Ticker

6/recent/ticker-posts

Privacy vs Security

byPrivacy Auditor May 30, 2022

 

 

So, what is privacy?

There are many definitions of privacy and exploring all is beyond the scope of this blog. However, I think it would be helpful to explore some definitions identified in the privacy literature.

In defining privacy, a useful approach is to differentiate privacy from security. The two concepts have some overlap but there are also differences between the two. One thing is certain, you cannot attain privacy without security.

The International Association of Privacy Professionals (IAPP) defines the difference between data security and privacy in this way:

Data privacy is focused on the use and governance of personal data— things like putting policies in place to ensure that consumers’ personal information is being collected, shared and used in appropriate ways. Data security focuses more on protecting data from malicious attacks and the exploitation of stolen data for profit. While security is necessary for protecting data, it is not sufficient for addressing privacy.[1]

The American Institute of Certified Public Accountants (AICPA) defines privacy in its Generally Accepted Privacy Principles as:

 "the rights and obligations of individuals and organizations with respect to the collection, use, retention, disclosure, and disposal of personal information."

Information privacy focuses on the policies behind handling information—i.e., the who, what, when, where, and why of processing personal information. Information security, on the other hand, refers to the protection of data from unauthorized access. A privacy program focuses on the personal information an organization collects and maintains. A security program protects all the informational assets that an organization collects and maintains.

The analogy below was taken from an article on CSOonline[2], explains the difference between privacy vs security.

Consider a window in your home. It provides various functions for you. It allows you to look outside. It lets sunlight into your home. A window keeps weather outside. You can open a window to let in fresh air. In an emergency, you can use a window as an exit. A window is also vulnerable. Just as you can use it as an egress, others can use it as an entrance. To protect against unwanted visitors, you can put bars or a grate in front of the window. This still allows you to keep all of the desired functionality the window provides. This is security. Just as you can look out a window, others can look in. Preventing unwanted eyes from looking in can be addressed by putting a drape, a curtain, or a shade inside of the window. This is privacy. Obscuring the view inside of your home also provides a little security as intruders may not be able to tell when you are home or see the things you own.

I hope this blog provides some degree of clarity between privacy and security. I appreciate all feedback my readers have on the topic.

In my next blog, we will explore the elements of a privacy program.

Thank you.


Tags
Privacy Auditor

Posted by Privacy Auditor

I am solution-oriented IT professional with 20 + years of integrated auditing, IT security knowledge and skills that are used to successfully conduct value added IS/IT audits, data privacy and IT security reviews in a multi-university environment. My professional certifications include: • Certified Information Systems Auditor (CISA) • Certified Internal Auditor (CIA) • Certified Computing Professional (CCP) • Certification in Risk Management Assurance (CRMA) • Certified Information Privacy Manager (CIPM) • Certified Data Privacy Solutions Engineer (CDPSE) I created this blog to serve as a platform to explore approaches to managing and auditing Data Privacy Programs.

Post a Comment

0 Comments