Privacy and Security: What’s the Difference? 

The terms “privacy” and “security” are surfacing everywhere in business, from legal policies and terms of use to marketing, media, and regulations. The words are often used in tandem, but they’re really two distinct concepts that frequently overlap, especially regarding sensitive data.

So, what’s the difference between privacy and security, and how does each apply to your customers?


In business, privacy generally means control, ethics, and transparency around others’ data. Whenever a business collects information about customers or employees (just about all businesses do), privacy comes into consideration.

Here are some questions a small business should ask itself around privacy:

  • What customer and employee data do we collect and keep? Do we need it all?
  • Why and with whom are we sharing data?
  • Are we clearly communicating how we collect, use, and share data?
  • Are we complying with privacy regulations and best practices (e.g. state privacy laws and GDPR)?

Privacy concerns have evolved – in today’s world, it can be hard for an average consumer to know who has their data and what’s being done with it. That’s why it’s important for companies to step up to the plate on privacy.

For more on privacy and how it affects Small Business, listen to the second episode of The Hilt, Defendify’s new podcast, featuring Ginny Lee, privacy attorney and former privacy leader at ServiceNow, Starbucks, Intel, and Yahoo!.


While privacy influences how businesses collect, use, and share data, security covers how they protect that data.

Security is comprised of cybersecurity, protection against online or electronic attacks, and physical security, protection against physical attacks. A comprehensive data protection strategy uses components of both.

A few questions a small business should consider regarding security are:

  • How vulnerable are we to a cyberattack?
  • What sensitive data are we storing about our customers and employees?
  • Do we have a comprehensive security program in place to help protect data?

A cyberattack can be extremely damaging to a business, but also to people whose data is breached. Because of this, businesses increasingly have a responsibility to protect the data they collect.

All Together Now

Although privacy and security are ultimately distinguishable concepts, in today’s world, the two are certainly related. Consider an example where John Doe provides his email address to Example Company to make an online purchase.

  • Privacy violation: Example Company shares John’s email address with a third-party company.
  • Security violation: Example Company experiences a data breach, and John’s email address is stolen by a malicious hacker.

In both cases, the result is the same: John’s email is shared with another party. The difference is that the first example was due a lack of control over the data, and the second was a lack of protection.

As a provider and trusted resource, you may want to coach your customers through basic privacy and security concepts as a first step. Going through a data classification exercise together is a great way to determine and discuss what sensitive data they have, where it’s stored, who has access, and how it’s protected. From there, you can form a strategy around improving privacy and security processes.

In business, privacy and security go hand-in-hand to keep data safe, secure, and confidential. The better you – and your customers – understand the difference, the easier it is to tackle both.

Stay Safe,

Your Friends @ Defendify

Resources & insights

Why You Could Be Denied Cyberattack Insurance Coverage
Why You Could Be Denied Cyberattack Insurance Coverage
As you’re working toward achieving robust cybersecurity, the subject of cyber attack insurance coverage and cybersecurity insurance requirements is sure to enter the discussion.
Cost of a Cyberattack vs. Cybersecurity Investment
Cost of a Cyberattack vs. Cybersecurity Investment 
Detailing the cost of a cyberattack versus the ROI of a cybersecurity investment enables leadership to see cybersecurity solutions are worth it.
Defendify Listed as a High Performer in Six G2 Grid Categories
Defendify Listed as a High Performer in Six G2 Grid Categories
The Defendify Cybersecurity Platform has been listed as a High Performer in six Summer 2022 Data Security Software Category Reports on the technology review site G2.

Protect and defend with multiple layers of cybersecurity

Defend your business with All-In-One Cybersecurity®.

Explore layered

Learn more about Defendify’s three key layers and All-In-One Cybersecurity®.

How can we help?

Schedule time to talk to a cybersecurity expert to discuss your needs.

See how it works

See how Defendify’s platform, modules, and expertise work to improve security posture.

Take the first step toward comprehensive cybersecurity with a free Defendify Essentials package

Gain access to 3 award-winning cybersecurity modules. Nothing to install. Nothing to pay for.