The Importance of Data Privacy When Thinking About Cybersecurity

In an age where cyber threats dominate the headlines, much of the focus around digital protection centers on cybersecurity. While cybersecurity is critical, there is another element that is equally important yet often overlooked—data privacy. During a recent training session I led with my organization on cybersecurity, data privacy was often brought up. It became clear that teaching our staff to understand data privacy in how it relates to cybersecurity is essential, and so I developed a separate training focused just on data privacy. Cybersecurity may protect our systems, but data privacy safeguards the information within them, which is just as vital.

The Role of Data Stewards

One of the key messages I emphasized during our training is that as an organization, we were data stewards. We hold vast amounts of sensitive information entrusted to us by our constituents. This means that protecting and using this data responsibly isn’t just about compliance—it’s a matter of trust.

Our responsibility extends beyond simply ensuring the data isn’t accessed by unauthorized users. We must also ensure it’s only used for the purposes for which it was collected. This is where data privacy comes in. When people provide their personal information—whether it’s a name, email, or payment information—they expect us to handle it carefully and only for specific purposes.

Nothing in this World is Truly Free

During the training, I asked our staff to think about their own habits when signing up for free services or accounts online. In today’s internet-driven world, it’s easy to be lured by the promise of free products—whether it’s an app, a social media account, or a cloud storage service. However, what many people fail to realize is that if they’re not paying with money, they’re paying with their data.

When a service is free, you are the product being sold. Companies monetize their platforms by collecting and analyzing your personal data, which is then used for targeted advertising or sold to third parties. The convenience of using these services comes at the cost of your privacy. The more data they collect, the more they can understand your behavior and interests. This allows them to better target you with advertising, or if they don’t advertise, to sell your data to be used by advertisers.

How to Protect Your Privacy in a Data-Driven World

So how can you protect yourself and your data in today’s world of "free" services? Here are a few key steps we highlighted during our training:

1. Be cautious of what you share. The less information you provide when signing up for a service, the less data there is to exploit. Always ask yourself, "Do I really need to provide this information?"

2. Use privacy-focused tools. Not all web browsers, search engines, and softwares treat your data the same. Consider using services that might cost more money but that emphasize user privacy and do not track your activity across the web.

3. Check privacy settings. Many platforms allow you to adjust how much data you share with them. Regularly check and update your privacy settings on social media, apps, and accounts.

4. Understand what you're agreeing to. Terms and conditions are long and tedious, but it's important to know what you're agreeing to. Be especially mindful of any mention of data collection, sharing, or storage policies.

5. Use multi-factor authentication. While this advice is more focused on cybersecurity, it has a direct impact on your privacy. Securing your accounts can prevent unauthorized access and help you maintain control of your data.

A Balanced Approach to Cybersecurity and Data Privacy

While protecting our systems from external threats is essential, we must remember that the internal handling of the data itself is just as important. Cybersecurity and data privacy are two sides of the same coin. One without the other leaves vulnerabilities—either in our systems or in the trust that our users place in us.

One of the vendors we partnered with from a cybersecurity perspective shared a data map containing the vast amounts of data they collect. They were able to pull this data together and use it to provide a layer of security for the clients they served. Unfortunately, not all parties that collect similar data sets are using it for good like this vendor. Imagine what could happen if someone was able to aggregate all the disparate data that you have intentionally or inadvertently shared over the years. What kind of a story would it tell? Would the story help someone social engineer data about you that could compromise other aspects of your life?

As technology continues to evolve and our digital lives become more integrated with services and platforms, the importance of understanding data privacy, in addition to cybersecurity, will only grow. Organizations must embrace both cybersecurity measures and data privacy practices to truly protect the information they are entrusted with.