Repeat after me, data security is not privacy. Privacy is also not data security. These two terms are often used interchangeably, but there are distinct differences as well as similarities.
Yes, data security and privacy have a common goal to protect sensitive data. But they have very different approaches for achieving the same effect. Data security focuses on protecting the data from theft and breaches. Whereas privacy governs how data is being collected, shared and used.
Let’s dig a little deeper to understand the differences.
What is Data Security
Data security focuses on the tools that deter hackers and cybercriminals from getting to your crown jewels—customers’ personal data (credit card, accounts), as well as the company’s intellectual property and trade secrets. Some of these tools include permissions management, data classification, identity and access management, and user behaviorial analytics (UBA). The synergy of these tools are theoretically supposed to deter and challenge cybercriminals from stealing your intellectual property, healthcare data, financial data, and personally identifiable information.
When Data Security is Mistaken for Privacy
It’s common for organizations to believe that if they’re responsibly managing sensitive data according to specific data security requirements, they’re also complying with data privacy requirements.
That’s just not true.
Even with the best security tools, employees or third-party vendors with access to sensitive data can mismanage it if they’re unaware of privacy policies.
But what exactly is privacy and why does it matter?
What is Privacy
Privacy is the right for an individual to be free from uninvited attention and scrutiny.
To safely exist in one’s space and freely express one’s opinion behind closed doors is critical to living in a democratic society, says Ann Cavoukian creator of Privacy by Design.
Cavoukian, the former Information & Privacy Commissioner of Ontario, Canada says, “Privacy forms the basis of our freedom. You have to have moments of reserve, reflection, intimacy and solitude.”
This is critical because even though data breaches have been driving headline news, privacy concerns have always been riding shotgun. In other words, there’s no point in having data security if you can lose your rights to it!
You don’t want to be the company to be described as creepy in the way that you leverage your customer’s personal data – whether it is with passive location tracking, apps secretly absorbing your personal address book, or websites recording your every keystroke.
Instead, employees should be regularly trained on security and privacy so they understand the processes and procedures necessary to also ensure proper collection, sharing, and use of sensitive data.
Plus, if you’re doing business in the EU zone, you’ll be required to take consumer data privacy seriously. EU consumers will soon have strong privacy rights, including the right to explicit opt-in consent, the right to access their delete, and the right to delete it. It will be the law in 2018!