Data Privacy vs. Data Security: What’s the Main Difference?

The privacy and security of our personal information are under constant attack from hackers, data breaches, unscrupulous data collectors (Facebook, anyone?), and even our own behavior. To keep personal data safe, we need to take data privacy and data security seriously. That starts with understanding the difference between the two.

The International Association of Privacy Professionals (IAPP) calls privacy and security “kissing cousins,” adding that “Data privacy is focused on the use and governance of personal data—things like putting policies in place to ensure that consumers’ personal information is being collected, shared and used in appropriate ways. Data security focuses more on protecting data from malicious attacks and the exploitation of stolen data for profit.”

For example, security controls such as passwords or multifactor authentication grant or block access to email, bank accounts, mobile apps, and other digital sources. Privacy determines how a company holding the data uses it to administer the account.

Consumers Worry about Data Security and Data Privacy

Today’s consumers take data security and data privacy seriously. A new IDX study conducted by Ponemon Institute,Privacy and Security in a Digital World: A Study of Consumers in the United States, found that:

• 74% of consumers say they have no control over the personal information that is collected on them.
• 86% are very concerned about their privacy when using free online tools like Facebook and Google.
• Two-thirds of consumers (68%) are more concerned about the privacy and security of their personal information than they were three years ago.

“This research revealed much of the tension surrounding digital privacy today,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. “The study shows that many consumers are alarmed by the uptick in privacy scandals and want to protect their information, but don’t know how, and feel like they lack the right tools to do so.”

Privacy & Security in a Digital World: A Study of Consumers in the US
Get the Full Report

How Companies Can Improve Data Privacy and Data Security

The study also points to a privacy gap between the consumer data protection individuals want and what industry and regulators provide. While the majority of consumers want their data protected, they’re still waiting on—or expecting–the federal government or industries to provide this protection. There’s no sign of federal privacy legislation coming soon, but companies can do much to safeguard the consumer data entrusted to them.

To start, privacy and security teams can work together and learn from each other. The IT industry has developed a host of data protection best practices that privacy organizations could adapt to their own activities. As part of IT, for example, data security organizations track the amount of data on their systems, network loads, etc., looking for unusual activity that might indicate breaches or attacks. Privacy organizations could identify key indicators such as a rise in privacy-related incidents or in privacy-related customer service inquiries to help quickly identify and mitigate privacy issues.

And privacy professionals are experts at proactive communication—a lesson that security teams can apply to their own organizations. A privacy program depends on policies and processes executed by people throughout the organization, so privacy professionals work hard at training and at building a culture of awareness and compliance.

In contrast, many data security functions are implemented within the computing infrastructure. Security software and malware protection are critical pieces of a security program, but a system is only as strong as its weakest link, and often that is the person carrying a mobile device or responding to what may be a phishing email or phone call. Data security professionals are in the best position to know where the user vulnerabilities lie, and they should work proactively with privacy staff to identify and close these gaps through training and awareness programs.

How Consumers Can Improve Their Data Privacy and Data Security

Consumers should take action to protect their own personal data. As Tom Kelly, IDX’ president and CEO, said, “Consumers must recognize that there are simple tools and practices they can implement to guard their data privacy, and government leaders and online platforms won’t do it for them.”

To protect data security — especially while working from home — you can:

• Only use your work computer for work.
• Be cautious of any attachment from emails you don’t recognize.
• Never use public WiFi networks.
• Always opt-into two-factor authentication whenever possible.
• Use biometric security like a fingerprint or facial recognition on your mobile device.

How To protect Your — and Your Children’s — Data Privacy:

• Use the privacy protection provided by your devices, such as restrictive data sharing and additional authentication controls.
• Opt-out of data collection when possible.
• Consider using a privacy browser that doesn’t collect or share your search history or your personal information.
• Teach your kids about social media early and talk often about safe use of social networks.
• Stay alert with identity and privacy protection that offers a strong detection service, available either through your employer’s voluntary benefits program or on your own.

Both data privacy and data security are essential to protecting our personal information. While government and private industries must do their part, as consumers we, too, play an important role in keeping our personal data safe.

Privacy & Security in a Digital World: A Study of Consumers in the US
Get the Full Report