Before we get into data privacy (which is exactly what it sounds like it is), we should take a good look at what the term data means today. Data, as defined by Merriam-Webster is one of three things.

These are all valid. You can generalize and combine these definitions further to simply this: data is information.

While data as it is used today generally has a technological connotation to it, data does not have to be on a computer screen to be data. Data is data. A filing cabinet with manila folders of physical paper is a form of data storage, not different from an external hard drive. Equally important to note is that there are pros and cons to having your data physically stored or digitally stored. Each also has their own challenges when it comes to security. Both are targets for thieves, because data has value.

The data that is most frequently targeted is the data that is easiest to extract money from. Those include, but are not limited to, credit card information, social security numbers, bank account information, cryptocurrency wallet keys, health care records, and more. These examples are very typically the first things that come to mind when people think about the notorious computer hackers breaching servers to get info. Things are changing in the hacking landscape in an extremely rapid rate, and the same is true for what data hackers can monetize.

Some data is not stolen, but offered away willingly (or unknowingly) to the many consumers that accept the terms of service without reading them. The innovations that social media platforms and other internet companies seem to offer for free do, in fact, have a cost. That cost is your personal data. Whether it is your searching habits and history, your contacts in your phone, or even your email conversations – that data, your personal data, is up for grabs and offered to the tech giants you give your patronage.

Like ‘data’, ‘data privacy’ is a term that has been around for a really long time. It’s not new. Yet, we find ourselves in a society that has a reinvigorated interest in data privacy. So what exactly is data privacy?

Data privacy relates to how a piece of information—or data—should be handled based on its relative importance. For instance, you likely wouldn’t mind sharing your name with a stranger in the process of introducing yourself, but there’s other information you wouldn’t share, at least not until you become more acquainted with that person. Open a new bank account, though, and you’ll probably be asked to share a tremendous amount of personal information, well beyond your name. There are countless situations people can find themselves in, and with those situations, there is a very large spectrum of ‘what data you are willing to offer up’.

In the digital age, we typically apply the concept of data privacy to critical personal information, also known as personally identifiable information (PII) and personal health information (PHI). This can include Social Security numbers, health, and medical records, financial data, including bank account and credit card numbers, and even basic, but still sensitive, information, such as full names, addresses and birth dates. The list of personal information can be extensive, and the list of ways other companies can profit off that that information is just as extensive if not greater.

For a business, data privacy goes beyond the PII of its employees and customers. It also includes the information that helps the company operate, whether it’s proprietary research and development data or financial information that shows how it’s spending and investing its money. Business leaders have a lot to be concerned about losing. Some businesses like Coca-Cola have very guarded secrets, such as the recipe to Coke. That is information that can be stolen. All businesses have customer lists and contracts. That is also information that can be stolen. Imagine being a business that lost that data. What would you do? Would you be concerned or just ignore the problem? What if someone held that information ransom?

When information that should be kept private gets in the wrong hands, bad things can happen. A data breach at a government agency can, for example, put top secret information in the hands of an enemy state. A breach at a corporation can put proprietary data in the hands of a competitor. A breach at a school could put students’ PII in the hands of criminals who could commit identity theft. A breach at a hospital or doctor’s office can put PHI in the hands of those who might misuse it. Very rarely will a breach result in a non-issue. In the cases where it might appear there is no issue, that is just a sign that you are not aware of what has been compromised. There are many drivers for why data privacy is one of the most significant issues globally. Let’s take a look at some of the largest factors.

Today, everyone in the tech space seem to acknowledge that data is one of the most valuable assets a company or an individual has, but it’s important to keep in mind it always has been. With the rise of the data economy, companies find enormous value in collecting, sharing, and using data. Companies such as Google, Facebook, and Amazon have all built empires atop the data economy.

Transparency in how businesses request consent, abide by their privacy policies and manage the data that they’ve collected is vital to building trust and accountability with customers and partners who expect privacy. Many companies have learned the importance of privacy the hard way, through highly publicized privacy fails (more on this later). Second, privacy is the right of an individual to be free from uninvited surveillance. To safely exist in one’s space and freely express one’s opinion behind closed doors is critical to living in a democratic and free society.

One of the greatest issues with transparency that we face today is that it is the antithesis of privacy. Complete transparency exists in technologies brought to us by blockchain and cryptocurrencies, however that is not conducive to keeping certain information private. There will always be information that should and needs to be kept private. One solution to this is to have a ‘centralized trusted broker’ for private data. But it poses the question ‘who is qualified to be that trusted broker of information?’

Organizations commonly believe that keeping sensitive data secure from hackers means they’re automatically compliant with data privacy regulations. This is not the case.

Data Security and data privacy are often used interchangeably, but there are distinct differences:

Imagine a scenario where you’ve gone to great lengths to secure private personal information of someone on your network (PII). In this instance, the data has been encrypted, access has been restricted, and multiple overlapping monitoring systems have been set in place. If, despite all of these measures taken, the PII was collected without proper consent, you could still be violating a data privacy regulation even though the data is secure.

Data privacy cannot exist without data protection. With that having been said, you can have data protection without data privacy. Any lock made by man can be broken by man. Always keep in mind that you cannot have data privacy without data protection.

Ensuring data privacy means that you’re not the company that collects all of your customer’s personal data – whether it is with passive location tracking, apps secretly absorbing your personal address book, or websites recording your every keystroke.

Employees must be regularly trained on data protection, so they understand the processes and procedures necessary to ensure proper collection, sharing, and use of sensitive data. You will always encounter human error. No amount of training will keep all employees from being phished or scammed at all times. Because of this, it is important to consider restrictions to who can access each device and each piece of information on the network. For example, the receptionist does not need to have access to any servers containing billing information. In most cases, the receptionist won’t have been specifically given access to the billing server, but they may, unknowingly have access to the server. That access is what needs to be mitigated.