Posted by Buck Kulkarni on 07 Oct 2014
Well, yes and no!
Let us look at some common scenarios that unfold daily in every organization.
Say you have the credit card details or social security numbers of your employees or customers lying around on a table or open on the computer screen but no one looks at it. Is this a security problem? Or is this a privacy problem?
And then say, someone looks at it without having a need to look but does not misuse it in any manner. Is that a security problem? Or is that a privacy problem?
And then say, an employee copies this information - as easy as taking a picture with your smartphone these days – and walks away without detection. But the employee does not misuse it in any manner, possibly tried to but did not find a buyer. Is that a security breach? Or is that a privacy breach?
And then say an employee finds a buyer for this information. But we don’t know what the buyer did with that data. Is there a security breach? Or is there a privacy breach?
And finally, of course, you have a professional hacker breaking into your computer system and stealing such data from your systems. This is what we most easily understand as a breach of both security and privacy but as you are aware only the extreme cases become news. All the earlier scenarios mentioned above happen far more frequently, are either unknown or pushed under the carpet.
Security breach may or may not result in a privacy breach. Say someone stole a lot of your data from your systems but you had taken certain precautions. Some crucial data was encrypted (the credit card numbers, the SSNs), or you had stored the data in multiple pieces that the hacker is not be able to piece back together. Due to these measures, while the hacker may have your data, but may not be able to use it as they cannot build required information from that data. In that case, you have a security breach (for sure) but not a privacy breach.
A privacy breach is somewhat more difficult to grasp. If an employee casually looks at a piece of paper lying around on a desk (or a document open on a computer screen) and sees information such as a patient’s history of disease, medication, insurance information which they were not supposed to see then you have a privacy breach. It does not matter if it wasn’t misused or was misused or there was intention of misuse.
It is important to remember that we need to make all our employees aware about what constitutes private information or personally identifiable information or protected health information and inculcate a culture where they are continuously aware of the data we store and know what is expected of them and what constitutes a breach.
Security can be centralized in the hands of a few but privacy is everybody’s concern.
04 Jan 2017 Blog 3 Reasons Insurance Companies Should Work with a Payments Partner It often makes sense for insurance companies to outsource payments.
03 Oct 2016 Blog Machine Learning in Financial Services: 3 Potential Applications Advancements in technology have enabled financial institutions to explore the applications of machine learning techniques in areas like customer service, personal finance, and fraud and risk management.