The Intersection of Data Privacy and Security

You can have security without privacy, but you can’t have privacy without security. 

Before we dive into it, let’s first define Data Privacy and Data Security. While they overlap, they are distinct and should be understood as such. 

Defining Data Privacy and Data Security 

Data Privacy addresses the rights of individuals to control how and to what extent information about them, their personal information, is collected and used within organizations with whom they choose to interact. 

Data Security is about assuring the confidentiality, integrity, and availability of information assets — in this case, personal information.  

Simply put: data privacy generally refers to collecting, accessing, and using personal information, while data security is about keeping that information safe and secure.

The Intersection 

For data privacy, protecting personal information (also referred to as personal data or personally identifiable information) starts with privacy-by-design (PbD). PbD seeks to understand and define appropriate data security privacy controls and continues through ensuring those controls are successfully designed, engineered, deployed, and monitored. These privacy controls can exist within a product, service, IT system, or business process to provide for the proper access and use of an individual’s personal information. 

Recent transformations within the digital landscape have helped clear confusion between data being viewed as a valuable “asset” rather than a commodity to potentially be monetized. Data is a “non-fungible” asset, as Jackie Wright, the Chief Digital Officer at Microsoft, puts it. It cannot be replaced as it is unique to every individual, entity, or object. Moreover, data is the driving force behind many digital innovations and technological advancements and has been called the “new oil”, gaining considerable attention in public dialogue.  

As much as it is true that data brings a multitude of opportunities globally, the fact remains that equal serious security and privacy threats exist for the individuals whose personal information is being collected and used. 

Globally, organizations are collecting and producing more data than they can reasonably protect and use, which creates the need for ongoing and evolving data privacy and security policies, procedures, and controls. These enormous volumes of data exist across multi-cloud platforms, SaaS, and on-premise systems complicating efforts to manage data flows. Unstructured, untracked, unmapped, and seemingly, unprotected data, therefore, creates opportunities for threat actors to siphon and exploit it.  

This is all to say there is a growing need for data privacy and security protections. It is vital for organizations to protect the data they collect, monitor, use, and store – especially when it is categorized as personal or sensitive (the types of personal data most likely to cause harm if misused, and legally defined (differently!) by various data privacy and security laws). Organizations have the responsibility to collect, process, and use data in compliance with global privacy regulations, among them the GDPR, CCPA, PIPL, as well as others. Failure to comply with these laws can result in security breaches, voluminous fines, and more importantly, loss of brand reputation and consumer trust, especially for business-to-consumer organizations. 

Knowing all this, how can organizations tackle the daunting data security and privacy threats and challenges existing in today’s digital landscape? Some common strategies and methodologies provide a starting point and roadmap. 

A Fine Balance: Confidentiality, Integrity, and Availability 

Data security aims to ensure the confidentiality, integrity, and availability of information through the data lifecycle within an organization. Confidentiality, integrity, and availability are often referred to as the “CIA” of data security. Confidentiality means the prevention of unauthorized disclosure of information. Integrity ensures information is protected from unauthorized or unintentional alteration, modification, or deletion, and Availability means information is readily accessible to authorized users.  

Additionally, data security includes the concepts of accountability and assurance. For data security, accountability means entity ownership is traceable, while assurance means all other four objectives are met. These terms are specific to the data security world and provide helpful consistent nomenclature for those involved in data protection. 

Read Tackling Data Security and Privacy Risk for basic steps to ensuring privacy risks are kept in check.   

To learn more about how LevelUP Consulting Partners can help with your compliance and data stewardship challenges, contact Dave Cohen, Senior Manager at: 


Written by Amber Lesniak, Manager at LevelUP Consulting Partners

Google Maps
Sound Cloud