In June of 2013, Edward Snowden leaked classified information from the National Security Agency (NSA). The leaked information revealed a number of surveillance programs that had been initiated by the NSA, and other international intelligence agencies throughout the world.
These programs were keeping tabs on US citizens as well as foreign officials and dignitaries. They included reviewing of telephone calls and emails, involving both individuals and governments.
Some people think Snowden is a hero for disclosing this information. Some see him as a traitor. The fact is that he performed an illegal act. However, there is also little doubt that some of the surveillance programs were at least as illegal as Snowden’s offence.
Others say that they don’t have a problem with the surveillance programs as they are there for security purposes and that they have ‘nothing to hide’.
Regardless of what you or I think of Snowden’s actions, it does raise the point about the differences between security and privacy. The NSA programs may have been implemented for security purposes, but they invaded the privacy of individuals in the process.
Security, or Information Security for these purposes, can be defined as a set of practices and policies that ensures that the confidentiality, availability and integrity of information is maintained. This includes ensuring that only those who require access to information can actually read, modify, transmit or delete it.
Privacy of information, especially personal information, is considered a basic human right in many countries. It is the appropriate use of the information that is critical when it comes to privacy. In other words, if an organization collects my personal information for a purpose, they can only use it for that purpose. They are also responsible for ensuring my personal information is kept secure and confidential.
One way to describe the difference between security and privacy is the use of a sealed envelope to send my bank statement through the mail. The sealed envelope is the security, while privacy is the successful delivery of my bank statement without anyone inappropriately accessing it. You may think that a sealed envelope sent through the mail is not a very good security practice, and you could be right, but that is another topic.
While security and privacy are not the same things, they are closely related. It is difficult to have privacy without security. As such, privacy within an enterprise does not just belong to Human Resources and Legal. Information security management must be involved in ensuring privacy requirements are met by implementing appropriate security measures.
Would you like to know more about security and privacy, and how to implement policies and practices to ensure the safety of personal information? Give us a call today to find out more.