,With Data Privacy Day here once again, you may be asking yourself two common questions:
A quick search online appears to often intertwine the two topics, so let’s have some fun with a short quiz to test your perspective.
Which of these recommendations would you characterize as a data security or data privacy best practice?
Check your answers:
If you answered, “data security” to each question, you might be right
If you answered, “data privacy” to each question, you might also be right
Yeah, it’s complicated.
“Data security” is often defined as being an access control problem to manage, while “data privacy” is usually defined as being a data governance policy for moderating a data exposure problem. Why is that?
Just like the lock that guards your door, data security tends to be a more black-and-white, definitive, control for determining access. For example:
Data privacy, on the other hand, tends to be more nuanced around controlling the gray area of limiting data exposure to abuses or misuse, and has a lot to do with policies that define the context or circumstances of enabling appropriate data use:
These two areas are certainly related: Data security can be an effective control that protects data access, but between the two extremes of open access and locked-down protection, data privacy is that gray area in-between that moderates and governs data exposure and considers the risks to data use.
“Data Privacy” helps answer a fundamental question: If I am authorized to have access to secured data, is the data exposed appropriately and used in alignment with the policies of the data owner, data user, and any other stakeholders?
Going back to our quiz, let’s see if we can better differentiate these activities below for more clarity with regard to a data security best practice vis-à-vis a data privacy one.
Can we better assess the context of data use as it differentiates to solving data privacy concerns?
As you saw from the earlier graphic, there is a gray area that focuses primarily on context of use and that’s where data privacy mostly applies, since there is no perfect answer between the security scope of data locked down (unusable) vs. data without security controls (in the clear).
It’s a matter of data risk exposure:
Today there are a myriad of new data privacy mandates, from the GDPR, to the CCPA, to LGPD, PDPA, and beyond. These mandates are intended primarily to protect consumer privacy (i.e., data exposure) by requiring personal data protection and consumer approval for how the data is being used. And, in addition to requiring strong data security controls, there’s also an accountability to supporting privacy rights with transparency into how data is used to further align policies with expectations.
While security tools such as data encryption or data masking can help protect data privacy, they require data privacy governance for intelligent decision making to determine whether exposure is appropriate (and when the exposure is not appropriate, how to fix it!).
Data privacy governance helps enable:
Informatica addresses both sides of the coin for security and privacy, offering security technologies such as persistent data masking, dynamic data masking, and related technologies to anonymize and pseudonymize data by reducing the sensitive data attributes exposed in records and files. Rather than purely encrypting data and files to make them unusable, data masking is more nuanced by limiting data privacy exposure through conditional use that reflects best-practice policies.
However, going one step further, Informatica’s data privacy governance solutions that bring together policy controls, data discovery and classification, identity mapping, risk analytics and remediation, and auditing and reporting on a single, consistent platform are able to apply security controls more effectively using automation, AI, and metadata intelligence to drive expected behavior. It’s like having an invisible hand to help toe that fine line between opportunity vs. risk. Here’s why…
Instead of locking down data to secure it from any and all exposure, data privacy governance applies metadata intelligence and automated controls to help ensure that personal and sensitive data is used appropriately. And that’s something we can all agree on!
Companies can derive more intelligence from their consumers to develop and improve products and services, creating more stickiness and loyalty—and consumers receive a customized user experience within the scope of their privacy rights, enabled by trust.
Organizations can feel confident when applying security controls for privacy to democratize data use—safely—and unleash more business value across the enterprise, while complying with global privacy mandates. A win-win scenario.