Nowadays groups all over the world are taking time to consider the privacy rights of individuals and the obligations associated with processing their information. As leaders in digital and direct communications, understanding the difference between security and privacy helps build credibility and confidence with our clients. This is especially true considering how data security and privacy rights and obligations are beginning to align across Europe, Asia and North America, including the U.S.
We want to highlight the differences between privacy and security, present to you what these distinctions mean to our clients and illustrate our role in helping them navigate these issues. Being able to speak to these differences affirms to our clients that our expertise and solutions help satisfy their business, advertising, marketing, legal and customer relationship objectives. However, this must be done in a secure manner and in accordance with individual’s rights to control the collection and processing of their personal information.
If you’d like more information about these distinctions, or your business is in need of privacy or security guidance, please contact us at firstname.lastname@example.org.
Security vs. privacy
While often described as two sides of the same coin, security and privacy simply are not the same thing. In basic terms, securing information against loss, or unauthorized access or use is different from ensuring personal information is lawfully collected and used.
Security focuses on protecting the confidential nature, integrity and availability of information within physical work areas, electronic networks, data centers and software applications. On the other hand, privacy seeks to ensure the use of personal information is appropriate and in balance with the rights of the individuals described by such information throughout all processing stages.
These key differences are reflected in our contracts with clients and third parties through distinct requirements for data security and privacy. In short, the main principles for each of these terms include the following:
- Confidentiality—preventing unauthorized access, controlling authorized access and removing access when it is no longer needed.
- Integrity—protecting against data loss or information corruption, whether this is intentional or not.
- Availability—ensuring information is available when needed thanks to real-time access and near real-time recovery capabilities.
- Assurance—ensuring security controls are in place to support confidentiality, integrity and availability as designed. Measuring and evaluating our security support through questionnaires, meetings and audits that generate the evidence necessary to prove security obligations are met.
- Accountability—assigning responsibility for meeting security obligations and acting when necessary to ensure the confidentiality, integrity and availability of information.
- Management—defining and documenting privacy requirements and communicating these matters to employees.
- Notice—transparently informing individuals about what personal data is collected, why it’s needed, with whom it’s shared, what their rights are and how to exercise them.
- Choice and consent—capturing, using and sharing personal information based on the law and individual’s preferences.
- Minimization—limiting the collection of personal data to only what is necessary and described in the notice statement.
- Purpose—limiting the use and retention of personal information to the reason for which it is collected.
- Access—making sure individuals can check and receive copies of their personal data to exercise their rights.
- Third party disclosure—sharing personal information only as described in the notice statement.
- Security—implementing administrative, physical and logical controls to protect confidentiality, integrity and availability.
- Quality—updating personal information over time to keep it complete, accurate and relevant—and knowing when to delete it.
- Accountability—monitoring the performance of privacy controls to identify and address risks to personal data and privacy obligations.
Privacy and security for clients
Reflecting on these distinctions within our client conversations affirms that we understand our clients are under increasing pressure to empower individuals with control over their information. How? Through data protection policies. We all understand that they want to attract and retain customers. We know our clients want new technologies to gain efficiency, to capture new insights and maximize their ability to use personal information in support of their objectives.
We must also understand our clients are under increasing pressure to engender customer trust through the legitimate, secure use of their customer’s information—protecting their privacy and security on the internet. We must also understand how to support their stewardship responsibilities to empower customers with control over the use of such information across its lifecycle. It’s equally important to understand that the business, data security and privacy contractual obligations are presented separately, yet are inextricably linked to processing operations and the discrete risks associated with processing client information and interacting with their customers.
Yes, we must support our client’s objectives securely and in accordance with all applicable privacy laws, regulations and obligations. But it’s also more than that. Harte Hanks’ solutions must also address the lawful collection and use of personal information in accordance with the increasing rights granted to individuals over their data. At the same time, we must consider the obligations associated with processing personal information and securing client data against unauthorized access, use and loss.
At Harte Hanks, each employee is empowered and responsible for helping ensure the security of our client’s information and the privacy of their customers.
Senior leaders responsible for processing operations are empowered to catalog their privacy and security obligations as operational requirements and to align their processing operations, practices and employees to such requirements.
Managers facilitating processing operations are empowered to help the organization remain vigilant—by evaluating, communicating and addressing privacy and security risks noted.
Employees are empowered to support data security and privacy compliance through awareness, training and access to resources and experts so they can ask questions and raise concerns at any time.
We take data security and privacy very seriously—and we’re open to answer any questions you may have. If you want to learn more about protecting your privacy and security—and that of your clients—or we can help your business out, contact us at email@example.com.