The terms “privacy,” “cybersecurity,” and “data protection” are thrown around, ignorantly and interchangeably despite the noteworthy differences between them. You can have privacy and data protection with poor cybersecurity (likely dumb luck). You can employ strict cybersecurity measures and still lose the battle on data protection and privacy. Accordingly, any business leader must comprehend all 3 concepts and attribute sufficient resources to promoting each.
Rooted in the 4th Amendment of the United States Constitution, which prohibits government intrusion into the private lives of its citizens absent probable cause of a crime, the concept of information or data privacy is now enforced against private companies, in favor of consumers. Now, state laws and federal agencies like the Federal Trade Commission and the Department of Health and Hospitals prohibit entities, both public and private, from utilizing and selling private information absent informed consent.
Data privacy refers to the data owner’s rights to have his/her information kept from public disclosure, or alternatively, provided only for certain purposes or to certain individuals. The concept of privacy continues to evolve and with the influence of the GDPR, now encompasses the handling, processing, storage, and use of an individual’s information.
Cybersecurity is a term that refers to the digital and physical protection of networks, programs, and computer systems against attacks ranging from dismantling network operability to data theft. Cyber criminals conduct these attacks to steal trade secrets, pressure individuals/entities to undertake desired actions, impair business function for competitive advantages, and access, alter, or destroy sensitive information for personal profit.
Common cybersecurity tactics and processes involve using anti-malware software to detect and deter signs of an ongoing or threatened cyber-attack, routine password changes, multifactor authentication techniques to safeguard network access, using modern hardware and software, and imposing access controls and restrictions to prevent both insider threats and third-parties from engaging in detrimental acts.
3. Data Protection:
A combination of the priorities of privacy and cybersecurity, data protection is the practice of preventing access to and exfiltration of data by unauthorized parties through different mechanisms, namely encryption, masking, erasure, authentication, and routine risk assessments.
Sometimes referred to as the “CIA,” the three components of data protection are confidentiality, integrity, and availability – each distinctive and equally important: (1) Confidentiality ensures that data is accessed only by authorized individuals; (2) Integrity ensures that information is accurate and reliable; and (3) Availability ensures that data is both available and accessible to satisfy business needs in its accurate and reliable state.