People often talk about protecting privacy and security. There was a privacy problem because of a security breach or vice versa. Why are these terms so often thrown together? Are they the same thing? Well, I'll say this, privacy and security are not the same thing though usually they're mutually reinforcing concepts. Again, usually security isn't supportive privacy. Information security is widely defined as a program to protect the confidentiality, integrity, and availability of personal or other confidential data. It's the confidentiality prong of this that aligns so well with privacy. Keeping data accessible to who it should be accessible to, this is confidentiality, this is privacy. As a result, you really can't have privacy without security. We can see this by referring to Fair Information Principles. If you do everything right according to Fair Information Principles, but leave security aside, how big a problem is that? Well, let's take an extreme example. If you collect name, address, prior employment, and Social Security numbers in order to administer a government benefits program, and you provide notice of this and you use the information only for the expected purpose, and you provide individuals access and correction rights, have you sufficiently protected privacy? Well, what if the information is kept in a system with out of date antivirus and weak firewall protections and is unencrypted? What if that information gets hacked by a criminal searching for SSNs to sell on some ID theft-driven black market, is there a privacy problem, a security problem, or both? Yes, both. The lack of security has led an unauthorized actor in, and that actor has greatly compromised privacy. So then, how can privacy and security be in conflict? Well, let's look at online tracking. The more we know about what users are doing in IT systems, the more we can detect and sometimes prevent breaches. Are people installing executable files such as malware? Are they're logging in from two distant locations on the same credentials? Are they systematically sending files out of the organization? All of these questions can be answered through the use of logging and analysis tools, and they help identify and in some cases prevent major security breaches. But by collecting so much user data, they also can raise privacy concerns. Privacy monitoring is an increasingly critical component of modern-day privacy programs. In healthcare, systems exist to identify through anomaly detection in artificial intelligence, inappropriate access to clinical systems to see if someone is snooping on a family member or a coworker. All of these is accomplished by tracking at a very fine level what all employees are looking at, when, for how long, and so on. Strong security and strong privacy for patient data exist here, but it's driven by a lot of collection of user data as well. Similarly, data loss prevention technology or DLP, can monitor what types of files are being stored and shared and in what ways. A DLP tool can spot and indeed can stop a data file with credit card information, Social Security numbers, medical information, and other personally identifiable information from being sent outside of a company or from being shared on an unencrypted thumb drive or other device, or from being sent via e-mail and more. This is a great security that protects the privacy of data being used but with the user also probably having a sense of their own activities being watched by technology, their own sense of personal space becoming a little less personal. Think about how far security technology has come. Recall the first appearance of the PC, the personal computer that was truly personal, no outside management, no automatic updates, no remote trouble shooting, but plenty of privacy. While technology is highlighting at times the trade-offs that exist between privacy and security, any privacy advocate will nevertheless stress the critical role of security and protecting personal information. Particularly, in today's day and age, security cannot be ignored or data privacy will surely suffer.