Audittrail is housed in the iCybercenter at bwtech@UMBC, yet we are anything but techies. How do privacy lawyers end up in a cyber environment? And what exactly is Information Security, or InfoSec?
Well, the fields are all connected and they are, confusingly enough, often used interchangeably. Marketing departments love a buzzword, add to that the requirements of SEO and all of the sudden I’m a cyber expert with VPN tunnel vision.
So let’s break it down. First of all privacy; privacy is the right to keep certain things to yourself. There is privacy of the body (bodily integrity), privacy in the home (third and fourth amendment), privacy of correspondence and the protection of personal data. It is this last element of privacy protection that we are concerned with when we’re talking about new legislation such as the General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA). Part of data protection is security, but it is more than just that. It also looks at the legitimacy of processing personal data and requirements such as consent and retention times.
Information security, or InfoSec, is the security of all forms of information, including, but not limited to, personal data. Structured or unstructured, paper or digital, personal or business, InfoSec aims at keeping information safe in terms of confidentiality, integrity and availability. We call these the CIA criteria. Keeping personal data confidential is that part of the privacy/InfoSec Venn diagram where the two overlap.
Now cyber has come to mean anything connected to the internet. And what isn’t these days? It’s difficult to find personal scales that aren’t connected to WiFi and an app. And honestly, who is keen on sharing that? Cybersecurity is that part of InfoSec that concerns itself with protecting data and devices from internet related threats and/or securing data which exists online.
When we look at our Venn diagram, cybersecurity covers (an ever expanding) part of InfoSec and, where online personal data security is concerned, overlaps with privacy.
As you can see, cybersecurity might be used as the overarching term, it is actually just part of InfoSec and part of the security aspects of privacy. Nonetheless, we cannot ignore the fact that the explosive growth of online, or cyber, data represents the greatest threat in keeping information secure and personal data private.
This article was written by Joyce de Jong, LLM, director of GDPR consultancy at Audittrail, and previously published on https://joycedejong.com/