Ad Server: A digital platform that works with companies to generate, position, and track their digital advertising. Google and Bing are both common ad servers.

Algorithm: Specific rules or instructions that dictate formulas designed to solve a problem or perform a calculation.

Anonymized Data: Data that consists of information that cannot be tied to someone on any personal level. For Example: One thousand new people visited our website. However, we do not have (or want) any information that tells us who those people are or that could be used to identify them.

Anonymous: Having no personal information that can identify someone.

Authentication: The verification of an identity, often used as a security measure.


Behavioral Tracking: The tracking and analysis of consumer behavior, often with the intent of improving marketing, sales, or business decisions.

Big Tech: A relatively small group of companies that control and/or access a large amount of consumer data, often for profit.

Biometrics: Security verification or recognition using individuals’ unique physical identifiers.

Breach: The act of breaking past security protocols potentially exposing sensitive information.

Browser: A computer platform that enables users to navigate the internet.


California Online Privacy Protection Act: The first state law that required all online sites and services to provide a privacy policy.

CAPTCHA: The Completely Automated Public Turing test to tell Humans and Computers Apart is used to verify that the entity accessing something is a human and not a bot or program.

Cloaking: (including grammatically inflected forms) is the practice of creating proxy-based identifiers corresponding to personally identifiable information.

Cloaked Identity: An online identity consisting of a Cloaked generated phone number and email address that cannot be used to trace or expose personal information.

Cloaked Identity Management: The use of the Cloaked dashboard to store, sort, and organize all of one’s online Cloaked identities.

Cloaked Pay: A developing Cloaked product that will allow users to pay online using anonymized credit card information, which prevents incidents of identity theft and financial data breaches.

Communication Controls: Features within the Cloaked app that allow users to mute, delete, and forward communications from saved contacts.

Confidentiality: The act of keeping information private and inaccessible based on the preferences of a person.

Consensual Marketing: A marketing methodology that relies only on the information that a user is consciously willing to share, or wholly anonymized data.Consent: Permission given freely and clearly, without coercion or deception.

Contacts: Different companies and people saved within the Cloaked app.

Cookie: A small piece of tracking data that can be stored on a browser and used to send information about your visit back to the website owners.

COPPA (Children’s Online Privacy Protection Act): A 1998 act designed to install strict guidelines and requirements for any website or online service targeting children under the age of 13.


Data: Factual information that can be grouped together for analysis.

Data Aggregation: The act of combining large data sets from single or multiple databases, usually with the intent to analyze.

Data Breach: An incident resulting in the unauthorized sharing or stealing of data, potentially exposing sensitive information.

Data Brokers: Entities that actively gather, analyze, clean, and sell or license data to third parties.Data Collection: The act of gathering data from multiple sources.

Data Protection: The act of protecting personal data or information of a sensitive nature from unauthorized breaches, compromises, or total loss.

Decentralized Data: A way of storing data among distributed nodes instead of one centralized server. This method is based on the blockchain decentralized network and considered to be a safer method of data storage.

Dark Web: A version of the world wide web that is intentionally hidden and only accessible through the use of specific browsers or software. Not to be confused with the deep web, the dark web is sometimes used to complete nefarious transactions or activities.

Deep Web: A section of the world wide web that is not indexed by traditional search engines.

Doxxing: The act of exposing personal information online, often via social media sites, to harass someone and/or with malicious intent.

Digital Advertising: Marketing efforts that are delivered using online resources, such as social media, ad servers, shared content, streaming channels, and other potential advertising platforms.

Digital Footprint: Data or information that is generated and stored on the internet as a result of someone’s online activity.

Digital Surveillance: Using digital technologies to track, watch, or record the activities of others - usually without their knowledge or permission.


EHR (Electronic Health Records): Confidential patient health records that are stored on a company intranet or private database.

Electronic Communications: Communications that are facilitated by electronic means, such as phones, radios, computers, televisions, and other similar devices.

Encryption: The process of encoding information to make is inaccessible to unauthorized parties.

Encryption Key: A string of characters or piece of information that can be stored as a file and used to encode or decode information.

End-User Agreement: A legal document that delivers the terms and conditions of service to software users. 

