What is Privacy?
When something is private to a person, it usually means that something is inherently special or sensitive to them.[i] Privacy is a nebulous philosophical, legal, social, and technological concept that means different things to different observers. In an influential 1890 Harvard Law Review article, Samuel Warren and Louis Brandeis, who later became a Supreme Court Justice, famously defined privacy as “a right to be let alone.”[ii]
Privacy and Security Terms
The privacy domain overlaps with security, including the concepts of appropriate use and protection of information. Some terms are insightful in bridging the understanding of privacy and security. Here are a few of those terms:
Authentication is how an entity (such as a person or computer system) determines whether another entity is who it claims to be.
Authorization, in the context of information security, determines if the end-user is permitted to have access to the desired resource, such as the information asset or the information system containing the asset. Authorization criteria may be based on organizational role, level of security clearance, applicable law, or a combination of factors.
Accountability is implementing appropriate technical and organizational measures to ensure and demonstrate that personal data handling is performed per relevant law. Accountability is a fair information practices principle. Due diligence and reasonable steps are taken to ensure that personal information will be protected and handled consistently with relevant law and other fair use principles.[iii]
Data Breaches are the unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by a data collector.[iv] Breaches do not include good faith acquisitions of personal information by an employee or agent of the data collector for the data collector’s legitimate purpose. The personal information is not used for a purpose unrelated to the data collector’s business or subject to further unauthorized disclosure.
Information Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.[v]
A Security Breach occurs when an unauthorized party bypasses security measures to reach protected areas of a system. A security breach can put the intruder within reach of valuable information such as company accounts, intellectual property, and personal information that might include names, addresses, Social Security numbers, and credit card information.[vi]
Privacy, Security, and Intellectual Property
Some regard privacy and security as the same thing. The two sometimes overlap in a connected world, even though the specific differences are complex. They are not the same. Knowing how they differ may help protect individuals in an increasingly connected world.
Security is about the safeguarding of data, whereas privacy is about the safeguarding of user identity. Security refers to how personal information is protected. An individual’s data and personal details may be stored in many places. That can challenge both individual privacy and security.
Although security and privacy concepts are interwoven, it is possible to have security without privacy, but impossible to have privacy without security.
Intellectual property is akin to the amorphous concept of a work product that is not depleted when taken. Intellectual property conveys ownership and rights of ownership. Privacy is about the authorization of individuals to access information. Privacy is not absolute and has caveats at Fordham and in the world at large. Refer to the Intellectual Property Policy for details on how the University defines intellectual property.
An Illustration of the Difference between Privacy and Security
Individuals might share personal information with banks when opening a checking account. What happens after that? Here are three possible outcomes related to personal information (not the money deposited in the checking account).
- Privacy and security are maintained. The bank uses an individual’s information to open an account and provides that individual with products and services. The bank protects that data.
- Privacy is compromised, and individual security is maintained. The bank sells some of the information to a marketer. It is important to note; that the individual may have agreed to this in the bank’s privacy disclosure. The result? The personal information is in more hands than intended.
- Both privacy and security are compromised. The bank has a data breach. Cybercriminals penetrate a bank database, a security breach. The information is exposed and could be sold on the dark web. An individual’s privacy is gone. The individual could become the victim of cyber fraud and identity theft.
Personal information is everywhere in the connected world — in government offices, healthcare providers, stores, restaurants, and many individual online accounts. Personal information is in enough places that it is out of an individual’s control.
[i] Privacy – Wikipedia. https://en.wikipedia.org/wiki/Privacy
[ii] Privacy. https://iapp.org/resources/article/privacy-2/
[iii] Accountability in Security | Handling People’s Data – xMatters. https://www.xmatters.com/blog/security/accountability-in-security-starts-with-leadership-practices/
[iv] HB3025 97TH GENERAL ASSEMBLY. https://www.ilga.gov/legislation/97/HB/09700HB3025.htm
[v] Privacy Infusion in Ubiquitous Computing. http://www.ics.uci.edu/~projects/295d/papers/Privacy-Infusion-in-Ubiquitous-Computing.pdf
[vi] What is a security breach? | Norton. https://us.norton.com/internetsecurity-privacy-security-breach.html