We talk a lot about protecting and safeguarding data, yet the concepts of data security and data privacy are different, although they cross over in many ways. But when it comes to handling sensitive data (data that can be directly used to identify someone, as well as financial and health records), the two work hand in hand.   
 

What is data security? 

 
Data security refers to the processes in place to protect sensitive data from internal and external threats, both intentional and unintentional. These threats can include data breaches, malware attacks, malicious insiders and even physical theft. 
 

DevOps teams, system administrators and solution architects are usually the parties responsible for the security of data within a business. 
 

What is data privacy? 
 

Data privacy refers to the processes in place to safeguard the privacy of sensitive data and using that data responsibly. Sound data privacy processes ensure that any sensitive data used and stored within an organization is done so compliantly and with the customer's consent. 
 

In most cases, compliance teams or trust officers are responsible for handling the privacy of data.  
  

What laws govern data privacy? 
 

Privacy laws such as the General Data Protection Regulation (GDPR) list the minimum privacy requirements organizations need to adhere to in order to adequately safeguard private data. Non-compliance can result in heavy fines, lawsuits and a damaged reputation.  
 

Privacy laws also set out the security requirements necessary in order to protect sensitive data from data breaches and malicious insider threats. In the eyes of lawmakers, privacy and security go hand in hand as a data breach automatically negates the privacy of sensitive data. For example, the Wisconsin health department recently made headlines after staff sent an email to all COVID-19 vaccine recipients in their database without hiding the list of email addresses in the address bar. In this instance, both the security and privacy of personal information was compromised. 
 

In the United States, there has been a recent rise in privacy laws being passed in several states, including the California Consumer Protection Act (CCPA), the Virginia Consumer Data Protection Act (CDPA) and the Colorado Privacy Act (CPA), each with their own strict requirements for companies that handle sensitive data. 
 

Hush-Hush tools cover both data security and data privacy 
 

Definitions aside, your organization needs both data security and data privacy processes in place as part of a robust security and privacy framework to protect sensitive data. Hush-Hush has a decade’s worth of experience delivering trusted solutions for not only protecting sensitive data from internal and external threats, but also safeguarding the privacy of that data to ensure companies remain compliant with the law. 
 

Data resides in many places – in emails, databases, test environments. The Hush-Hush Sensitive Data Discovery Tool locates and classifies sensitive data, showing you exactly where sensitive data is being stored so you can take remedial action. Anonymization tools such as our patented Data Masking Components address both data security and data privacy by de-identifying sensitive data at the production level, ensuring that sensitive data elements are safely anonymized when handled or used during testing and development, thus protecting the privacy of the customer.  
  

Data security and data privacy may not be the same, but investing in data protection solutions that cover both ensures your customers’ data is always safe. 
  

Request a free demo now.