Enterprise Security: The large scale use of various technologies across an ecosystem designed to protect digital information and assets against malicious use, unauthorized access, and loss. Usually associated with businesses.


Fair Credit Reporting Act: A 1970 act created to protect the privacy and accuracy of consumer information being stored by reporting agencies, with the purpose of ensuring fair and correct use.

Family Educational Rights and Privacy Act: A 1974 US federal law created to protect the educational information of people from public entities such as employers, foreign governments, and other institutions. It also provides some protection around the transmission of student data.

FCC (Federal Communications Commission): An agency of the US government tasked with regulating all interstate and international communications. In addition to this, the FCC also oversees certain business interactions between media companies, and acts to protect consumers.

First-Person Data: Data that is collected directly from consumers and usually owned by the company that collects it.

Freedom of Information Act: The Federal law that requires the state or federal government to make previously unavailable documents and information available for public consumption upon request.

FTC (Federal Trade Commission): An agency of the US government that works to protect the interests of consumers and to enforce civil antitrust laws.


(GDPR) General Data Protection Regulation: The GDPR is a European Union regulation designed to protect consumer privacy rights through a strict set of rules around data protection, collection, and sharing.

Geotagging: The act of assigning geographical information metadata to a piece of media such as a photo, website, video, QR code, etc.

Geotargeting: Advertising or delivering specific content to consumers based on geolocation, which is provided through various data collection methods.


Hacker: A person who uses their skill in information technology and other disciplines to bypass obstacles or gain access to information that would otherwise be unavailable to them. Hackers can operate in both nefarious and beneficial ways.

Hardening: The act of adding additional layers of security to technology to reduce the areas of vulnerability with the intention of preventing any unauthorized access or activity.Hardware: The physical components of a computer or technological device.

(HIPPA) Health Insurance Portability and Accountability Act: A 1996 United States federal law that regulates the way that healthcare entities can share, transport, use, and store patient information.

HyperText Transfer Protocol Secure (HTTPS): An extension of Hypertext Transfer Protocol (HTTP) that adds a layer of encryption designed to create a secure connection between the website someone is visiting and their web browser.


Identifiers: A character sequence contained within a program or element that uses data sets or variables to identify it.

Identity Theft: When a hacker or bad actor uses deception or technology to steal the personal information of another person, usually with the intent to commit an illegal activity.

Identity Verification: The act of using security protocols such as security questions or two factor authentication to ensure that a person is who they say they are.

Incognito: The act of hiding or obscuring one’s identity.

Incognito Mode: A browser option that does not save search or browsing information with the intent of keeping a user’s online activity private.

Information Security: The protection of data against bad actors, unauthorized access, and other threats through risk mitigation.

Information Technology: When computer systems are used to transport, store, process, and retrieve data.

Internal Threat: Any threat of hacking, data breaches, data theft, or nefarious activity that originates from the inside of an organization as opposed to an external threat.

Internet of Things: Physical objects in homes, offices, vehicles, or other places that send and receive data from the internet, enabling their functionality.

IP (Internet Protocol) Address: A unique set of characters that help to identify each user interface (computer or device accessing the internet) and its location.

ISP (Internet Service Provider): An entity that enables the access and use of the internet for consumers. This can include private ISPs, community ISPs, organizational ISPs, and publicly accessible ISPs.


Jacked: The act of gaining unauthorized control of a computer or device in order to access, steal, or expose data.

Jamming: The act of preventing the transmission of data from a source by using a device to interfere with the communication channels.

Javascript: One of the most widely used programming languages on the internet.

Juice Jacking: The use of public access USB ports to transmit malware or steal data.


Key-logger: A device or program that tracks the keyboard activity of a person, usually without them being aware. This can be used to gain access to devices, steal personal information, or to track other communications


Latent Threat: A potential threat that may not be obvious and requires a security process to discover and address.

Local Area Network: A network that enables local connection within a building or internal geographically close organization.

Location Data: Data that is gathered from devices that shows the geographic location of that device at a certain time.

Location Tracking: The act of tracking a device's location, usually through the use of GPS.


