Cybersecurity and privacy are often used interchangeably within business organizations because they both refer to how businesses protect personal data. However, there are also several substantial distinctions between the concepts of privacy and cybersecurity.
In this post, I explain the differences between privacy and cybersecurity and do a deeper dive into cybersecurity as a legal concept.
What is the Difference between Privacy and Cybersecurity?
Let’s start with some definition (in my own words).
Privacy: the rights and obligations associated with protecting, using, disclosing, processing, and safeguarding information that can used to identify an individual.
Cybersecurity: the processes, policies, practices, and actions taken to protect the confidentiality, integrity and availability of computer systems and the information that is stored or processed with those computer systems.
Primarily, privacy is concerned with the individual and their data. Specifically the rights of an individual to remain anonymous and to have their data used in a legal and (arguably) ethical way that conforms with the expectations of the individual. And, to understand the risks involved in providing their data to an organization. Cybersecurity, on the other hand is about protecting not just individual data, but business and proprietary data, as well as the systems that are used to store that data and allow business continuity.
Is Cybersecurity a Legal Concept?
Yes, although cybersecurity is typically associated with an IT concept, there is significant overlap between the technical requirements utilized by organizations to safeguard computer systems and the legal requirements to do so.
What is Cybersecurity Law?
Cybersecurity law encompasses a multitude of statutes, laws, regulations, and common law doctrines that criminalize attacks on computer systems, define obligations as it relates to preparation for and defenses to those attacks, and requires notification or disclosure to individuals and regulators when those attacks affect the confidentiality, integrity, and availability of those computer systems or the information that is stored or processed with those computer systems.
What are some of the concepts in Cybersecurity Law?
While there are too many to cover in one blog, below is a snapshot of the overlapping cybersecurity legal obligations that are imposed on businesses. Some of these laws are sector or industry specific, while some are more general and apply to a wide-swath of businesses.
Unfortunately, one blog is not enough to cover all of the different facets of cybersecurity law in detail. The above list is designed to help provide an overview of where you find cybersecurity legal requirements, particularly under U.S. law.
In future blogs we will delve into some of these specific laws in more detail. Stay tuned for updates.
Focused On Privacy 
Leave a comment