We are faced with this question many times, so what are the similarities and differences between security and privacy let’s start by looking at their definition.
Privacy is an individual’s right to safeguard his or her information shared with third party from un-acceptable disclosure other than the reasons for which the information is shared with third party. Many countries have enacted laws to ensure data privacy. Examples of data covered under privacy include health records, credit card data, and financial data.
Security is protection of information to prevent it from, unauthorized access which may lead to information loss (leakage, deletion) resulting financial loss, reputation or legal litigations. Security is to ensure confidentiality, integrity and availability of any type of data which may include personal data.
So security has wider landscape to protect than just protecting personal information, like protecting organization’s confidential information (strategy, commercial data, Intellectual property, customer information, etc.), protecting the integrity of data (intentional or unintentional unauthorized changes to data) and ensuring services are up and running all the time (Business Continuity and disaster recovery).
Privacy on the other hand has a legal aspect to it whereby information collected from an individual cannot be used other than the purpose intended and cannot be shared with any party without the owner’s consent. The key privacy principles which an organization has to follow are:
- Data collection: Data should be collected by lawful and fair means
- Data Utilization: Limit the use of personal information to the purposes identified to the individual
- Disclosure: Limit the disclosure to the third parties to which an individual has provided consent
- Storage: Data should be retained as long as it is required and stored securely
- Destruction: Data not required should be securely destroyed
To ensure privacy of data organizations have to protect data from unauthorized access and disclosure they will have to ensure security controls are designed and implemented effectively to securely store, transmit and process personal data.
Security and privacy have overlapping areas of concern. Security can be seen as an enabler to privacy, to protecting personal information. So there could be security without privacy, but you cannot have privacy without security.