Privacy Ref Blog

What is the difference between privacy and security?

One question that I am frequently asked is “what is the difference between privacy and security?” It sounds simple enough, but the response often gets complicated. Maybe an analogy will help.

Privacy, security, and windows

Consider a window in your home. It provides various functions for you. It allows you to look outside. It lets sunlight into your home. A window keeps weather outside. You can open a window to let in fresh air. In an emergency, you can use a window as an exit.

A window is also vulnerable. Just as you can use it as an egress, others can use it as an entrance. To protect against unwanted visitors, you can put bars or a grate in front of the window. This still allows you to keep all of the desired functionality the window provides. This is security.

Just as you can look out a window, others can look in. Preventing unwanted eyes from looking in can be addressed by putting a drape, a curtain, or a shade inside of the window. This is privacy. Obscuring the view inside of your home also provides a little security as intruders may not be able to tell when you are home or see the things you own.

Privacy, security, and business information

It is not much different in a business environment with regard to information. Security provides protection for all types information, in any form, so that the information’s confidentiality, integrity, and availability are maintained. Privacy assures that personal information (and sometimes corporate confidential information) are collected, processed (used), protected, and destroyed legally and fairly.

Just as the drapes on a window may be considered a security safeguard that also protects privacy, an information security program provides the controls to protect personal information. Security controls limit access to personal information and protect against its unauthorized use and acquisition. It is impossible to implement a successful privacy program without the support of a security program.

Just as the bars on a window help prevent intruders from entering into your home while allowing people to look inside, a security program can implement controls without regard from privacy. For example, a security program could require credentials to access a network without restricting access to personal information. You would have security, but no privacy as anyone with valid credentials can see all of the personal information your organization possesses.

  • author's avatar

    By: Bob Siegel

    Bob Siegel, the founder and President of Privacy Ref, Inc., has extensive professional experience in the development and improvement of privacy policies and procedures, the definition of performance metrics to evaluate privacy maturity, and the evaluation of compliance. He utilizes a combination of alignment, adaptability, and accountability strategies to guide organizations in achieving their privacy goals.

    He is a Fellow of Information Privacy (FIP) and a Certified Information Privacy Professional, awarded from the International Association of Privacy Professionals, with concentrations in U.S. private-sector law (CIPP/US), US public sector law (CIPP/G), European law (CIPP/E), and Canadian law (CIPP/C). He is also a Certified Information Privacy Manager (CIPM) and Privacy Technologist (CIPT).

    Siegel is a member of the IAPP faculty, has served on the Certification Advisory Board for the CIPM program the Publications Advisory Board.

    Siegel also writes the blog “Operational Privacy” on CSOonline.com

  • author's avatar

  • author's avatar

    Burying your head in the sand won’t make Data Protection requirements go away
    Privacy Ref and CyberDefenses Bring Privacy and Security Together
    Happy Data Privacy Day
    My Mother Understands
    Human Errors Will Create Privacy Issues

    See all this author’s posts

Privacy Ref provides consulting and assessment services to build and improve organizational privacy programs. For more information call Privacy Ref at (888) 470-1528 or email us at info@privacyref.com

Posted on May 24, 2016 by Bob Siegel
Tags: ,

« »

No Responses

Comments are closed.


« »

Subscribe to our mailing list

Please fill out the form below.

Required

Want to find out more?

Simply go to the contact page, fill out the form, and someone from Privacy Ref will be in touch with you. You can also send an email to info@privacyref.com or call (888) 470-1528.

News

May 10, 2017

Predictive Breach Cost Model
Download our predictive breach cost modelhere.

Latest Blog Posts

September 18, 2017

Burying your head in the sand won’t make Data Protection requirements go away
Recently, I had dinner with  a colleague that I had not seen in several years. Their company, a multinational with global operations, had undergone several changes in that time. When the dust settled, this friend had been tapped as "privacy manager". Along with corporate counsel (part time for privacy), they decided that, even under GDPR, they did not need a Privacy / Data Protection Officer . Huh? Continue reading this post...

August 14, 2017

Privacy Ref and CyberDefenses Bring Privacy and Security Together
There is a saying that you can have security without privacy, but you cannot have privacy without security. While privacy and security are both concerned with the protection of information held by an organization, security provides the means to meet the business requirements identified to meet privacy demands from regulators, customers, employees, and other stakeholders. Privacy Ref works with our clients to improve their business and operational practices for protecting personal information. Increasingly our clients’ have been looking for services to supplement their security practices, tools, and expertise. CyberDefenses fills this role. Continue reading this post...

Other Recent Posts

PRIVACY REF