Transforming IT Blog
Join us in the Transforming IT HP Blog where we will discuss reinventing IT to overcome obstacles and take advantage of Instant on Enterprise opportunities.

IT Security and data privacy: is there a difference?

Mark Colaluca is the Vice President of the Global Support Delivery (GSD) Americas Organization, which includes Brazil, Canada, Mexico, the MCA (Multi-Country Area), and the United States, within HP’s Technology Services (TS) business unit. The GSD Americas team delivers support services to HP customers; supporting warranty, break/fix, Proactive and Datacenter care services, while maintaining high quality and Total Customer Experience (TCE) standards. Since joining HP in 1984, Mark has held numerous management and executive positions within customer support services and supply chain operations. Prior to HP, Mark served in the United States Air Force. Mark currently lives in Dallas, Texas.

IT Security is where the action is. It’s definitely what gets all the headlines. The most recent examples were the data breaches at Target and Neiman Marcus that exposed the credit card numbers and other personal, private data for millions of customers. The list of other companies who were hacked in 2013 reads like a Who’s Who of IT leaders:  Apple, Microsoft, Facebook, Twitter, Skype. So it’s no wonder that IT Security also gets the most attention from everyone from individual users to the largest enterprises.  

In creating a secure IT environment, the assumption is often made that security solutions will also address data privacy concerns. However, this is not always the case. There are subtle differences between the two areas that enterprises need to keep in mind if they wish to maintain an environment that ensures both security and privacy.  

Four key areas of difference
Data Privacy can be seen as a specialized subset of IT Security requiring additional approaches and solutions. The specialization is seen in four key areas:   

  1. Type of threat - Security is most often compromised by extraordinary external attacks – hacking, phishing, malware, etc. The enterprise’s security program seeks to deflect those attacks via anti-virus software, firewalls, etc., as well as via training that makes employees aware of threats. On the other hand, privacy can be compromised through everyday activities performed by a company’s employees with no external threat being present. For example, simply faxing an employment record or a medical history to a fax machine in a semi-public area compromises private information.
  2. Type of information involved - IT Security typically seeks to protect the financial information or intellectual property of a company, its partners, and its customers. Privacy encompasses other document types, especially in medical and other personal areas.
  3. Type of solutions available - While there are many security applications and approaches to choose from, such as anti-virus software, few take the extra steps to address the full range of privacy concerns. Standard security training for employees (e.g., don’t open attachments in emails from unknown senders) also does not typically discuss measures to protect private information.
  4. Consequences - The consequences for security breaches are severe, but are not impacted by government or industry regulations. Legislation such as the Health Information Portability and Affordability Act (HIPAA) sets up stringent requirements for the protection of medical information and provides severe civil and criminal penalties for willful privacy violations.  


The bottom line is that true protection requires the implementation of approaches that address both security and privacy.

Start with the basics: the “3 Rs” of data privacy
An excellent first step in creating an overall data privacy solution is to establish a process for dealing with the data stored in all the multiple IT assets in your environment. Note that these have expanded significantly in the past few years and now include everything from printers and scanners to laptops and tablets.The list continues to expand with the growing popularity of Bring Your Own Devices (BYOD). This is all in addition to the enterprise’s storage infrastructure. The “3 R” process lets you establish greater control over stored data and reduces the risk of compromise. It allows you to: 

  1. Retain disks and other components capable of retaining data
  2. Remove data from IT assets before you dispose of them
  3. Recover remaining value from retired IT assets


HP offers services that will help you effectively implement the “3 Rs.” These services help you create a comprehensive data privacy approach that will ensure compliance with regulations such as HIPAA/HITECH, SOX, DoD and more, while they also complement and strengthen your enterprise’s overall IT security programs. HP can also help you ensure privacy as you implement new approaches such as Cloud and BYOD.    

 For more information, check out the Data Privacy page on HP’s web site.  

- Mark Colaluca

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the community guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.