Privacy & Security

Data Protection and Data Privacy 101

Privacy & Security

Data Protection and Data Privacy 101

  1. Home
  2. blogs
  3. Data Protection and Data Privacy 101
Data protection and data privacy—these phrases get thrown around a lot. Both are critical to business (and often go hand-in-hand) but can get mixed up. Here, we talk about the big differences, when each one is needed, and how to address the requirements your organization might have.

Let’s Start with Basic Definitions

Data Protection: the process of safeguarding important information from corruption, compromise, or loss. This process centers around backup and recovery.

Data Privacy (a.k.a. information privacy): occurs when an organization or individual must determine what data in a computer system can or cannot be shared with third parties and adding access controls to prevent unauthorized user access.

To simplify even more – while data protection provides tools and policies to safeguards data, data privacy restricts data access.

Data Protection = Data Access Restriction

Backup and recovery services ultimately are there to keep your data secure and minimize downtime. With COVID-19, companies were forced overnight to shift their focus on data protection to support remote workers. It’s because of this that Gartner has named “Anywhere Operations” as a Top Technology trend with businesses taking a digital-first, remote-first approach. Of course, this means data of all types is at greater risk of cybersecurity attacks, including malware, ransomware, and phishing schemes. Attackers can sell or ransom your data wreaking extreme havoc on your business.

Per IBM Security’s 2021 Cost of a Data Breach report conducted by the Ponemon Institute, the global total cost of a data breach average was $4.24 million. This was a 10% increase from 2020, the largest single year increase in seven years. With a per record cost of $180, customer personally identifiable information (PII) was the most common type of record lost. With the average data breach taking upwards of 287 days to identify and contain, it’s painfully obvious how critical the issue of data protection is for businesses today.

Cybersecurity experts agree developing a data protection strategy to prevent attacks is imperative for businesses of all sizes. Here’s what you’ll need to do to get started:

  • Understand the data you have
  • Create a risk-based strategy to manage business operational risk, reputational risk, and legal and compliance risk
  • Take a holistic business approach, bringing together IT, legal, and security expertise
  • Foster a security-aware working culture
  • Develop strong information governance for both physical and digital data
  • Build up your defenses in depth
  • Factor remote workers into your strategy

Data Privacy: Defining Who Gets Access

One of the many reasons data needs to be protected is because much of it needs to remain private.

Personally identifiable information (PII), such as names, addresses, social security numbers, telephone numbers, and email addresses are all needed by businesses every day to service customers. However, the loss of PII information can result in substantial harm to your customers, employees, and business.

To help protect this data, there are many laws and regulations around data privacy available focusing on either geography or industry-specific sectors. Here are a few examples:

Geography Focus:

  • European General Data Protection Regulation (GDPR): ushered in a new era of data privacy, transforming the rules for using personal data and the fines for non-compliance (see Iron Mountain’s GDPR Resource site for details)
  • California Privacy Rights Act of 2020 (CPRA): first US privacy law of a similar magnitude to GDPR.

Industry-Specific Focus:

  • Health Insurance Portability and Accountability Act (HIPAA)
  • Family Educational Rights and Privacy Act (FERPA).

As companies continue to struggle operating during a global pandemic, more data privacy issues have come into play. To help guide COVID-19 company responses, 93% of security professionals said their organizations turned to the data privacy team. As a result of this challenge, privacy budgets doubled in 2020 to an average of $2.4 million. Here are some privacy benchmark recommendations from the above linked study to consider:

  • Ensure privacy principles continue to be respected
  • Use sensitive data to serve the public good
  • Make privacy skills and expertise a core competency
  • Be prepared for privacy to be a Board-level issue
  • Invest in privacy to enhance customer trust and realize significant business value

It's been proven that organizations with more mature privacy practices are getting higher business benefits than average and are much better equipped to handle new and evolving privacy regulations around the world.

To fully safeguard customer and employee information simultaneously, companies need to take both data protection and data privacy seriously. Data breaches are no longer isolated events, and when data is stolen or leaked, there can be serious repercussions.

The COVID-19 pandemic has ratcheted up the need for greater efforts around data protection and privacy. As organizations grapple with new ways of doing business, they will likely continue to support remote and digital first workplaces for the foreseeable future.

More in Privacy & Security