What’s the difference between data security and data privacy?

Posted on March 11, 2018

By: Bart Baesens, Seppe vanden Broucke

This QA first appeared in Data Science Briefings, the DataMiningApps newsletter. Also want to submit your question? Just Tweet us @DataMiningApps. Want to remain anonymous? Then send us a direct message and we’ll keep all your details private. Subscribe now for free if you want to be the first to receive our articles and stay up to data on data science news, or follow us @DataMiningApps.

You asked: What’s the difference between data security and data privacy?

Our answer:

Although security is often related to privacy, they are not synonyms. Data security can be defined as the set of policies and techniques to ensure the confidentiality, availability and integrity of data at all times.

On the other hand, data privacy refers to the fact that the parties accessing and using the data do so only in ways that comply with the agreed upon purposes of data use in their role. These purposes can be expressed as part of a company’s policy, but are also subject to legislation. In this way, several aspects of security can be considered as necessary instruments to guarantee data privacy.

More concretely, data security pertains to the following concerns:

  • Guaranteeing data integrity: preventing data loss or data corruption as a consequence of malicious or accidental modification or deletion of data.
  • Guaranteeing data availability: ensuring that the data is accessible to all authorized users and applications, even in the occurrence of partial system malfunctions.
  • Authentication and access control: access control refers to the tools and formats to express which users and applications have which type of access (read, add, modify, …) to which data.
  • Guaranteeing confidentiality: this is the flipside of access control, guaranteeing that users and other parties cannot read or manipulate data to which they have no appropriate access rights.
  • Auditing: especially in heavily regulated settings such as the banking and insurance sector, it is key to keep track of which users performed which actions on the data (and at what time).
  • Mitigating vulnerabilities: this class of concerns pertains to detecting and resolving shortcomings or downright bugs in applications, DBMSs or network and storage infrastructure that yield malicious parties opportunities to circumvent security measures with respect to the aforementioned concerns.