Data Privacy vs Data Security

Can you tell the difference between data privacy and data security? If you don’t consider yourself cyber-savvy, there is a strong possibility you would say that these two terms are the same thing. The reality however, is they in fact refer to different concepts. Still, they are related in that you need data security in order to ensure data privacy.

What is data privacy?

Data privacy is generally defined as the freedom from intrusion of third parties in people's personal data, and denying unauthorized users access to sensitive information. Data privacy entails collecting, processing, storing, properly exploiting and deleting personal data. The right to privacy is protected by the constitution of most countries and the privacy policies of corporations. 

To put it in a real life perspective, we would compare the data privacy with a locker at a local gym or school. Instead of leaving personal items in a public place where they are visible to wandering eyes, you place them in a locker - a box with a lock on it. Now, you don’t have to worry whether or not your personal items can be seen because unless someone has the combination, they won’t know what you’re “hiding” in there. Your personal belongings are private and storing them in a locker prevents third parties from looking at your stuff.

The questions that come up in terms of data privacy are things like:

• Can anyone see what is placed in the locker?
• Will the details of the items placed in the locker be sold or used by a third party for financial gain?
• Is it possible for other gym members/students to learn what was in the locker at any point, even if the individual who was using the locker stops using it?

What is data security?

Data security is the process of using tools and techniques to prevent malicious individuals from obtaining access to people's sensitive data. Common methods used include: authentification, encryption, access control and breach response. Back to our locker at a gym or school - the lock on the box would be the tool preventing someone from taking the items inside it. The questions that come up in data security are things like:

• How safe is the lock? Can it be broken easily?
• If the lock can’t be “pulled off”, is it easy to figure out the combination?
• What happens if the padlock is cracked?

Can anything offer 100% protection from theft or access?

Whether it's a padlock for a gym locker, or a password to a Google account, there is unfortunately no guarantee that any security system or mechanism is invincible. Try as you might, there is no tool currently available that provides 100% protection from the theft or access of data. That said, there are things you can do to make it harder for cybercriminals to intercept data and/or view it. 

For improved data security, you could:

• Add multiple layers of encryption
• Use data tokenization 
• Update your passwords to ones that are stronger
• Update software and hardware
• Backup data
• Improve the security of how your store data
• Firewalls
• Passcodes for access
• Segment the data
• Delete old accounts and delete unnecessary files

For improved data privacy, you could:

• Encrypt data
• Delete data after an allotted amount of time has passed
• Allow users to delete cookies/access your website without cookies
• Share data on a “need to know” basis
• Assign users numbers in place of using identifying markers such as name and geographic location 

Closing Thoughts on Data Privacy vs Data Security

While sharing the same mission of providing protection to personal information, data privacy and data security define different concepts. Data privacy stands for ensuring that sensitive information is stored and utilized properly in an effort to guarantee the fundamental right of people to personal freedom. Data privacy doesn't ensure, though, that the data won't be stolen. This is the job of data security which features processes and tools for preventing unauthorized third parties from accessing, stealing, and destroying the data. Without security tools, the data may become victim to unauthorized users that can affect its integrity, or result in it being altered, sold, and/or deleted.

If you would like assistance with data privacy and data security for your organization, contact our team of experts.