Navigating in the Data Security, Data Protection and Data Privacy World
I noticed there are many professionals very lose in this whole Privacy and Data Protection Arena, thus I have written this post to bring about some understanding on them.
If you use the ISO, it is so much easier to strike an understanding since they have categorized them respectively. There are bound to be overlaps, but the principles behind is critical to understand.
Data Security, Data Protection, and Data Privacy are related concepts, but they have distinct differences, and there are ISO applicable to each of them:
Data Security:
It refers to the measures and practices put in place to protect data from unauthorized access, disclosure, alteration, or destruction. It focuses on safeguarding the confidentiality, integrity, and availability of data.
ISO Standard: ISO 27001 is the international standard for Information Security Management Systems (ISMS). It provides a framework for organizations to establish, implement, maintain, and continually improve information security management practices. ISO 27001 helps organizations protect data through the implementation of security controls and risk management processes.
Data Protection:
It is a broader concept that encompasses data security. It involves the overall management of personal data, including its collection, processing, storage, and sharing, in a way that ensures compliance with data protection laws and respects individuals’ rights.
ISO Standard: ISO 27701 is an extension to ISO 27001 and provides guidelines for implementing a Privacy Information Management System (PIMS). ISO 27701 helps organizations manage the privacy of personal information, addressing requirements from Privacy regulations. It focuses on protecting individuals’ rights regarding their personal data.
Data Privacy:
It refers to the right of individuals to control their personal information and decide how it is collected, processed, and shared. It emphasizes individuals’ consent, transparency, and the lawful handling of their data.
ISO Standard: ISO 29100 provides a framework for privacy management within an organization. It helps organizations implement privacy policies, assess privacy risks, and establish practices that respect individuals’ privacy rights. While ISO 29100 doesn’t provide certification like ISO 27001 or ISO 27701, it offers guidance on privacy principles and compliance.
In summary, data security primarily focuses on protecting data from security breaches, while data protection encompasses a broader scope, including compliance with Privacy data protection laws. Data privacy, on the other hand, is centered on respecting individuals’ rights and preferences regarding their personal information.
About Patrick Oh
Patrick is a Singapore Certified Management Consultant providing PDPA compliance consultancy, Performance management and Solutions Design and Development.
https://www.linkedin.com/in/patrick-oh-sglion65/
About Dr. Alvin Ang
Dr. Alvin Ang earned his Ph.D., Masters and Bachelor degrees from NTU, Singapore. Previously he was a Principal Consultant (Data Science) as well as an Assistant Professor. He was also 8 years SUSS adjunct lecturer. His focus and interest is in the area of real world data science. Though an operational researcher by study, his passion for practical applications outweigh his academic background He is a scientist, entrepreneur, as well as a personal/business advisor.
More about him at www.AlvinAng.sg.
A Message from DataFrens…
Thanks for being a part of our community!
Do join us here at:
Read all our DataFrens articles here at:
