Privacy

Privacy is important for every individual and every organization. Privacy threats include data breaches and companies who overshare, violating their privacy promises regarding customer information. Privacy is the subject of rapidly growing laws and regulations and is worth attention from every organization. For organizations, sound privacy practices can be good for business and avoid a legal problem. For individuals, privacy awareness is important for each of us and our families.

Privacy’s origins and the types

We can think of four main areas of privacy:

  • Information privacy (data privacy)
  • Communications privacy
  • Territorial privacy
  • Bodily privacy

My focus here is information privacy, the information (data) about consumers (including you and me) that is collected, stored, used, and shared.

Data privacy vs. cybersecurity and information security

For simplicity I have combined cybersecurity and information security into the single blue circle in this Venn diagram. Cybersecurity and information security is about securing information and information systems, in any form or location, physical or digital. (I think of cybersecurity as a subset of information security, as I discuss in my introduction to information security article).

Then, data privacy (information privacy) is mostly about individual rights and organization decisions about how personal information about the individual is collected, stored, secured, shared, and used.

Thus, data privacy includes security, but also other many other elements. And cybersecurity involves securing many types of data and information systems, including individual (consumer) personal information but also others. So that’s why they intersect in a large part but each also has distinct components. The intersection is not to scale, and is probably much larger, but I wanted the graphic to be clear and text visible.

Privacy laws and regulations

Here’s a few helpful thoughts to keep in mind:

  • “Privacy laws” and “cybersecurity laws” overlap. Indeed, almost every privacy law has a cybersecurity and data breach reporting component.
  • The U.S. legal framework for privacy laws and regulations is a patchwork.
  • A patchwork of laws and regulations, state vs. federal, and overlapping regulators and laws.

The European Union’s General Data Protection Regulation (GDPR) went into effect in 2018 and applies to many U.S. organizations who collect personal information of EU citizens.

In the U.S., the Federal Trade Commission Act carries some privacy protections for consumers with requirements for business. Individual sectors such as finance and health have their own privacy requirements.

In the absence of an overarching federal privacy law, states have started to enact their own privacy statutes, starting with California then followed by others. The reach of these state laws extends beyond the borders.

Typical privacy legal requirements

  • Notice about privacy practices; how the company collects, stores, uses, and shares information about the consumer.
  • Ability to access data about the consumer, correct it, ask it be deleted or limit processing, or transfer data to another service provider.

A business privacy program should generally follow these principles:

  • Be lawful, fair, and transparent
  • Limit collection, use, and processing of personal data
  • Keep personal data only as long as needed (then purge)
  • Keep personal data accurately
  • Keep personal data secure with good cybersecurity
  • Be accountable for the above.

For organizations, privacy is a component of information governance

This management can start with Bandler’s Three Platforms to Connect for compliance concept to align legal requirements with internal policy and company action. These should also be aligned with the Fourth Platform of business mission. When we add guidance to help us we have the Five Components for Policy Work.

Cybersecurity is a component of privacy, and a solid cybersecurity program protects organizations from cybercrimes such as data breaches, ransomware, and email based thefts as covered in earlier articles. Protection can start with Bandler’s Four Pillars of Cybersecurity which anyone can understand.

For individuals, privacy is important too

Conclusion

This article is (of course) not tailored to your circumstances, nor is it legal or consulting advice.

Additional reading

Copyright John Bandler all rights reserved.

Posted to Medium on 12/06/2022 based on my earlier article on my website. Last updated here on 12/06/2022.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
John Bandler

Cybersecurity, cybercrime prevention, privacy, law, more. Attorney, consultant, author, speaker, teacher. Find me at JohnBandler.com