Malware: Software that is designed with malicious intent. People are sometimes tricked into downloading malware on their personal or professional devices, leading to the unauthorized use of data.

Meta Data: Data that provides information about other data.

Metrics: A measurable set of requirements used to determine success or failure of a professional or personal endeavor.

Mobile Device: Any connected device that can be easily moved between destinations and is often used in transit.

Multi-Factor Authentication: An additional security protocol that requires a person to prove their identity using more than one method prior to accessing devices or data.


Network: An interconnected system that enables and supports communication and/or the transmission of data.

Network Devices: Hardware that is necessary to connect the devices operating within a computer network.

Network Encryption: A security method that uses randomized characters to protect data being transmitted between a server and its destination.

Nonpublic Personal Information: Personally identifiable financial information that is not available to the general public.

(NSA) National Security Agency: The United States intelligence agency that is responsible for the collection, analysis, and assessment of data related to global security risks.


Online Data Collection: Any process that results in the acquisition of information using the internet. This could include everything from the use of cookies to voluntary online surveys.

Online Privacy Alliance: A widespread organization made up of businesses from multiple industries with the purpose of identifying opportunities and implementing changes focused on recognizing and preserving consumer privacy.

Open Source: Software (or source code) that is made freely available for study, optimization, use, or distribution by its creator or license holder.

Opt-in: The act of voluntarily participating in something - specifically the act of subscribing to email marketing.

Opt-Out: The act of choosing to abstain from participating in something. Oftentimes applied to phone consent or email marketing.


Passive Data Collection: Data collection that takes place without the active participation of the subject, and sometimes without their consent.

Password: A word, phrase, or random group of characters that is needed to gain access to something. Passwords are usually kept secret for security reasons.

Password Encryption: Securing a password as it is transferred from server to computer or server to server by replacing it with randomized characters that are impossible for hackers to decipher.

Pharming: The act of sending a person to a fraudulent website that mimics a legitimate one with the purpose of stealing information or installing malware.

Phishing: Using deceptive means to convince a person to share personal information that they would not have shared otherwise. Phishing is considered a form of social engineering and relies on mimicking trusted brands or manipulation.

Piggybacking: The unauthorized use of a wifi network to gain access to the internet. Sometimes, this connection can be used to perpetrate malicious activity.

(PII) Personally Identifiable Information: Any information that can be used to identify any personal information about an individual. This can include names, birth dates, addresses, phone numbers, workplaces, etc.

Predictive Policing: The act of using data models to predict the likelihood of a person or demographic participating in criminal behavior, and using this information to plan and execute law enforcement activities.

Privacy: The ability to do what one wants and to be confident in knowing their actions, communications and data will not be revealed or shared.

Privacy Act: A 1974 Act that legally prevents the sharing of a personal record from any system without the consent of the person who the record is about.

Privacy by Design: The act of designing systems in such a way as to proactively protect and secure data, versus simply reacting to security concerns.

Privacy Disclosure Agreement: Also known as a non disclosure agreement, this is a legally binding agreement that is designed to protect the privacy or proprietary information of one or both of the parties involved.

Private Data: Any data that is not made available to the general public.

Privacy Policy: A document (usually legally binding) that gives the reader information on how an organization collects, stores, uses, and distributes customer or user data.

Privacy Protection: The protection of personal information from unauthorized or unwanted dissemination, exposure, or use. This definition may differ slightly from person to person.

Privacy Risk Assessment: A process or framework designed to identify any risks associated with collecting or storing personally identifiable information.

Privacy Violation: Any activity that invades, exposes, uses, or collects personal data without the consent of the subject.

Protected Health Information: Any personal health records obtained by a medical professional that are protected under the Health Insurance Portability and Accountability Act of 1996, as well as additional confidential health information that the patient has not consented to share.

Publicly Available Information: Information that can be found within the public domain and that does not require government authorization, personal permissions, or any authorization to access.


Randomized Data: Randomizing data prevents biased or corrupted outcomes when conducting scientific research.

Ransomware: A form of malware that can lock a computer system or specific accounts with the purpose of extorting money for access.

reCAPTCHA: A Google owned service designed to determine if a site visitor is a human or a bot. The reCAPTCHA requires the user to input a series of jumbled letters or numbers, or may ask the user to identify certain images.

