Privacy vs. Security
When we talk about protecting ourselves online, the ideas of data privacy and data security (commonly shortened to "privacy" and "security") are often conflated and the terms used interchangeably. While these two work together, they describe two different aspects of data protection. In order to best protect our personal data, it is important to understand the differences between privacy and security.
Data Security
Data security is what we often hear people describe when discussing privacy or security. Data security relates to protecting data from unauthorized access, breaches, and other threats. It often involves implementing technical and organizational measures to protect data.
For you, the consumer of these services, security often includes taking proactive steps to protect your data, such as maintaining strong password hygiene by using unique complex passwords for each site or service, using multi-factor authentication when possible, securing Wi-Fi with a strong password, keeping anti-virus and other software up to date, recognizing phishing messages, and using a trusted VPN when using public Wi-Fi.
For organizations that you share data with, such as your employer, bank, social media, retailers, etc., this may include encrypting data, maintaining a strong access control policy that prevents people from accessing data that is not necessary for their role, maintaining secure backups of data, protecting their computers and servers with firewalls and anti-malware software, and conducting routine security audits.
Data Privacy
Data privacy relates to the rights that people have over their data, ensuring that personal data is collected, processed, and shared in accordance with relevant laws and regulations. It provides people with control over how their information is used.
Key aspects of data privacy include
- Consent and Transparency - People should give permission for their data to be collected. This includes transparency about what data is being collected, how it will be used, and who it will be shared with. This could also include limiting data collection to only what is necessary to perform a specific function, and only using data for that function.
- Control - People should have the ability to access their data, make corrections, and either delete their data themselves or request that their data be deleted.
- Compliance - Organizations must comply with relevant privacy laws and regulations, which set standards for collecting, processing, and sharing data. Some privacy laws that may be familiar are the General Data Protection Regulation (GDPR) in Europe, or the California Consumer Privacy Act (CCPA) in California.
- Security - Organizations should ensure that unauthorized people are not able to access personal information. Some regulations require organizations to be transparent about what security measures they take to protect personal information.
Managing your data privacy
Most of the products and services that we use collect and use personal information, and by agreeing to the terms and conditions of these services we are providing consent for them to do so. While we can't typically control every piece of information that is being collected, there are steps that you can take to manage your personal information.
Follow data security best practices
Securing your data is one of the easiest steps to take, to ensure that it does not fall into the wrong hands. The examples listed above in this article provide a good starting point if you are unsure of where to begin.
Limit what you share online
Be mindful of what personal information you share, both with companies you engage with, and on social media. If a company you engage with is breached, the data they have collected about you may become publicly available.
Public-facing social media provides a wealth of information that people can use in ways that you did not intend, such as using personal information to impersonate you, or to guess your security questions to gain access to your accounts. There have even been reports of homes being burglarized after posting vacation photos while still away.
Consider the value of a service, compared to the data they collect
Companies understand the value of personal data, and some try to collect as much of it as possible. When engaging with a company, service, or app, consider whether the data requested is necessary for the service being provided (for instance, does that game really need access to your photos, contacts, and GPS location), and whether you can opt out of data collection, or deny permissions, and still use the service or app.
Check privacy settings
Check the privacy settings on all of your devices, services, and apps occasionally. Many offer some degree of control over data privacy, but the default settings are often permissive and must be manually toggled to a more restrictive setting.
Companies may update their privacy policies on a regular basis, often in response to new regulations, and as a result new privacy settings could be implemented that need to be updated by you.
Below, you will find a link to a list of commonly used websites and services, with links to information about data privacy for each.
Keep your devices clean
Many modern mobile devices provide access to granular permission settings on a per-app basis. Check that app permissions aren't overly permissive, such as ensuring that apps can only access GPS while using them. Review your apps occasionally and consider deleting those which you haven't used in several months. Additionally, some devices provide the ability to completely turn off the microphone and camera until they are manually re-enabled.
By taking proactive steps to secure your data and manage your data privacy, you can reduce the risk of your data being compromised. We hope that this article provides some helpful guidance as you navigate the complexities of protecting yourself online.