Privacy and security: Is there a difference?

It is easy to get the two terms confused – and in most conversations, we end up talking about them as if they were the same thing. Privacy and security may have some things in common, but are actually quite different concepts. Security can best be thought of a form of defence. Privacy is more about control and the freedom to make decisions about what you want to reveal.

At no time in the past has this difference been laid out more starkly, than it has been recently with the debate about the NSA’s ability to collect information about individuals and businesses. The government’s claim is that the loss of privacy is justified to ensure greater security, and the question everyone is asking is whether that trade-off is justified. Clearly, here’s a situation where privacy and security are at odds with each other.

But it would be wrong to think that the trade-off is always about privacy and security. Many times privacy ends up getting traded off for cost or convenience – many times without our knowledge.

Do you have something to hide?

One common argument that a lot of privacy advocates encounter is that privacy matters only to people who are secretive or have something to hide. In fact, Google’s then CEO Eric Schmidt infamously once said 'if you have something that you don’t want anybody to know, then you shouldn’t be doing it in the first place'.

But this is a flawed argument, because it confuses privacy with secrecy. The basic human need for privacy isn’t born out of a need to keep a secret, so much as the need to control what information we desire to share and with whom. For example, when we go into a bathroom, we close the door for privacy – not for secrecy.

Why privacy matters

There are several reasons why privacy matters in the digital age where users and enterprises are increasingly storing data in the public cloud. It is estimated that close to a third of people’s data is in cloud storage today.

What may seem like disconnected pieces of information from discrete parts of this data, can be pieced together to know things about businesses and individuals that they didn’t intend to share in the first place.

Secondly, what you may consider okay to share today, may not be something you consider okay to share down the road – but once data is in the cloud, the lack of control makes it virtually impossible to go back and change your mind.

Last, but not least, privacy policies that you 'accept' when signing up with cloud storage vendors can change and are virtually impossible to keep track of.

'I agree'

Have you ever wondered what you’re accepting when you say 'yes' to a Privacy Policy; when you say 'I agree' at the end of a screen full of legalese?

Privacy policies rarely if ever guarantee the privacy of your data. In almost all cases, what you’re doing when you 'accept' is providing the cloud vendor some form of a licence or permission to your data. Privacy policies from different companies can vary in terms of how they store, analyse, or disclose your data. It is in fact quite common for several vendors to make secondary use of the data you upload to their storage systems, even if you intended the data to be private.

What you should ask yourself

Here are a few things you should ask yourself before making the decision to put your business’ digital assets on the public cloud:

Does the vendor want the ability to do more than just store your data? Do they want the ability to access or analyse the data?

Does the vendor want the ability to make multiple copies of your data? When you decide to destroy the data, can the vendor guarantee that all copies are destroyed or otherwise rendered inaccessible?

Does the vendor want the ability to disclose your data or use it for advertising or profiling purposes?

If any of the above are true, are you comfortable with that trade-off?

It is possible that you are not comfortable with the trade-offs above, but you’re having difficulty finding a vendor who can provide you the services you desire at the price points you need. In that case, you’ll need to fall back on security and privacy tools that you deploy to protect yourself.

But we established early on in this post that security and privacy are different things. Do you feel like you can rely on your security provider to give you the privacy controls you need?

Anand Prahlad President and CEO, Parablu, Inc