Data privacy vs data security: what's the difference and why you should care?
The world is a dangerous place. Cybercrime is on the rise, and an inexorable worry for many people operating online is that they fall foul of hackers or cybercriminals trying to gain access to their data. When addressing data privacy and data security, we often use the terms interchangeably. But should we? What’s the difference between data privacy and data security – and ultimately, should we care about the distinction between the two?
Data privacy and data security are interlinked, but they are distinct elements – and each has their relevance to people’s safety online. Data privacy looks at how policies and procedures are developed to collect, store, share, and use people’s personally identifiable information, or PII. PII is a concept enshrined in many recent data regulations, including the European Union’s General Data Protection Regulation, or California’s equivalent CCPA.
Data privacy is the importance of keeping that PII – which can include names, phone numbers, addresses, and medical history, among other things – secure. Get it wrong and you can be hit with hefty fines and enforcement action – which is why companies, particularly in Europe in recent years, have spent so much time and effort working on how they can maintain their data privacy principles.
Data privacy is a concept that we now take for granted: we expect it to happen by default, and are willing to go to authorities if it doesn’t. It’s about the way that data is handled, and often comes down to the methods and means that individual employees use when accessing and transferring such PII data.
Breaches of data privacy – whether small, such as not BCCing in recipients to an email, leaving their email addresses exposed, or big, such as being victim of a hack attack that allows people to secret away millions of email addresses and passwords – are potentially damaging. But one way of mitigating data privacy breaches on the malicious, rather than accidental end, is to ensure that data security principles are solid in a company.
For any company, it is important to understand what personal information might have been exposed, now circulating on the Darknet or waiting to be exploited by threat actors.
To see if any of your online accounts were exposed in previous security breaches, use our personal data leak checker with a library of 15+ billion breached records.
Preventing data breaches from within – a breach of data privacy – is difficult, but can be mitigated by proper employee training and good policies that are carefully followed. More difficult is preventing data breaches from outside an organisation. That requires ensuring strong data security.
Data security is concerned with the confidentiality, availability, and integrity of information that an organisation holds. If data privacy policies and procedures are designed to stop someone from accidentally opening the drawbridge to hackers, then data security involves building strong fortifications to prevent them breaking through.
It’s a fine line to walk between being so secure your defences are impenetrable, and making sure that your employees still have easy access to the data they need. You’ll want to utilise sensible storage solutions and methods, data encryption, responses to breaches, and lock up accounts with multi-factor authentication, as well as strong passwords.
In our password leak checker, you can learn whether your password has been compromised, thus leaving you vulnerable to cyber attacks. Our database contains almost a billion leaked passwords. If you’re struggling with creating a strong password, you can also use our randomized password generator.
Having strong data security leads to better data privacy – and it’s for this reason that the two things which are distinct still have a connecting bond. Without one, you can’t have the other – but it’s important that you know the distinction, because enabling strong data privacy standards in an organisation means nothing if you don’t have the corresponding level of physical and digital data security. You can lock up your data in the digital equivalent of Fort Knox but come a cropper because of poor data privacy practices within your staff.