Data Security vs. Data Privacy

Posted on July 23, 2019
Data Security vs. Data Privacy

The importance of securing of our data, and privacy of our personal information, are primary concerns in today’s connected world. There is a distinction, however, between “privacy” and “security,” that is not always understood.

Data privacy is about regulating entities that have legal access to it, such as social media sites and telecom companies. Data security, on the other hand, is about protecting data from those who are not authorized to access it. Rules around data privacy, therefore, inform data security regulations and enforcement.

It might sound like a small difference, but the implications are huge. Privacy and cybersecurity are major issues in every aspect of today’s world. Companies are required to comply with privacy laws, but how do regulatory bodies ensure that those laws are, in fact, protecting people’s data? It’s not so easy.

The goal of data security is to protect data such as social insurance and credit card numbers from cybercriminals. IT security professionals use identity and access management tools, as well as permissions management and user behavioural analytics to establish identity.

There is a point where data security infringes on people’s right to data privacy. For instance, websites can record keystrokes and hand movements, and information can be legally gathered from a smartphone by tech companies and other entities. How are these companies handling this sensitive data? What should the limits be on what a company can do in the name of data security?

In Europe, people can have their data deleted, and explicit opt-in consent is needed for companies to obtain personal data. In the U.S., legislation varies depending on the industry, and different rules apply for the financial, healthcare, education and law fields.

In Canada, The Personal Information Protection and Electronic Documents Act (PIPEDA) provides rules around data collection and usage. Basically, companies need consent to collect, use or disclose personal information. They must limit it to what “a reasonable person would consider appropriate in the circumstances.” By law, individuals have the ability to access the information they have provided and make changes or correct mistakes.

Personal data has become a treasured commodity. Companies are always accessing it, and thieves are always trying to steal it. The problems surrounding data privacy and security threaten to become larger, not smaller. Dealing with the issues thoroughly and responsibly today will bode better for the future.


The topic of this article is covered in the curriculum for the Schulich ExecEd program Masters Certificate in Analytics for Leaders (starting Sept. 16, 2019). This tailored program provides an introduction to the concepts of Big Data and Predictive Analytics. It is designed for professionals who want to learn how to interpret, analyze, communicate and present data with confidence.