GRC

Privacy and Security: Two Sides of the Same Coin

Jay R. Pascarella September 23, 2019

As consumers we are rapidly becoming aware of the value of our personal data. Our digital footprints are growing at an exponential rate. Every transaction, every phone call, every text, tweet, photo, blog, email, and website visit adds to our digital footprint.

It is impossible to live in today’s world without creating this digital footprint. From professional associations to online banking, every aspect of our lives has some digital interaction. You create a digital footprint when you look for a job, when you do your job, when you scan a badge to enter a building or ride a bus, and when you catch an Uber home in the evening.

And today’s children will have an indelible digital footprint from the time they are born to the time they die. Every bit of information from birth onwards will be stored in a database somewhere. Combine this with near-permanent (and increasingly cheaper) storage and our digital life is there for the taking.

There are alarming consequences to this. As consumers, we are inundated with news about security breaches, and presented with lengthy privacy statements. But does any of it actually mean anything?

For example, recently, I was notified that my children’s previous health care provider had a breach that went on for several years in one of its supplier’s systems. Free credit monitoring for two years does little to help a 10-year-old child whose Social Security Number and protected health information have been compromised.

And we can find more examples everywhere. Germany is considering prosecuting Facebook under the General Data Protection Regulation (GDPR) for transcribing the voice messages of five users of Facebook Messenger without consent. Apple, Google and Amazon are under fire for using third parties to manually listen to Alexa, Google Assistant and Siri recordings.

These aren’t just cases of privacy issues arising in relation to security breaches, but rather the use of data by organizations in ways that where not agreed to or envisioned by their consumers. Of course, privacy and security are inextricably linked. But there are differences.

Security is the process, procedures and tools used to protect data. This can include physical locks and cameras, firewalls and antivirus programs, and data destruction techniques such as shredding and magnetic wiping. Privacy, by contrast, is the appropriate use, dissemination and handling of the data.

So, you can have a privacy incident without a security breach if your data is sold, shared or disseminated beyond the original intent and your consent.

Consumer consent is key to the future of protecting privacy. Providers who manage customer data must take extensive measures to ensure that consumer data is not exposed or accessed maliciously.

Beyond preventing security breaches, data should never be sold, accessed or disseminated in conflict with consumer consent and the stated purpose of data processing in scope.

When it comes to important data, like the audio recordings of your customers, ask yourself: is your supply chain protected? And is your customers’ privacy ensured? Whoever you choose as a solutions partner should ensure that personal data — including both yours and your customers’ — is foremost in their approach.



Jay R. Pascarella

Jay Pascarella B.S.E.E is the Director of Information Security at Voci Technologies, Inc, with extensive experience in building Information Security programs with startup and fortune 500 organizations across all of the major security frameworks and regulations (PCI/NIST/HIPAA/ISO/NIST/GDPR/FINRA etc.). Jay is an avid reader, fisherman and family man.

Stay updated with Voci's speech insights

Please type your first name.
Please type your last name.
Invalid email address.
Invalid Input
I have read and agree with Voci’s Privacy Notice