Question 21
Domain 3 — Privacy Architecture and Data Protection by DesignWhich of the following is the BEST way to explain the difference between data privacy and data security?
Correct answer: B
Explanation
Data privacy focuses on protecting people’s personal information and their rights over how it is collected, used, and shared, so it protects the data subjects. Data security is about safeguarding information systems and assets from unauthorized access, loss, or damage, which is why it is described as protecting critical assets.
Why each option is right or wrong
A. Data privacy protects users from unauthorized disclosure, while data security prevents compromise
Unauthorized disclosure is mainly a security outcome; privacy is broader than disclosure alone.
B. Data privacy protects the data subjects, while data security is about protecting critical assets
The distinction is that privacy is governed by rules about the lawful collection, use, disclosure, and retention of personal data, so the protected interest is the individual whose information is being processed. By contrast, security is the set of administrative, technical, and physical safeguards used to preserve the confidentiality, integrity, and availability of information systems and data assets; under frameworks such as NIST SP 800-53 and ISO/IEC 27001, the object being protected is the organization’s information and critical assets, not the person as such.
C. Data privacy is about data segmentation, while data security prevents unauthorized access
Data segmentation is an architectural technique, not the core definition of privacy.
D. Data privacy stems from regulatory requirements, while data security focuses on consumer rights
Privacy often relates to consumer rights; security is not defined primarily by consumer rights.