DATA PRIVACY VS DATA SECURITY (YOUTUBE VIDEO)

Data privacy Data security

Definition - is about using data responsibly. (what - is about protecting data from
and how much information about an malicious threats. (is an attempt to
individual is available to other and to avoid undesirable events - sharing
whom it is available) information with a competitor, as a
- is concern with ensuring that the loss of confidentiality or data integrity)
sensitive data an organization - is concern with securing sensitive
processes, stores, or transmits is data.
ingested compliantly and with consent
from the owner of that sensitive data.
(同意)

What is - protects identity - protects data

being
protected
Examples - personal data (name, identification - preventing unauthorized access to
card, contact number, email address, data via breaches or leaks, regardless
location data, bank account number, of who the unauthorized party is.
photos)
How the it is - preventing the linking of sensitive data - using tools and technology such as
being to its data subject or natural person - firewalls, user authentication, network
protected? such as de-identifying personal data, limitations, and internal security
or storing it in different places to practices to deter unauthorized
reduce the likelihood of re- access to data.
identification.
Relationship - privacy concerns are impossible to - security controls can be met without
between address without first employing also satisfying privacy considerations.
privacy and effective security practices.
security
Limit access - privacy limits access. - security is the process or application
for limiting that access.
Common 1. Payment Card Industry Data Security Standard (PCI DSS)
regulation o It is a set of rules for protecting sensitive payment card information and
cardholder data.
o It standardizes the security controls for the processing, storage, and
transmission of payment data, and measures for personal information often
associated with payments, such as names and addresses.
o It applies to banks, merchants, third parties, and all other entities that
handle cardholder data from the major payment card brands.

2. European Union’s General Data Protection Regulation (GDPR)

o It is an international standard for protecting the privacy of EU citizens.
o It establishes important terms and definitions for whose data should be
protected, what types of data that entails, and how that data should be
managed and secured.
o It applies to entity that collects the data of EU citizens.

3. California Consumer Privacy Act (CCPA)

o It is the benchmark United States law regulating how organizations are
allowed to process the data of California citizens and their households.
o It documents which data is protected and details the requirements for
protecting that data.
o It applies to all organizations that handle data from Californians.

4. Health Insurance Portability and Accountability Act (HIPAA)

o It is concerned with protecting the sensitive health information of patients
across the U.S.
o It is particularly complex because of the vast amount and variety of health
care data available - everything from a patient’s date of birth to its
prescribed medication and X-rays.
o It also exists in both physical and digital forms that need to be protected
differently, which makes securing private health information.
5. Tokenization
o It has the potential to satisfy both data privacy and security concerns.
o It can act as a security failsafe to protect sensitive data in the event of a
breach, rendering the data stored in the breached system unreadable to
cybercriminals.
o It can virtually eliminate the risk of data theft, making it a particularly useful
tool for risk reduction and compliance in terms of both data privacy and
security considerations as it removes sensitive data from internal systems.