By Arrka, Jan 20th 2023
Over the last decade, we have been hearing this topic of ‘Security vs Privacy’ being debated ad nauseum. A ‘debate’ that is, in our opinion, superfluous as it is not a ‘vs’ debate in the first place.
Let us take a step back and understand some fundamental aspects.
Data Privacy is all about – and only about – Personal Data. From an organization’s perspective, ensuring the security of this Personal Data is an integral aspect of Data Privacy. And what do we mean by the term ‘Security’ here? We specifically mean ensuring the Confidentiality, Integrity and Availability (commonly referred to as the ‘CIA’ pillars) of the data.
However, does Data Privacy stop with only the securing of Personal Data? No, it does not. It also involves ensuring a host of other aspects. For eg, ensuring Personal Data gets used only for those purposes the user has given her consent to, limiting what Personal Data gets collected to the purposes outlined, disclosing data further only as allowed and for specific purposes, being fair and transparent, etc. Essentially all the various Data Privacy Principles – and other aspects – that are encapsulated in Data Privacy or Personal Data Protection laws.
When an organization implements a Security Program, the program has all organizational data under its purview – not just Personal Data. Hence, the security of Personal Data gets addressed here. Within this program, specific enhanced security measures for Personal Data Sets can and are implemented.
However, when the organization rolls out other aspects of Privacy (other than security of Personal Data), the same are applied only to the organization’s Personal Data.
Further, the two programs will need to use different sets of frameworks to implement and manage various aspects.
Hence, the two are rolled out as two separate programs where the security of Personal Data is brought under the umbrella of the Security Program while the other aspects of Privacy are kept under the umbrella of the Privacy Program.
On a different note: Both the programs may come under the purview of the same person/group. For eg, the CISO may also take on the responsibility of the Privacy program in addition to the Security Program. Who runs the programs should not be confused with the need to run them as two distinct and different programs.
To understand more or to implement your privacy and/or security programs, do contact us