumbersome manual regular expression tuning, and learn the patterns of interaction between systems, users, and data, allowing detection of anomalous activity in real-time.
  • Empower distributed teams to leverage data, securely - user permission graphs highlight the sensitive data a given identity can access, which informs data access governance as well as facilitating access permission trimming, and enable data to be shared safely.
  • Increase productivity by simplifying audits - continuously updated sensitive data inventories save time and effort when complying with subject access requests, as well as privacy and compliance audits by always knowing the data an enterprise has, where it is located, and who has access.

Learn More
Data Sprawl

A term that refers to the staggering amount and variety of data produced by businesses every day. This is largely due to the variety of enterprise software, mobile apps, storage systems, and data formats each company relies on.

Learn More
Data Store

A repository for storing, managing and distributing data sets on an enterprise level.

Learn More
Data Subject

The individual that a piece or set of data pertains to.

Learn More
Data Theft

The act of stealing of information.

Learn More
EU-US Privacy Shield

An adequacy agreement created in 2016 to replace the EU-U.S. Safe Harbor Agreement. The EU-U.S. Privacy Shield lets participating organizations under the jurisdiction of the US Federal Trade Commission transfer personal data from the EU to the United States.

Learn More
Encrypted Data

Encryption is the method of converting a plaintext into a cipher text so that only the authorized parties can decrypt the information and no third parties can tamper with the data. Unencrypted usually refers to data or information that is stored unprotected, without any encryption. Encryption is an important way for individuals and companies to protect sensitive information from hacking. For example, websites that transmit credit card and bank account numbers encrypt this information to prevent identity theft and fraud.

Learn More
European Data Protection Board

The primary supervisory authority established by the GDPR. The board consists of the heads of EU member states’ supervisory authorities as well as the European Data Protection Supervisor. The goal of the EDPB is to ensure consistent application of the GDPR by member states.

Learn More
European Data Protection Supervisor

An independent authority that aims to ensure that European organizations and member states comply with the privacy rules of the GDPR.

Learn More
Exact Matching

Where the a result of a query, algorithm or search only registers a match if there is a 100% match.

Learn More

The unauthorized transfer of data off of a computer or network.

Learn More
File Clustering

An unsupervised learning method whereby a series of files is divided into multiple groups, so that the grouped files are more similar to the files in their own group and less similar to those in the other groups.

Learn More
Fuzzy Matching

Where scores of a result can fall from 0 - 100, based on the degree to which the search data and file data values match.

Learn More

An acronym for the General Data Protection Regulation. This is a data protection law that applies to all 28 Member States of the European Union.The aim of the GDPR is to set a high standard for data protection, and to provide one set of data protection rules for the entire EU. The 99 articles of the GDPR set forth several fundamental rights of data protection, including the right to be informed, right of access, right to rectification, right to erasure/to be forgotten, right to restrict processing, right to data portability, right to object and rights in relation to automated decision making and profiling.Those rules set by the GDPR apply to any organization that processes the personal data of EU residents, whether that organization itself is based in the EU or not. The GDPR modernizes the principles from the EU's 1995 Data Protection Directive and applies to personal data of EU citizens from that is processed by what the regulation calls data controller and data processors. Financial penalties for non-compliance reach up to USD $24M, or 4% percent of worldwide annual turnover, whichever is higher.

Learn More

An acronym for the Health Insurance Portability and Accountability Act. This is an American law that sets national standards and regulations for the transfer of electronic healthcare records. Under HIPAA, patients must opt in before their healthcare information can be shared with other organizations.

Learn More

An acronym for the Health Information Technology for Economic and Clinical Health Act. This is an American law enacted as part of the American Recovery and Reinvestment Act of 2009. HITECH aims to build on the healthcare security and privacy requirements set forth by HIPAA. HITECH does so by adding tiered monetary penalties for noncompliance, as well as the requirement for breach notifications.

Learn More
Health Breach Notification Rule

A Federal Trade Commission rule requiring vendors of personal health records to notify consumers following a breach involving unsecured information. And if a service provider to such a vendor is breached, they must notify the vendor. The rule also stipulates an exact timeline and method by which these public notifications must be made.

Learn More

Information Rights Management is a subset of Digital Rights Management that protects corporate information from being viewed or edited by unwanted parties typically using encryption and permission management.

Learn More
ISO 27001

International standard for how to manage information security, first published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, then revised in 2013. It outlines standards for creating, executing, maintaining and optimizing an information security management system, in order to help organizations make their information assets more security.

Learn More
Information Security Policy

The directives, rules, regulations, and best practices that an organization follows to manage and secure information.

Learn More
Insider Threat

Any individual with insider access to an organization's networks or resources that would allow them to exploit the vulnerabilities of that organization's security or steal data.

Learn More

The assurance that information has not been changed and that it is accurate and complete. The GDPR mandates that data controllers and processors implement measures guarantee data integrity.

Learn More
Least Privilege

A security principle which mandates that users should be granted the least amount of permissions necessary to perform their job.

Learn More
Legal Basis for Processing

The GDPR mandates that data controllers must demonstrate a legal basis for data processing. The six legal bases for processing listed in the law are: consent, necessity, contract requirement, legal obligation, protection of data subject, public interest, or legitimate interest of the controller.

