In simple terms, data privacy means ensuring confidential information remains confidential. The goal of data privacy is to provide a path for organizations to legally collect information, while prioritizing individual rights to privacy. In order to achieve that goal, data collectors must implement security procedures that determine what data gets collected, how it’s collected, how it’s stored and transferred, who has access to it and, most importantly, how it’s protected.
For example, many organizations collect personal data about their clients and customers, including full names, financial information, health information, national ID numbers, and so on. Failure to protect this data could result in hefty fines, costly legal action, and could also permanently damage an organization’s reputation with business partners and customers.
The consequences are just as bad for anyone whose privacy was compromised. Imagine receiving an invoice for a service you didn’t subscribe to, or discovering inquiries on your credit report that you didn’t authorize. This is known as identity theft and it’s a direct result of failed data privacy. Privacy vs. Security
Privacy and security work together, and often get interchanged in casual conversation. But there is an important difference between the two. Privacy refers to the appropriate use of any data that is collected, stored, and transmitted. For example, posting someone’s private information on Twitter would be a violation of their privacy.
Security needs to be an ongoing commitment to preventing unauthorized access, both externally and internally, to confidential information. Security combines technical measures, such as firewalls, spam filters, and threat monitoring software, with human measures like following policy and thinking before clicking. If you haven’t implemented such measures and you have confidential personally identifiable information on others, then you and your company are vulnerable.
-SAC