Understanding their differences is not just a matter of semantic clarification. One Pew Research survey characterizes Americans as “concerned, confused, and feeling lack of control” over their perception of data privacy and security. Majority of the respondents say that they understand little or nothing about data privacy laws and regulations. Also, 8 in every 10 Americans think they have little or no control over the data companies and government authorities collect from them.
Most people are unable to quantify or specify which particular instances qualify as uncontrollable data privacy or security violations against them. They tend to simply say that they feel that their privacy or security is under attack without a clear grasp of what data privacy and security violations actually mean.
A better understanding of data security and privacy helps in setting the right policies in organizations. Likewise, it is useful to train employees to become more responsible in the way they deal with data.
The main differences
Data privacy is usually associated with personal, consumer, or public information, whereas data security is generally about securing the sensitive information of an organization or individual. It is a misconception that one is more stringent and crucial than the other. It is inaccurate to say that the consequences of a data privacy breach are not as serious as those of a data security attack and vice versa.
Both share the same need to meticulously follow certain regulations, protocols, and standards. They may have different sets of protocols and standards, but they ultimately need to ensure the protection of certain types of data in certain settings. Cybersecurity solutions like automated BAS penetration testing that also operationalize the MITRE ATT&CK framework are highly effective in ensuring data security as well as data privacy unless the organization running the pen testing defies privacy expectations.