Glossary

    M

    A B C D E F G H I L M N O P R S U V W

    Managed Database

    • Description: A database service where the provider manages maintenance, backups, and updates.
    • Origin: Emerged in early 2010s with cloud adoption.
    • Impacts Data Types: Enterprise application data.
    • Examples: AWS RDS, Azure SQL Database.
    • Potential Fines: Indirect — provider misconfigurations may result in breaches and penalties.

    Massachusetts 201 CMR 17

    • Description: Requires entities to implement programs to safeguard personal information of residents.
    • Enacted and Enforced: Enacted April 5, 2010; enforced March 1, 2010.
    • Impacts Data Types: PII including SSNs, financial account info.
    • Examples: Encrypted databases, access controls for employee data.
    • Potential Fines: Up to $5,000 per offense.

    Masked Data

    • Description: Replacing sensitive data with obfuscated values in non-production environments.
    • Origin: A best practice since early 2010s.
    • Impacts Data Types: PII in test and dev environments.
    • Examples: Dummy SSNs in test databases.
    • Potential Fines: Indirect — prevents test data leaks that could result in fines.

    Metadata

    • Description: Data that provides information about other data, such as origin or structure.
    • Origin: Used in data management since 1990s.
    • Impacts Data Types: Data asset descriptors.
    • Examples: Column definitions in a warehouse.
    • Potential Fines: Indirect — absence can cause compliance gaps.

    Michigan Privacy Act SB 309

    • Description: Grants privacy rights and sets obligations for handling personal data.
    • Enacted and Enforced: Enacted Dec 30, 2022; enforced Oct 14, 2023.
    • Impacts Data Types: Personal identifiers, biometrics, preferences.
    • Examples: Purchase histories, fitness data.
    • Potential Fines: Up to $7,500 per violation.

    Minnesota Code 325E.61

    • Description: Requires breach notification if unencrypted personal info is compromised.
    • Enacted and Enforced: Enacted May 31, 2005; enforced July 1, 2005.
    • Impacts Data Types: SSNs, driver’s licenses.
    • Examples: Employee SSNs leaked via email.
    • Potential Fines: Up to $1,000 per violation.

    Misconfiguration

    • Description: An incorrect setting in a system or app that risks exposing data.
    • Origin: Known vulnerability type since 2010s in OWASP, CIS.
    • Impacts Data Types: Any exposed data store.
    • Examples: Public S3 bucket.
    • Potential Fines: GDPR/HIPAA fines for breaches due to misconfigurations.

    Misplaced Data

    • Description: Sensitive data stored in the wrong location without security controls.
    • Origin: Industry concept since early 2000s.
    • Impacts Data Types: Confidential files in insecure places.
    • Examples: Confidential reports on shared drives.
    • Potential Fines: Regulatory penalties if breaches occur.
    A B C D E F G H I L M N O P R S U V W