Privacy vs. Security

privacy vs security

It seems as if everyone is talking about privacy – or wait, is it security? First there was the WikiLeaks data leak by Julian Assange; then there was the NSA data leak by Edward Snowden which brought to light the NSA’s spying on American citizens; and most recently, several customer data breaches in the retail industry.

According to Wikipedia, privacy is “the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively.”

In simple terms, privacy amounts to the ability of an individual or group to control what data, or in tech terms, personally identifiable information (PII), is given to an organization, specifically data collection agencies or companies.

I usually give the following example about privacy to my students. “Privacy is when somebody comes up to you and asks to borrow five dollars. You have five ones in your pocket but you tell the individual that you only have two dollars. You give two dollars and keep the other three. Or, somebody asks for five dollars, but you say that you have no money. You keep the information that you have five dollars to yourself.”

Of course with websites like and – and with the massive amounts of data gathering they do – the person who asks you for five dollars probably already knows you have five dollars, and knows that you’re lying if you say that you don’t have any money.

Here’s another example of how our privacy has been eroded – this story first appeared in both The New York Times and Forbes back in 2012. A girl purchased a variety of products at a general merchandise store over time, but thanks to data mining, the store sent her baby-related sale coupons. The store was able to postulate that she was pregnant before even she knew she was pregnant. The story appeared in mainstream media pubs (The New York Times and Forbes), not information security pubs, so the positive result is that people are becoming more aware of the value of their personal information.

However, many people bring privacy breaches upon themselves. I’ve seen snail mail addresses, phone numbers, and birthdates on Facebook. There is no possible way that people can expect privacy when those types of data are posted out in the open. Public data is mined and can be harvested, packaged, and sold to anyone. The data can then be resold to advertisers who want to entice you to buy their products.

According to Wikipedia, security is “the degree of resistance to, or protection from, harm. It applies to any vulnerable and valuable asset, such as a person, dwelling, community, nation, or organization. Security (also known as cybersecurity) is information security as applied to computers and computer networks and data. The field covers all the processes and mechanisms by which computer-based equipment, information and services are protected from unintended or unauthorized access, change or destruction.”

The three tenets or cornerstones of security are confidentiality, integrity, and accessibility. Based on my experience, security is different from privacy in that security is the protection of information from theft. While others might disagree with me, a breach of any type, network or computer, leads to the theft of some type of information, whether it’s the physical theft or the corruption of information. Unplanned events, both natural and man-made disasters, are part of the security umbrella because they can lead to loss of accessibility to data, which is part of the three tenets of security.

Back to the example I began about the five dollars. Here’s how I explain security: Somebody tries to rob you of the five dollars in your pocket. The police officer comes and arrests the man after he steals your five dollars from you right after he gets away, months later, years later. And sometimes, security is keeping the money in a plastic bag zipped in your pocket while it’s in a washing machine. When you take your pants out of the washing machine, your five dollar bills are still in good shape. This may be a simplistic explanation, but sometimes, simplicity makes the concept understandable.

Businesses are hit from both sides: people and computers trying to breach your privacy as well as those trying to breach your security. It could be argued that businesses should have no expectation of privacy, but specific industries and compliance requirements will determine how much privacy protection are required (for example, banking, government, healthcare, etc.). Security is another issue. All businesses are required to take appropriate security measures regardless of size or industry.

Memorize this reminder: Privacy is a matter of what you are willing to give while security is what someone – whether group, person, entity, disaster – is trying to take from you.

Article in NY Times: How Companies Learn Your Secrets

Article in Forbes

Image Credit: Stuart Miles via

IBMThis post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. I’ve been compensated to contribute to this program, but the opinions expressed in this post are my own and don’t necessarily represent IBM’s positions, strategies or opinions.

wordpress blog stats

About Allan Pratt

Technology and cybersecurity professional with focus on tech news, cybersecurity, networking, infrastructure, data protection, consumer electronics, and social media.
This entry was posted in Cybersecurity, Data Security, Network Security, Online Privacy, Online Security, Privacy Rights and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s