What is the difference between privacy, confidentiality and security?

The terms privacy, confidentiality and security have a lot in common as they apply to modern-day information technology, but they also have their own meanings and their own significant roles in their application to data maintenance and data management.

First, the issue of privacy is one that often applies to a consumer’s right to safeguard his or her information from any other parties. It involves the protection of vulnerable data such as Facebook data, customer response data and other kinds of demographic data or personal data from being freely disseminated over the Internet or sold to third parties. In general, privacy is the individual’s right to keep his or her data to himself or herself.

Confidentiality is a similar idea, but with a slightly different component. IT professionals often talk about confidentiality in terms of a supplier or service provider and its customers. Confidentiality agreements are often applied to situations where someone trusted with personal data must safeguard this data from being released. Alternately, some may define confidentiality as issues about the data that gets collected, where privacy issues have to do, again, with the core principle of an individual not being recorded or monitored.

Security is a different term that's applied to enterprise or government systems. Security may include the idea of customer privacy, but the two are not synonymous. Likewise, security may provide for confidentiality, but that is not its overall goal. The overall goal of most security systems is to protect an enterprise or agency, which may or may not house a lot of vulnerable customer or client data. Sometimes, the objectives for privacy and security are the same. In other cases, security may not automatically provide for privacy concerns. One example is where a business or government agency may be able to keep its data safe from outside attackers, but where employees may be able to view consumer information. Another scenario might involve situations where a company doesn’t face any liability by releasing customer data, and so chooses to do so. Here, the company’s security is not jeopardized, but the consumer’s privacy is violated. New contracts between businesses and federal agencies are also good examples of how IT issues cut through the different layers between privacy, confidentiality and security.