Glossary

    G

    A B C D E F G H I L M N O P R S U V W

    Georgia SB 230

    • Description: Requires notification to Georgia residents after a breach involving personal information.
    • Enacted and Enforced: Enacted May 5, 2005; enforced since July 1, 2005.
    • Impacts Data Types: Name + SSN, driver’s license, state ID, account or access codes.
    • Examples: Stolen unencrypted tapes or databases with customer SSNs.
    • Potential Fines: Up to $5,000 per violation; AG notification required for 10,000+ affected.

    GDPR (General Data Protection Regulation)

    • Description: Standardizes EU data protection laws and grants rights to individuals.
    • Enacted and Enforced: Enacted April 27, 2016; enforced since May 25, 2018.
    • Impacts Data Types: All personal data of EU/EEA residents including health, location, and biometrics.
    • Examples: IP addresses, employee records, customer contact details.
    • Potential Fines: Up to €20 million or 4% of global turnover.

    Ghost Data

    • Description: Residual data left after deletion attempts, posing security risks.
    • Origin: Industry term; no formal enactment date.
    • Impacts Data Types: Deleted files, app logs, cached and shadow data.
    • Examples: Recoverable deleted email attachments or old file versions.
    • Potential Fines: Indirect — if it leads to breaches, GDPR/HIPAA fines may apply.

    GLBA (Gramm-Leach-Bliley Act)

    • Description: Requires financial institutions to protect customer data and disclose sharing practices.
    • Enacted and Enforced: Enacted Nov 12, 1999; enforced since July 1, 2001.
    • Impacts Data Types: Bank account numbers, SSNs, credit histories.
    • Examples: Mortgage records, credit card applications, bank statements.
    • Potential Fines: Up to $100,000 (civil), $1M (criminal) per violation.

    Governance Risk and Compliance (GRC)

    • Description: Framework for aligning IT with business objectives, managing risk, and meeting compliance requirements.
    • Enacted and Enforced: Not a regulation but a widely used practice model.
    • Impacts Data Types: All business-critical and compliance-related data.
    • Examples: Implementing ISO 27001, SOC 2 controls, or PCI DSS compliance programs.
    • Potential Fines: Indirect — failure to manage risk or meet compliance may lead to penalties under related laws like GDPR or HIPAA.
    A B C D E F G H I L M N O P R S U V W