While security and privacy overlap significantly, and robust security controls are generally needed to ensure privacy, they aren’t the same thing. Where security encompasses all the ways in which an organization protects its various assets, privacy refers specifically to how organizations handle the sensitive personal data of its users.
Though there are particular laws in place around privacy, establishing privacy controls should be about more than checking a compliance check box. Taking necessary measures to protect user data will not only reduce the risk of regulatory fines, it can help prevent catastrophic data breaches, can greatly simplify incident response in the event of a breach, and can even help with building a trustworthy brand.