Email Subscription Notifications Suspended Temporarily
We are in the process of making navigation in the Servers and Operating Systems forums simpler and more direct. While doing this, we have to temporarily suspend email notifications for subscriptions. If you are subscribed to one or more discussion boards or blogs in the community, please check them daily to see new content. Notifications will be turned back on in a few days. We apologize for any inconvenience this may cause. Thanks, Warren_Admin
Transforming IT
Showing results for 
Search instead for 
Did you mean: 

IT Security and data privacy: is there a difference?


Mark Colaluca is the Vice President of the Global Support Delivery (GSD) Americas Organization, which includes Brazil, Canada, Mexico, the MCA (Multi-Country Area), and the United States, within HP’s Technology Services (TS) business unit. The GSD Americas team delivers support services to HP customers; supporting warranty, break/fix, Proactive and Datacenter care services, while maintaining high quality and Total Customer Experience (TCE) standards. Since joining HP in 1984, Mark has held numerous management and executive positions within customer support services and supply chain operations. Prior to HP, Mark served in the United States Air Force. Mark currently lives in Dallas, Texas.

IT Security is where the action is. It’s definitely what gets all the headlines. The most recent examples were the data breaches at Target and Neiman Marcus that exposed the credit card numbers and other personal, private data for millions of customers. The list of other companies who were hacked in 2013 reads like a Who’s Who of IT leaders:  Apple, Microsoft, Facebook, Twitter, Skype. So it’s no wonder that IT Security also gets the most attention from everyone from individual users to the largest enterprises.  

In creating a secure IT environment, the assumption is often made that security solutions will also address data privacy concerns. However, this is not always the case. There are subtle differences between the two areas that enterprises need to keep in mind if they wish to maintain an environment that ensures both security and privacy.  

Four key areas of difference
Data Privacy can be seen as a specialized subset of IT Security requiring additional approaches and solutions. The specialization is seen in four key areas:   

  1. Type of threat - Security is most often compromised by extraordinary external attacks – hacking, phishing, malware, etc. The enterprise’s security program seeks to deflect those attacks via anti-virus software, firewalls, etc., as well as via training that makes employees aware of threats. On the other hand, privacy can be compromised through everyday activities performed by a company’s employees with no external threat being present. For example, simply faxing an employment record or a medical history to a fax machine in a semi-public area compromises private information.
  2. Type of information involved - IT Security typically seeks to protect the financial information or intellectual property of a company, its partners, and its customers. Privacy encompasses other document types, especially in medical and other personal areas.
  3. Type of solutions available - While there are many security applications and approaches to choose from, such as anti-virus software, few take the extra steps to address the full range of privacy concerns. Standard security training for employees (e.g., don’t open attachments in emails from unknown senders) also does not typically discuss measures to protect private information.
  4. Consequences - The consequences for security breaches are severe, but are not impacted by government or industry regulations. Legislation such as the Health Information Portability and Affordability Act (HIPAA) sets up stringent requirements for the protection of medical information and provides severe civil and criminal penalties for willful privacy violations.  

The bottom line is that true protection requires the implementation of approaches that address both security and privacy.

Start with the basics: the “3 Rs” of data privacy
An excellent first step in creating an overall data privacy solution is to establish a process for dealing with the data stored in all the multiple IT assets in your environment. Note that these have expanded significantly in the past few years and now include everything from printers and scanners to laptops and tablets.The list continues to expand with the growing popularity of Bring Your Own Devices (BYOD). This is all in addition to the enterprise’s storage infrastructure. The “3 R” process lets you establish greater control over stored data and reduces the risk of compromise. It allows you to: 

  1. Retain disks and other components capable of retaining data
  2. Remove data from IT assets before you dispose of them
  3. Recover remaining value from retired IT assets

HP offers services that will help you effectively implement the “3 Rs.” These services help you create a comprehensive data privacy approach that will ensure compliance with regulations such as HIPAA/HITECH, SOX, DoD and more, while they also complement and strengthen your enterprise’s overall IT security programs. HP can also help you ensure privacy as you implement new approaches such as Cloud and BYOD.    

 For more information, check out the Data Privacy page on HP’s web site.  

- Mark Colaluca

0 Kudos
About the Author


28-30 November
Madrid, Spain
Discover 2017 Madrid
Join us for Hewlett Packard Enterprise Discover 2017 Madrid, taking place 28-30 November at the Feria de Madrid Convention Center
Read more
HPE at Worldwide IT Conferences and Events -  2017
Learn about IT conferences and events  where Hewlett Packard Enterprise has a presence
Read more
View all