Data security and privacy are the pillars of data protection. Time passes and we are increasingly aware of this, especially when dealing with highly sensitive personal data. Like those of bank accounts and financial data in general. However, being able to better understand these concepts will help us further improve our practices and make the right decisions in relation to our most valuable asset: our data.
Following the similarity of the concepts, it is normal that there may be some confusion. In any case, any security check can be carried out only if the determined privacy considerations are met. Security protects data and privacy protects identity. However, we will detail the concepts later.
Data security and data privacy
Let’s talk first about data security . The focus of this is the prevention of unauthorized access to data sets. These accesses are those that lead to violations or attacks. To achieve security, organizations use tools and technological solutions such as firewalls , user authentication, network limitations and security practices adapted to each environment or organization. The encryption and tokenization processes can also be included in such a way that it is not possible to read the data in key phases of their traffic, by cybercriminals.
On the other hand, the privacy of the data is responsible for ensuring that the data; whether processed, stored or transmitted are consumed according to regulations and standards. Also, that this data can be manipulated with the consent of whoever owns them.
Let’s put both concepts in context. Suppose you download any application on your mobile. Before downloading, you should have noticed that there is a privacy agreement and that you must accept it before proceeding to the installation. From there, the application could ask to access personal data such as contacts, location history, photos and documents. Once you have provided those permissions, the developers responsible for the application must secure your data and protect their privacy. Unfortunately, that does not happen frequently.
Violations of data security and privacy are frequent events. A situation that occurs is that the developers of an application do not comply with their own privacy policies and decide to sell your personal data to third parties or marketing companies. This is a violation of privacy. On the other hand, if the company responsible for the application suffers some kind of attack or violation that allows the exposure of your data, then it is a failure in the implementation of security measures. In either case, both security and privacy are at risk.
Examples of data security and privacy standards
PCI DSS
The acronym for PCI DSS responds to Payment Card Industry Data Security Standard . In other words, they are data security standards oriented to the credit / debit card industry. This standard helps ensure the security of credit card transactions. Its base consists of operations that contribute to the protection of privacy and the assurance of card data. Any lender dedicated to card processing and transactions must comply with this standard. Failure to do so may have several legal consequences, due to the delicacy of each of the millions of transactions generated daily.
GDPR
The acronym of GDPR responds to General Data Protection Regulation . This regulation (which is a law) is in force in all countries of the European Union. It establishes important terms, in addition to definitions regarding who are the people whose data should be protected, the types of data and how they should be managed and secured. Any organization that has the responsibility of manipulating data of citizens of the European Union, is subject to compliance with this law.
