These days consultants and consulting firms, like mine, present their opinions and perform knowledge transfer through webinars, white papers and/or articles. In the midst of all of these artifacts are the semantics between what constitutes a data, privacy and/or security breach.
Data Breach: In my (humble) opinion this is a catch all. Data/information has been exposed and it does not matter whether it was a privacy and/or security flaw.
Privacy Breach: This often occurs due to a lack of security. However, a privacy breach is an event where someone without authorization gained access to or received information/data.
Security Breach: Is an event where an individual gained physical or logical access to a facility, system or network location.
In summary, a hacker gaining access to a system is a security breach. If that hacker extracts data from that system, it is now a data/privacy breach. If a doctor is able to retrieve healthcare information about a celebrity in their hospital, and it is not their patient, that is a privacy breach. Finally, if someone looses unprotected data/information (hard-copy report, laptop, mobile device) on the subway this is a data breach.
No comments:
Post a Comment