Organizations commonly believe that keeping sensitive data secure from hackers means they’re automatically compliant with data privacy regulations. This is not the case.
Data Security and data privacy are often used interchangeably, but there are distinct differences.
Data Security protects data from compromise by external attackers and malicious insiders.
Data Privacy governs how data is collected, shared and used.
Consider a scenario where you’ve gone to great lengths to secure personally identifiable information (PII). The data is encrypted, access is restricted, and multiple overlapping monitoring systems are in place. However, if that PII was collected without proper consent, you could be violating a data privacy regulation even though the data is secure.