How Is Privacy Different from Information Security?
by Joanna Lyn Grama
Legal and Privacy Issues in Information Security, 3rd Edition
- Cover
- Title Page
- Copyright Page
- Contents
- Dedication
- Preface
- Acknowledgments
- About the Author
- Chapter 1 Information Security Overview
- Why Is Information Security an Issue?
- What Is Information Security?
- Basic Information Security Concepts
- What Are Common Information Security Concerns?
- What Are the Mechanisms That Ensure Information Security?
- U.S. National Security Information
- Do Special Kinds of Data Require Special Kinds of Protection?
- Chapter Summary
- Key Concepts and Terms
- Chapter 1 Assessment
- Endnotes
- Chapter 2 Privacy Overview
- Why Is Privacy an Issue?
- What Is Privacy?
- How Is Privacy Different from Information Security?
- What Are the Sources of Privacy Law?
- What Are Threats to Personal Data Privacy in the Information Age?
- What Is Workplace Privacy?
- What Are General Principles for Privacy Protection in Information Systems?
- Chapter Summary
- Key Concepts and Terms
- Chapter 2 Assessment
- Endnotes
- Chapter 3 The American Legal System
- Chapter 4 Security and Privacy of Consumer Financial Information
- Business Challenges Facing Financial Institutions
- The Different Types of Financial Institutions
- Consumer Financial Information
- Who Regulates Financial Institutions?
- The Federal Reserve System
- Federal Deposit Insurance Corporation
- National Credit Union Administration
- Office of the Comptroller of the Currency
- Special Role of the Federal Financial Institutions Examination Council
- Special Roles of the Consumer Financial Protection Bureau and the Federal Trade Commission
- The Gramm-Leach-Bliley Act
- Federal Trade Commission Red Flags Rule
- Payment Card Industry Standards
- Case Studies and Examples
- Chapter Summary
- Key Concepts and Terms
- Chapter 4 Assessment
- Endnotes
- Chapter 5 Security and Privacy of Information Belonging to Children and in Educational Records
- Chapter 6 Security and Privacy of Health Information
- Business Challenges Facing the Healthcare Industry
- Why Is Healthcare Information So Sensitive?
- The Health Insurance Portability and Accountability Act
- The Role of State Laws Protecting Medical Records
- Case Studies and Examples
- Chapter Summary
- Key Concepts and Terms
- Chapter 6 Assessment
- Endnotes
- Chapter 7 Corporate Information Security and Privacy Regulation
- The Enron Scandal and Securities-Law Reform
- Why Is Accurate Financial Reporting Important?
- The Sarbanes-Oxley Act of 2002
- Compliance and Security Controls
- SOX Influence in Other Types of Companies
- Corporate Privacy Issues
- Case Studies and Examples
- Chapter Summary
- Key Concepts and Terms
- Chapter 7 Assessment
- Endnotes
- Chapter 8 Federal Government Information Security and Privacy Regulations
- Chapter 9 State Laws Protecting Citizen Information and Breach Notification Laws
- Chapter 10 Intellectual Property Law
- The Digital Wild West and the Importance of Intellectual Property Law
- Legal Ownership and the Importance of Protecting Intellectual Property
- Patents
- Trademarks
- Copyright
- Protecting Copyrights Online—The Digital Millennium Copyright Act (DMCA)
- Case Studies and Examples
- Chapter Summary
- Key Concepts and Terms
- Chapter 10 Assessment
- Endnotes
- Chapter 11 The Role of Contracts
- Chapter 12 Criminal Law and Tort Law Issues in Cyberspace
- Chapter 13 Information Security Governance
- What Is Information Security Governance?
- Information Security Governance Documents
- Recommended Information Security Policies
- Case Studies and Examples
- Chapter Summary
- Key Concepts and Terms
- Chapter 13 Assessment
- Endnotes
- Chapter 14 Risk Analysis, Incident Response, and Contingency Planning
- Chapter 15 Computer Forensics and Investigations
- Appendix A Answer Key
- Appendix B Standard Acronyms
- Appendix C Law and Case Citations
- Appendix D The Constitution of the United States of America
- Glossary of Key Terms
- References
- Index
How Is Privacy Different from Information Security?
Information security and privacy are closely related. However, they are not the same. Privacy is defined here as an individual’s right to control the use and disclosure of his or her own personal information. This means individuals have the opportunity to assess a situation and determine how their data is used. Information security, in contrast, is the process used to keep data private.
NOTE
The U.S. Freedom of Information Act (FOIA) governs access to public records of the U.S. federal government. Most states have similar laws for the public records of state government and agencies. These types of laws often are called “sunshine” laws because they shine light onto the inner workings of government agencies.
Just because information is secure does not mean it is private. Likewise, just because information was collected in a privacy-protective way does not mean it is secure. Privacy with respect to information systems means that people have control over and can make choices about how their information is collected, used, stored, and shared. Information security concepts and controls are used to carry out those choices. Privacy cannot exist in information systems without security.
We are still learning about how privacy and information security concepts work together as our technology and regulatory environment becomes more complex. Today information security and privacy practitioners need to have a fundamental understanding of both topics to be effective.
-
No Comment