Data Privacy

« Back to Glossary Index

The amount of data that corporations, governments, and companies have access to and control over is astonishing. In a recent study, well over half of Americans stated that they were concerned about how companies may be using their data. One way companies can avoid taking unnecessary risks with important data is to gain a thorough understanding of data privacy and security so they can establish strong policies to protect consumers.

Data privacy refers to safeguarding and protecting the confidentiality of data related to a person’s identity. Individuals have a right to privacy, and enterprises are obligated to take measures to uphold those rights. Third parties are also involved in data privacy, as data privacy rules decide what information third parties can share.

Data privacy is composed of three main rules which are as follows:

  • An individual has the right to be left alone and have control over their own personal data
  • Organizations must follow procedure to correctly manage and process data
  • Organizations must comply with data privacy laws

On the individual level, data privacy generally applies to personal health information (PHI) and personally identifiable information (PII). On the business level, important data includes confidential financial information or information that is needed for a company’s operations.

Data Privacy Benefits

Data privacy provides a barrier that prevents exploitation, identity theft, fraud, and more, protecting both individuals and organizations. When businesses take measure to secure the data of customers as well as the data of their customers, they gain trust and prevent unfavorable outcomes.


Data privacy is also integral to protecting freedom of speech. Without data privacy, misconstruing information and losing context of speech can become more prevalent. In particular, this is dangerous in places where governments place restrictions on freedom of speech.

Privacy vs Security

Data security includes techniques like access control, encryption, data masking, and network security. It refers to policies and measures that organizations establish to stop third parties from gaining unsanctioned access to data. These measures also prevent an alteration, exposure, or deletion of data.

However, it is important to distinguish between data security and data privacy. Data privacy refers to the collecting, processing, sharing, archiving, and deleting of data. Maintaining awareness of the distinction between the two is integral to implementing a strong data governance system.


The laws regulating data privacy in the United States are not consolidated to say the least. Currently, there is no singular federal law about data privacy. Rather, there are a myriad of federal laws addressing health information privacy, financial privacy, website privacy, etc. The main benefit of this is that the laws specifically address key issues for each sector; however, the lack of a consolidated law can make maintaining compliance difficult.

In the United States, the California Consumer Privacy Act (CCPA) and the New York Shield Act are the most notable pieces of legislation that have passed in the United States, and internationally the General Data Protection Regulation (GDPR) governs data in the European Union.

Risks to Data Privacy

A lack of comprehensive knowledge about the basics of privacy can lead to internal errors within a company that expose data. Data governance teams within companies can help mitigate the risk of internal errors by sharing knowledge about laws and implementing company-wide guidelines.

Part of data governance also includes sharing the terms and conditions of privacy policies across organizations and third parties. All members must be clear about the obligations of their work and the consequences of breaching those obligations.

Another notable risk to data privacy is insecure data transfers and cloud software. To ensure the security of its data, enterprises must make sure that they only transfer data across secure channels. Additionally, websites must be secured, and cloud data must be protected.

Finally, a data breach can go from bad to worse if a company does not have a prepared breach response. In the event of a cyberattack, a breach response can be integral to reestablishing security. Most breach responses are six steps: preparing, identifying, containing, eradicating, recovering, and debriefing.

Tips for Data Protection

Perhaps the most obvious, but nevertheless important, step to data protection is using up-to-date operating systems and anti-virus software. Processing software updates boosts the strength of your digital systems and can ensure a much higher level of security. Other steps like strong encryption, proper password management, and non-production data masking can also help protect your organization and maintain compliance.

Download this Resource