Security for Beginners
by Sergey Okinchuk
Chapter 10: The Bigger PictureSecurity Is Everyone's Job
Topic 42

Privacy vs Security

Concept

People use the words privacy and security as if they mean the same thing. They don't. They answer two different questions, and you can have one without the other.

Security asks: can the wrong people get to this data? Privacy asks: who should be allowed to hold this data at all, and what may they do with it?

The case that surprises people is the second one. A system can be flawlessly secure — no break-in, no leak, nothing stolen — and still invade Olivia's privacy by design, simply by collecting and using her information in ways she never wanted. That is why both ideas matter, and why blurring them leaves a real gap.

Think of a bank vault. The security is the thick steel vault that keeps thieves out. The privacy is the separate rule about what the bank itself is allowed to do with the money and records sitting inside. A strong vault says nothing about whether the bank is behaving with what it holds.

Two different questions — with an overlap in the middle
Security
Keep the wrong people out. Can someone who shouldn't reach this data get to it? This is everything the course has covered so far.
Privacy
Control legitimate use. Who gathers your data, what do they collect, and what may they do with it? No break-in required to get this wrong.
Where they overlap
Privacy leans on security: a breach exposes data and destroys privacy in one stroke. But security alone never guarantees privacy.

Security: Protecting Data From the Wrong Hands

Security is about keeping information away from people who shouldn't have access to it. Every topic so far — passwords, phishing, encryption, access control — has been a way to answer one question: can the wrong people get in?

When Olivia's bank stops a stranger from reading her balance, that is security doing its job. The threat is someone who was never supposed to have the data reaching it anyway.

So security draws a line between the people who are allowed and the people who are not, and works to keep the second group on the far side of it.

Privacy: Control Over Data That Was Collected Legitimately

Privacy is a different question. It is about the data that an organization gathers with permission, in the normal course of business — and what happens to it after that.

When Olivia signs up for an app, she hands over real information: her name, her email, maybe her location and her habits. Nobody stole it. She gave it. Privacy asks who is collecting that data, how much of it, and what they are allowed to do with it afterward.

So privacy is about control over legitimate collection and use. The worry is not a thief breaking in — it is the company she trusted using what she handed over in ways she never agreed to.

How They Differ

This is the gap most people miss. A company can hold Olivia's data perfectly securely — no breach, no leak, locked down tight — and still treat her privacy badly.

Imagine an app that protects Olivia's data flawlessly, then quietly sells her location history to advertisers she never heard of. Nothing was stolen. The security held. But her data is being used in a way she never agreed to. That is secure, but not private.

So "we weren't breached" is not a complete answer to a privacy complaint. It answers the security question and leaves the privacy question untouched.

How They Connect

The two ideas are separate, but they are not unrelated. Privacy depends on security.

If an attacker breaks into a company and steals its records, every privacy promise the company made is gone in an instant. The data is now in the wrong hands, and no policy about "responsible use" can pull it back. A breach destroys privacy.

But the reverse does not hold. Strong security does not hand you privacy for free. A company can guard its data like a vault and still over-collect it and misuse it. So security is necessary for privacy, but it is not enough on its own — which is exactly why both get their own word.

Common Confusions
  • "If my data is secure, my privacy is protected." Not so. A secure system can still collect far more than it needs and use it in ways you never agreed to. Security and privacy are different promises.
  • "Privacy and security are the same goal." Security is keeping the wrong people out. Privacy is controlling what is collected and how it is used, even by people who are allowed to have it.
  • "Only security can be attacked — privacy can't." Privacy is eroded by over-collection and misuse, and neither of those needs a break-in. A company can damage your privacy without anyone ever breaching it.
Why It Matters
  • These two words dominate tech news and policy, and they are constantly blurred. Telling them apart lets you read a headline and know which question is actually being asked.
  • It explains why "we weren't breached" isn't a full answer to a privacy concern — that statement covers security and leaves privacy untouched.
  • It shows where the two meet: because a breach destroys privacy, good security is part of protecting privacy, even though it is never the whole of it.

Knowledge Check

An app keeps Olivia's data locked down with no breaches, then sells her location history to advertisers she never heard of. How is this best described?

  • Secure, but not private
  • Both secure and private
  • Private, but not secure
  • Neither secure nor private

What question does security ask, compared with privacy?

  • Can the wrong people get to this data?
  • What may the company do with the data it holds?
  • How much data should be collected at sign-up?
  • How cheaply can the data be stored?

Why does privacy depend on security, even though they are different goals?

  • Because a breach exposes the data and destroys privacy in one stroke
  • Because strong security automatically guarantees good privacy
  • Because privacy and security are just two names for one thing
  • Because privacy only applies to financial and payment data, not to habits, names, or location

You got correct