Red Flags Rule: A policy supported by the Federal Trade Commission and other agencies that requires organizations to create a plan to mitigate the risk of identity theft by identifying factors that could indicate that identity theft is occurring.

Right to be Forgotten or Right to Deletion: The right to have your current or historic information removed from the internet.

Right to Privacy: The right to own your personal information, disseminate it as you see fit, and dictate how it is used in addition to being free from unwanted surveillance.

Rootkit: The collection of software or tools used to gain access and control of a computer system while avoiding detection.

RSA Encryption: The Rivest-Shamir-Adleman encryption is one of the oldest forms of encryption and is still used in secure data transfers.


Scam: An intentional deception designed to defraud or deprive a person of something.

Secret Key: A combination of phrases, words, or characters that can be used to gain access to encrypted data, or to securely encrypt new input.

Security Protocols: Protocols that use cryptographic methods to perform security related functions.

Sensitive Personal Information: Information about a person that is protected and requires authorization to access. Often pertaining to a person’s health records, protected legal records, financial information, or other personal data that could be used to perpetrate identity theft.

Social Engineering: Using manipulation tactics to persuade people to divulge sensitive information, download malware, or give unauthorized access to data that would otherwise be protected.

SPAM: Unauthorized, excessive, or unwanted communication, sometimes in the form of emails, phone calls, or physical mail.

Spoofing: When criminals, scammers, or bots use incorrect data to identify as being in a different area code, location, or from a familiar source as opposed to their real information. This is done to trick the recipient into believing the false data and potentially acting on it.

Spyware: Malware that can be downloaded with the intent of monitoring someone’s online activity, recording sensitive information, or sending pop ups to distract or control a user.

SSL Certificate: A certificate that authenticates a site’s identity and then allows for a secure connection using encryption.

Super Cookie: A tracking cookie that internet service providers insert into the website header to track or monitor online activity. These work at the service provider level, as opposed to standard cookies which have a more localized use.

Surveillance: The act of observing or monitoring someone, usually without their knowledge or permission.

Symmetric Encryption: A “secret key” encryption method that uses a key to code and decode information.


Third-Party Data: Data that is collected from organizations that do not have a direct connection to the person the information is about. These can come in the form of data brokers or other entities that participate in the data trade.

Trojan: Malware that appears harmless until the user downloads it. Then, it behaves in a malicious fashion.

Two-Way Routing: Proprietary Cloaked technology that routes your personal information through a secure gateway, resulting in anonymized information output.


Unambiguous Data: Data that is not made up of sensitive personal information.

Unauthorized Activity: In cybersecurity, this refers to any activity occurring as the result of unauthorized access to systems, software, hardware, and/or data.

US Patriot Act: A 2001 act that enables greater communication between United States Intelligence agencies and law enforcement professionals with the intent of preventing acts of terrorism.


Verification: Proving the validity of information.

Virtual Reality: An immersive virtual environment that represents a three-dimensional model, and is accessed using helmets, visors, gloves, or other wearable devices.

Virus: A self-replicating piece of code designed to have some destructive impact on the system or device(s) where it is installed.

VPN (Virtual Private Network): A method of protecting your online activity and heightening overall security that relies on creating safe connections by masking the user’s location.

Vulnerability Assessment: A security process that identifies areas of potential weakness in systems.


Whaling: A phishing attack that targets high ranking officials, executive officers, or even celebrities with the purpose of manipulating them into sharing sensitive information.

Whistleblowing: The act of drawing attention to an unethical practice by reporting it to (usually) a governing authority.

White Hat: This refers to an ethical hacker who uses their skills to consensually help organizations identify weaknesses or to aid in finding and accessing important information.

Worm: A piece of malware designed to self-replicate with the intent of spreading to other computers or systems.


Zero Day Exploitation: An attack on a part of an information system that has a weakness that has been missed by security professionals. These attacks are usually preventable with proper security assessments.

Zero Information Policy: A policy that states that all sensitive or personal data collected within an organization remains completely confidential, with data ownership still firmly in the hands of the consumer.