Data Privacy? Data Protection?


What’s the difference?

I’m sure you have heard or used the terms data privacy and data protection. The two terms data privacy and data protection are often used interchangeably. However, there is an important difference between the two terms that you may not know or fully understand. To keep it simple, data privacy is defined as who has access to data, and data protection provides the tools and policies to restrict access to the data. Another way to look at the terms is that data protection is a technical issue, while data privacy is a legal one. These differences matter since they're intertwined into the overarching issues of privacy and cybersecurity. Keep in mind as you continue to read that you can’t have data protection without data privacy, and you can’t have data privacy without data protection.


Data Privacy

Data privacy is a policy or guideline for how data should be handled or collected based on the type of data and its sensitivity/importance. Data privacy generally applies to a person’s medical records, social security number, and financial information to name a few. These types of information usually fall between PII (Personally Identifiable Information) or PHI (Personal Health Information). Data privacy helps ensure that a persons’ sensitive information is only accessible by approved parties. It also prevents criminals and unauthorized parties from being able to view, copy, steal or maliciously use data.


So, why is data privacy important? Per snia.org, the answer to this question comes down to business imperatives:

  1. Business Asset Management: Data is perhaps the most important asset a business owns. We live in a data economy where companies find enormous value in collecting, sharing, and using data about customers or users, especially from social media. Transparency in how businesses request consent to keep personal data, abide by their privacy policies, and manage the data that they’ve collected, is vital to building trust with customers who naturally expect privacy as a human right.

  2. Regulatory Compliance: Managing data to ensure regulatory compliance is arguably even more important. A business may have to meet legal responsibilities about how they collect, store, and process personal data, and non-compliance could lead to a huge fine. If the business becomes the victim to a hack or ransomware, the consequences in terms of lost revenue and lost customer trust could be even worse.

Data Protection

Data protection is a set of processes and strategies that are used to secure the availability, privacy, and integrity of an organization’s data. Data protection has also been referred to as data security. Data protection strategies are vital for any organization that collects, handles, or stores sensitive data within its network. A successful data protection strategy can help prevent the loss of data, theft, or corruption while also helping to minimize the damage that could be caused in the event of a breach or disaster. The extent of data protection goes beyond just the notion of data usability and availability to cover areas such as data preservation, immutability, and deletion/destruction.


Deploying methodologies and technologies to make data available and protecting it under all circumstances are key principles of data protection. These data protection principles can cover operational data backup and BCDR (Business Continuity/Disaster recovery) while implementing aspects of data management and data availability.


There are key data management aspects that are relevant to data protection, those data management aspects are as follows:

  1. Data availability—ensuring users can access and use the data required to perform business even when this data is lost or damaged.

  2. Data lifecycle management—involves automating the transmission of critical data to offline and online storage.

  3. Information lifecycle management—involves the valuation, cataloging, and protection of information assets from various sources, including facility outages and disruptions, application and user errors, machine failure, and malware and virus attacks.


What Does This Mean?

Truth be told, you can’t have data privacy without data protection and vice versa. According to the Storage Networking Industry Association (SNIA), the laws and regulations that cover "the management of personal information" are typically grouped under "privacy policy" in the United States and under "protection policy" in the EU (European Union) and elsewhere. This makes it more confusing, but just remember that you can’t have data privacy without data protection and data protection without data privacy. We will discuss more the differences between the United States and EU policies for data protection.


If you or your organization collects, stores, or uses an individual’s private information, I highly recommend that you ensure your current data protection strategies and data privacy policies are updated to meet operational needs. Unfortunately, I won’t be much of assistance with any types of policies however, I can be of assistance with appliances and software that could help with data protection. Dell Technologies has an extensive portfolio dedicated to data protection, cloud storage, cyber recovery, and more. Dell’s PowerProtect Data Manager (PPDM) is software that can be used to manage small, medium, or enterprise-level data. PPDM will provide software-defined data protection, automated discovery, deduplication, self-service, operational agility, and IT governance for virtual, physical, and cloud environments. This is just one solution available by Dell Technologies, if you were interested in learning more reach out to us for more information.


If you are interested in reading more from me or other members of my team, check out our team's website, to read more blogs or watch some of our podcasts and sound bites. I’ve left some additional links below for additional information as well. Stay on the lookout for more information from me and if you have anything specific you want me to talk about, leave a comment and I will do my best to answer.


Links


References

Principles of Data Protection: Data Protection Commission. Principles of Data Protection | Data

Protection Commission. (n.d.). Retrieved April 11, 2022, from https://www.dataprotection.ie/en/individuals/data-protection-basics/principles-data-protection


Robinson, R. (2022, February 22). Data Privacy vs. Data Protection. Ipswitch. Retrieved April 11,

2022, from https://www.ipswitch.com/blog/data-privacy-vs-data-protection


What is Data Privacy? SNIA. (n.d.). Retrieved April 11, 2022, from

https://www.snia.org/education/what-is-data-privacy

41 views0 comments

Recent Posts

See All