Difference Between Security and Privacy: What Actually Sets Them Apart

The difference between security and privacy is easy to blur, but the two concepts protect different things and fail in different ways.

Understanding the distinction between digital privacy and online security -- and how to protect both -- is essential for everyone who goes online.

The Difference Between Security and Privacy in Practice

Think of digital privacy and online security as two steps in the same process. Digital privacy protects personal information before it becomes known. Online security ensures that when personal information must be shared, it is handled as safely as possible.

• Digital privacy keeps personal information and data from being unnecessarily exposed.
• Online security protects personal information and data when it needs to be exposed.

Consider how a privacy-focused website operates. A visitor browsing the site has their digital privacy protected because the analytics tool in use de-identifies all visitor information. No personal data gets exposed, sold, or used for ad targeting across other sites. The site does not need to know who each individual visitor is.

However, when a visitor becomes a customer, some personal information becomes necessary -- name, address, and payment details -- to provide service, comply with tax laws, and prevent fraud. This is where online security takes over: protecting that necessary personal data through measures like two-factor authentication and encryption.

How Privacy and Security Get Compromised

While these concepts overlap frequently, they differ when compromised:

1. Both maintained. Personal information is not obtained without consent, and when it is collected, it is stored safely.
2. Privacy compromised, security maintained. A tracker follows you across the internet, building a behavioral profile that gets sold to marketers. No accounts were hacked, no data was breached, but the invasion is still serious.
3. Both compromised. Someone gains unauthorized access to private information and exploits it. The classic example is a data breach where a hacker obtains names, emails, passwords, and other personal details from poorly secured software, then sells that information on the dark web.

Security can exist without privacy, but privacy cannot exist without security. You might post personal details on a social media platform that has secure accounts, but the act of posting eliminates privacy regardless of how secure the platform is.

Protecting Both Privacy and Security

Digital privacy means safeguarding information you might knowingly or unknowingly share online. Online security means ensuring that when your data must be known, it is handled as safely as possible.

Here are practical steps for both:

1. Limit what you knowingly share online. Before posting on social media, forums, or blogs, ask: "How could someone use this information against me?"
2. Protect your devices and their data. Use strong, unique passwords and PINs. Never connect to insecure networks.
3. Use privacy-focused services. Choose DuckDuckGo for search, Fastmail or ProtonMail for email, and other software that prioritizes privacy by design.
4. Use a password manager, unique emails, and two-factor authentication. Every service should have a unique, strong password with non-SMS 2FA enabled.
5. Use a VPN to hide browsing habits from your ISP, protect yourself on insecure WiFi networks, and obscure your location from websites that use invasive tracking.
6. Monitor data breach notifications through your password manager or services like Have I Been Pwned. Update passwords promptly when breaches are detected.

Both digital privacy and online security are essential for anyone who uses the internet. Complete protection requires maintaining both at all times.