Learn More

An acronym for Multifactor Authentication. This represents an authentication process that requires more than one factor of verification. An example would be a login that requires a username and password combination, as well as an SMS-code verification, or the use of a physical security key.

Learn More

A deliberate configuration change within a system by a malicious actor, typically to create back-door access or exfiltrate information. While the original change in configuration might involve a compromised account or other vulnerability, a malconfiguration has the benefit of offering long term access using legitimate tools, without further need of a password or after a vulnerability is closed.

Learn More

A term that represents a number of different types of malicious software that is intended to infiltrate computers or computer network.

Learn More
Managed Database

A database with storage, data, and compute services that is managed and maintained by a third-party provider instead of by an organization's IT staff.

Learn More
Masked Data

Sensitive information swapped with arbitrary data intended to resemble true production data, rendering it useless to bad actors. It's most frequently used in test or development environments, where realistic data is needed to build and test software, but where there is no need for developers to see the real data.

Learn More

Data that describes other data. For databases, metadata describes properties of the data store itself, as well as the definition of the schema.

Learn More

A dangerous or unapproved configuration of an account that could potentially lead to a compromise typically done by a well-intentioned user attempting to solve an immediate business problem. While there is no malicious intent, misconfiguration is actually the leading cause of data loss or compromise.

Learn More

An acronym for the National Institute of Standards and Technology. NIST is a unit of the US Commerce Department tasked with promoting and maintaining measurement standards. NIST leads the development and issuance of security standards and guidelines for the federal government.

Learn More

In data security or privacy terms, this is the breach of a legal duty to protect personal information.

Learn More
Obfuscated Data

Sensitive information swapped with arbitrary data intended to resemble true production data, rendering it useless to bad actors. It's most frequently used in test or development environments, where realistic data is needed to build and test software, but where there is no need for developers to see the real data.

Learn More
Opt In

When an individual makes an active indication of choice, such as checking a box indicating willingness to share information with third parties.

Learn More
Opt Out

Either an explicit request for a user to no longer share information or receive updates from an organization, or a lack of action that implies that the choice has been made, such as when a person does not uncheck a box indicating willingness to share information with third parties.

Learn More

An acronym for the Payment Card Industry Data Security Standard. This is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information.

Learn More

An acronym for Protected Health Information. The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information.

Learn More

An acronym of Personally Identifiable Information. This is any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. Examples include social security number (SSN), passport number, driver's license number, taxpayer identification number, patient identification number, financial account number, or credit card number, personal address information including street address or email address, or personal telephone numbers.

Learn More
Passive Data Collection

Any data collection technique that gathers information automatically, with or without the end user’s knowledge.

Learn More

A type of malware that encrypts the files on an endpoint device using a mechanism for which only the attacker has the keys. While the attacker will offer the key in exchange for payment, fewer than half of victims that do pay actually recover their files.

Learn More

The idea that organizations should only retain information as long as it is pertinent.

Learn More
Right of Access

An individual’s right to request and receive their personal data from a business or other organization.

Learn More
Right to Correct

The right for individuals to correct or amend information about themselves that is inaccurate.

Learn More
Right to Deletion

An individual’s right to have their personal data deleted by a business or other organization possessing or controlling that data.

Learn More
Right to be Forgotten

An individual’s right to have their personal data deleted by a business or other organization possessing or controlling that data.

Learn More
Risk Assessment

The process by which risks are identified and the impact of those risks is determined.

Learn More
Sensitive Data

Any information that is protected against unwarranted disclosures, for reasons either legal, ethical, privacy, financial, or otherwise. This can include, but is not limited to: health data, personal information, confidential data such as trade secrets, etc...

Learn More
Sensitive Information

Data that must be protected from unauthorized access to safeguard the privacy or security of an individual or organization. According to NIST, this represents information, the loss, misuse, or unauthorized access to or modification of, that could adversely affect the national interest or the conduct of federal programs, or the privacy to which individuals are entitled under 5 U.S.C. Section 552a (the Privacy Act), but that has not been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy.GDPR refers to this as sensitive personal data that represents a mixture of private opinions and health information that falls into specialized, legally protected categories. Businesses must treat this data with the highest security.

Learn More
Shadow IT

Any unapproved cloud-based account or solution implemented by an employee for business use. It might also include the use of an unknown account with an approved provider, but administered by the user rather than corporate IT.

Learn More
Shadow SaaS

An unapproved cloud application that is connected in some way (typically by API) to that organization's SaaS or IaaS with access to corporate data but without permission from the organization.

Learn More
Structured Data

Data in a standardized format, with a well-defined structure that is easily readable by humans and programs. Most structured data is typically stored in a database. Though structured data only comprises 20 percent of data stored worldwide, its ease of accessibility and accuracy of outcomes makes it the foundation of current big data research and applications.

Learn More
Tokenized Data

Tokenization entails the substitution of sensitive data with a non-sensitive equivalent, known as a token. This token then maps back to the original sensitive data through a tokenization system that makes tokens practically impossible to reverse without them. Many such systems leverage random numbers to produce secure tokens. Tokenization is often used to secure financial records, bank accounts, medical records and many other forms of personally identifiable information (PII).

Learn More