Editor’s note: WRAL TechWire is kicking off a 5-part series on data privacy law to bring some clarity to one of the fastest growing and most complex areas of technology law. Steve Britt, Counsel for Cyber, Data Privacy & Technology (CIPP/E, CIPM), Parker Poe and Sarah Hutchins, Partner for Cyber, Data Privacy & Technology (CIPP/US), Parker Poe
RALEIGH – Updates in data privacy are incredibly fast moving and are a continuing expanding area of law. The business community needs to pay attention to current developments and review current information regarding where these laws came from, where they are going and what companies need to do to prepare for these changes.
To make sure we are all on the same page, let’s start by defining some key terms. First, cybersecurity or data security is about the protection of data and the information systems it lives on from hacking, loss or unauthorized use. Loss of data can come from spear-phishing, ransomware, business email compromise or simply a lost laptop.
privacy data, on the other hand, is about honoring the privacy rights granted by law to the natural persons whose data a business collects, uses and holds. The distinction between data security and data privacy is captured by the tag line: “You can have data security without data privacy, but you cannot have data privacy without data security.” That is because all data privacy laws require that the data be protected from loss. You can have the most secure operations in the world, and never lose a single record, but still blow data privacy out of the water by not complying with these new laws.
Related coverage: FTC crackdown
Data crackdown coming: FTC launches effort to protect consumers privacy
Another way to think about this distinction is that data