Security vs Privacy
Security and privacy are often used interchangeably by people, but it is important to understand how these two ideas are different.
Security
Security refers to protection against the unauthorized access of data regardless of the content. Any measure taken to make sure that data can’t be accessed by an unauthorized person is known as security. Some examples include:
- Ensuring that computers are locked while unattended
- Programming techniques that prevents software attacks
- Using two-factor authentication
Privacy
Privacy refers to the right for consumers to be free from unwanted attention or surveillance. Privacy is generally concerned with Personally Identifiable Information (PII). Some examples of PII are:
- Email addresses
- Phone numbers
- Addresses
- Birthdays
- Credit card details
- Even your fingerprint!
Together
We put security controls in place to limit who can access information, and we put privacy controls in place to limit the type of information that is accessible in certain places.
Security can be put into practice without privacy, but privacy cannot be put into practice without security.
Here’s an example. You might share personal information with your bank when you open an account. What happens after that? Here are three possible outcomes, all related to your personal information (not to the money in the checking account).
- Your privacy and security are maintained.
- The bank uses your information to open your account and provide you with services. They then protect that data.
- Your privacy is compromised, and your security is maintained.
- The bank sells some of your information to a marketer. Note: You may have agreed to this in the bank’s privacy disclosure. The result? Your personal information is in more hands than you may have wanted.
- Both your privacy and security are compromised.
- The bank gets hit by a data breach. Cybercriminals penetrate a bank database, a security breach. Your information is exposed and could be sold on the dark web. Your privacy is gone. You could become the victim of cyber fraud and identity theft.