Crash Course: Data Security vs. Data Privacy

Crash Course: Data Security vs. Data Privacy

IdentityTheft.Sucks, plain and simple. When Equifax, one of the nation’s three major credit reporting agencies, was subjected to a massive hack that compromised millions of customers’ personal data—including credit card information, social security numbers and other personal details—many Americans were faced with a tough reality: we’re far less safe from data breaches than we think.

Many would be quick to claim that Equifax.Sucks for allowing sensitive personal information on 145.5 million consumers to be leaked to unknown sources. The problem might not be Equifax itself though. Instead, it could be how little we really know about our own data security online. After all, data privacy is not the same thing as data security online—and it’s important to know the difference.

In light of these events, here’s a quick crash course on what you need to know.

Data Security vs. Data Privacy

Did you know there’s a difference between data security and data privacy? Many people don’t. Data security is “the confidentiality, availability and integrity of data” whereas data privacy is the “appropriate use of data.”

Data security means that designated parties or companies must keep accurate data, destroy unneeded information and prevent unauthorized access to said data. This is where Equifax failed. By allowing a massive data breach, Equifax betrayed the data security of its customers.

Data privacy is what prevents companies from selling or renting your information to third parties. Collected data should only be used for the purpose originally intended and the Federal Trade Commission (FTC) will penalize anyone who does not comply. No one can share, sell or rent your data and information without prior approval.

Breaking It Down

So what does this all mean? Imagine you have a very nice car. You want to keep unauthorized parties out and away from your personal effects and valuables. In order to do this, you may keep the door locked, set an alarm and park in a secured lot. This is like data security, where the primary objective is keeping bad guys (burglars or hackers) out.

Some people are allowed in your car, though. Family and friends, rideshare participants, police/authority figures and mechanics. When, why and how these people are allowed in your car must be regulated. No one should just be able to take the keys and start driving around. Family and friends may have to ask for permission; rideshare participants may have to use a third party app to form an “agreement” between driver and paying passenger; police or other authority figures may need a warrant; mechanics need your okay to inspect or tinker with your vehicle.

These regulated permissions that prevent just anyone from accessing your car at will are like data privacy—certain, authorized figures have reasonable access, but not unlimited. After all, it’s still your car (or data)!

The Takeaway

Companies that store your data are responsible for keeping your information safe from malicious individuals. They are also required by law not to use your data in a way that goes against the terms and conditions to which you agreed. Unfortunately, it’s impossible to avoid all things digital, so it’s up to you to use your best judgement when dishing out your personal info. If a company has been hacked or breached in the past, maybe think twice before using their services online.

Make sure you understand the basics of digital security and online issues, including how to protect yourself online. Keep up to date with our Crash Course series, which details digital issues like the importance of net neutrality. After all, the net can be a great place—if we want it to be.

If security and privacy are important to you, you can also spread your message with domains like PrivacyBreaching.Sucks or DataFraud.Sucks.

Photo Credits: Shutterstock / Gorodenkoff, Shutterstock / Yuttanas, Shutterstock / Africa Studio