Privacy and Security: What’s the Difference?

The terms “privacy” and “security” are surfacing everywhere in business, from legal policies and terms of use to marketing, media, and regulations. The words are often used in tandem, but they’re really two distinct concepts that frequently overlap, especially regarding sensitive data.

So, what’s the difference between privacy and security, and how does each apply to your customers?

 

Privacy

In business, privacy generally means control, ethics, and transparency around others’ data. Whenever a business collects information about customers or employees (just about all businesses do), privacy comes into consideration.

Here are some questions a small business should ask itself around privacy:

  • What customer and employee data do we collect and keep? Do we need it all?

  • Why and with whom are we sharing data?

  • Are we clearly communicating how we collect, use, and share data?

  • Are we complying with privacy regulations and best practices (e.g. state privacy laws and GDPR)?

Privacy concerns have evolved – in today’s world, it can be hard for an average consumer to know who has their data and what’s being done with it. That’s why it’s important for companies to step up to the plate on privacy.

📣 For more on privacy and how it affects Small Business, listen to the second episode of The Hilt, Defendify’s new podcast, featuring Ginny Lee, privacy attorney and former privacy leader at ServiceNow, Starbucks, Intel, and Yahoo!.

Security

While privacy influences how businesses collect, use, and share data, security covers how they protect that data.

Security is comprised of cybersecurity, protection against online or electronic attacks, and physical security, protection against physical attacks. A comprehensive data protection strategy uses components of both.

A few questions a small business should consider regarding security are:

  • How vulnerable are we to a cyberattack?

  • What sensitive data are we storing about our customers and employees?

  • Do we have a comprehensive security program in place to help protect data?

A cyberattack can be extremely damaging to a business, but also to people whose data is breached. Because of this, businesses increasingly have a responsibility to protect the data they collect.

 

All Together Now

Although privacy and security are ultimately distinguishable concepts, in today’s world, the two are certainly related. Consider an example where John Doe provides his email address to Example Company to make an online purchase.

  • Privacy violation: Example Company shares John’s email address with a third-party company.

  • Security violation: Example Company experiences a data breach, and John’s email address is stolen by a malicious hacker.

In both cases, the result is the same: John’s email is shared with another party. The difference is that the first example was due a lack of control over the data, and the second was a lack of protection.

As a provider and trusted resource, you may want to coach your customers through basic privacy and security concepts as a first step. Going through a data classification exercise together is a great way to determine and discuss what sensitive data they have, where it’s stored, who has access, and how it’s protected. From there, you can form a strategy around improving privacy and security processes.

 

In business, privacy and security go hand-in-hand to keep data safe, secure, and confidential. The better you – and your customers – understand the difference, the easier it is to tackle both.

 

Stay Safe,

Your Friends @ Defendify