From the course: Privacy Fundamentals for Organizations

Data privacy vs. data security

From the course: Privacy Fundamentals for Organizations

Start my 1-month free trial Buy for my team

Data privacy vs. data security

- Data privacy and data security are complimentary concepts. It's difficult to talk about privacy without talking about security. And security is a key component of strong privacy. I like this word cloud because it represents how these concepts are so interconnected between the different terms and concepts that apply to both. But it's important to remember that privacy and security have slightly different focuses and outcomes. Data security is a process of protecting the confidentiality, integrity, and availability of an organization's data. Confidentiality is about ensuring that only the right people are able to access the data at any time. This means that we're preventing unauthorized access, preventing theft. Data integrity is about making sure the data is correct and accurate so that we can trust it. And data availability is about making sure that data is available whenever it is needed. Data privacy is about ensuring the collection, processing, and storing of data about individuals is consistent with regulation law and privacy rights. Security alone is not enough to protect privacy risk. Bata could be perfectly secure, but if it's not collected, used or processed properly, an organization can still have a privacy incident. And when I say privacy incident, that's just a phrase that you'll hear in security and privacy when something goes wrong or there's a problem that requires a response and security supports privacy. I could have perfect data privacy, risk management, but if my data can be accessed by an unauthorized person, then it's not private. So security supports privacy from that perspective. And when privacy and security risk is not mitigated, significant organizational damage and consequences can occur like reputation damage, legal and regulatory consequences, financial losses, and individual harm to customers or users. Although sometimes it can be easier to conceptually think about security risk and deal with security risk. This is why it's so important to consider both security and privacy when conducting risk management.

Contents