Privacy Ref Blog

What is the difference between privacy and security?

One question that I am frequently asked is “what is the difference between privacy and security?” It sounds simple enough, but the response often gets complicated. Maybe an analogy will help.

Privacy, security, and windows

Consider a window in your home. It provides various functions for you. It allows you to look outside. It lets sunlight into your home. A window keeps weather outside. You can open a window to let in fresh air. In an emergency, you can use a window as an exit.

A window is also vulnerable. Just as you can use it as an egress, others can use it as an entrance. To protect against unwanted visitors, you can put bars or a grate in front of the window. This still allows you to keep all of the desired functionality the window provides. This is security.

Just as you can look out a window, others can look in. Preventing unwanted eyes from looking in can be addressed by putting a drape, a curtain, or a shade inside of the window. This is privacy. Obscuring the view inside of your home also provides a little security as intruders may not be able to tell when you are home or see the things you own.

Privacy, security, and business information

It is not much different in a business environment with regard to information. Security provides protection for all types information, in any form, so that the information’s confidentiality, integrity, and availability are maintained. Privacy assures that personal information (and sometimes corporate confidential information) are collected, processed (used), protected, and destroyed legally and fairly.

Just as the drapes on a window may be considered a security safeguard that also protects privacy, an information security program provides the controls to protect personal information. Security controls limit access to personal information and protect against its unauthorized use and acquisition. It is impossible to implement a successful privacy program without the support of a security program.

Just as the bars on a window help prevent intruders from entering into your home while allowing people to look inside, a security program can implement controls without regard from privacy. For example, a security program could require credentials to access a network without restricting access to personal information. You would have security, but no privacy as anyone with valid credentials can see all of the personal information your organization possesses.

  • author's avatar

    By: Bob Siegel

    Bob Siegel, the founder and President of Privacy Ref, Inc., has extensive professional experience in the development and improvement of privacy policies and procedures, the definition of performance metrics to evaluate privacy maturity, and the evaluation of compliance. He utilizes a combination of alignment, adaptability, and accountability strategies to guide organizations in achieving their privacy goals.

    He is a Fellow of Information Privacy and a Certified Information Privacy Professional, awarded from the International Association of Privacy Professionals, with concentrations in U.S. private-sector law (CIPP/US), European law (CIPP/E), and Canadian law (CIPP/C). He is also a Certified Information Privacy Manager (CIPM) and Privacy Technologist (CIPT).

    Siegel is a member of the IAPP faculty, has served on the Certification Advisory Board for the CIPM program the Publications Advisory Board.

    Siegel also writes the blog “Operational Privacy” on CIO.com

  • author's avatar

  • author's avatar

    Happy Data Privacy Day
    My Mother Understands
    Human Errors Will Create Privacy Issues
    EU-US Privacy Shield is coming. Now what?
    Three privacy thoughts to start 2016

    See all this author’s posts

Privacy Ref provides consulting and assessment services to build and improve organizational privacy programs. For more information call Privacy Ref at (888) 470-1528 or email us at info@privacyref.com

Posted on May 24, 2016 by Bob Siegel
Tags: ,

« »

No Responses

Comments are closed.


« »

Subscribe to our mailing list

Please fill out the form below.

Required

Want to find out more?

Simply go to the contact page, fill out the form, and someone from Privacy Ref will be in touch with you. You can also send an email to info@privacyref.com or call (888) 470-1528.

News

February 8, 2017

New On-Line Class Offering
Learn more about privacy program fundamentals with Bob Siegel and Privacy Ref. Find out more about this offering on our On-Line Classes Page.

Latest Blog Posts

April 12, 2017

Planning for Summit 2017
With the IAPP Privacy Summit less than a month away, it is time to start planning what you will be doing there.  If you are going to the Summit this year, there are a large number of sessions, speakers, and exhibitors for you to check out and learn from.  This stands alone from the thousands of attendees, all of whom have some level of privacy expertise and experience that you can learn from. Continue reading this post...

March 23, 2017

It’s just a leak
In recent weeks, leaks have been at the forefront of news.  This is mostly in a political spectrum, but it illustrates the importance of managing how information flows through an organization.  There have been examples other than those coming from the White House though. Being non-political in nature, they have different consequences and lessons to be learned. Continue reading this post...

Other Recent Posts

PRIVACY REF