8 Ways to Think about the Relationship Between Security and Privacy
Privacy and security are critical to the design, installation and operational requirements of physical and cyber systems
Privacy and security are critical to the design, installation and operational requirements of physical and cyber systems. Over the last 15 or so years, security and cybersecurity have moved from being a begrudgingly funded expense line item to a key resiliency issue for the C-Suite and boards. The same story is evolving around privacy. Privacy has gone from a legal and compliance issue to something critical to people and organizations.
This focus is driven by the increase in laws around the globe and the increased frequency and reaction to both surveillance capitalism and improper surveillance. Recent laws include the General Data Protection Regulation (GDPR) as well as many privacy and surveillance laws in the United States, Canada, South America, Africa and Asia-Pacific regions. The United States also has a long and growing body of federal, state and local privacy and surveillance legislation for information security and right to privacy. In addition, there are global information technology frameworks and standards such as ISO, NIST and others that now include privacy.
Often you find segmentation in organizations around privacy (lawyers) and security (IT and physical security), which hinders an understanding of the compatibility and interdependency of privacy and security. Embedding security and privacy in day-to-day operations will benefit all and should include the following considerations:
The interdependence between security and privacy is critical to how we design and use security systems. With security and privacy appropriately incorporated into day-to-day operations, organizations will be able to more effectively manage risks as well as protect the users of those systems according to evolving legal requirements.