Data Privacy, Data Security and Confidentiality

A useful way to remember the distinctions between each concept is:

Data Privacy is about Humans

Data privacy relates to personal information that identifies us as individuals. We have a right to decide what happens to our personal information, who collects it, how it is protected, what it is used for, and whether we agree to it being shared.

Data Security is about Infrastructure

It is about how data is protected. Examples include encryption, access controls, policies, and technical and organisational safeguards designed to keep data safe from loss, misuse, or unauthorised access.

For example, when a company encrypts customer data, it’s ensuring data security, whereas asking that customer for consent before collecting their data is respecting that customer’s data privacy rights.

Data security applies to all data that is held, not just personal data.

Confidentiality is about Trust

It is also about professional and personal integrity. It is the duty not to disclose information, usually sensitive business or financial information, unless specifically authorised to do so. It also extends beyond business information to cover employee and client data in professional contexts.

When you sign a confidentiality or non-disclosure agreement (“NDA”), you’re making a promise to respect what is being shared with you and not to share it without consent.

However technologically driven the world becomes, the data on our screens or in our spreadsheets represents real people. Their information deserves the same care we would want for our own.