How a gender-reveal party illustrates the difference between Data Security and Data Privacy

How a gender-reveal party illustrates the difference between Data Security and Data Privacy

While many have joked that the COVID-19 crisis would generate a baby boom, it’s much more likely that it will be a bust, with as many as 50,000 fewer babies born in Canada in 2020 than a usual year.

Regardless, a new baby in anyone’s life is a big deal, and it’s becoming common for couples to hold gender reveal parties with ever more elaborate stunts to release some kind of pink or blue marker to gathered families and friends, delivering a complete surprise.

Imagine, if you will, that you own a party supplies business, and that your company has been given the job of building and delivering a gender-reveal glitter bomb to the parents at the time of the big party.

To hide the colour of the glitter, you build a casing with solid materials. You seal it tight and do a shake test to make sure that no glitter leaks from it. If any of the invited guests were to find out the colour of the glitter inside the bomb, then the surprise would be ruined. The parents are counting on you to protect the glitter bomb so that they can reveal the gender when they want and in a way they want.

In our pretend scenario, the colour of that glitter could be considered “data” — information that its owners want to protect. To secure the “data,” your first duty is to secure that glitter bomb, because it’s the means by which you are keeping the data secret.

What is data security?

Data security refers to the extent to which data is protected from unauthorized access, use, distribution, sale, alteration, and deletion. To illustrate, data (the glitter in our metaphor) that’s encrypted and stored in multifactor authentication-protected accounts (the glitter bomb casing) is much more secure than data that’s unencrypted and stored in accounts that only require passwords to access. In other words, if you want the gender reveal to be a big surprise, it’s better to build your glitter bomb with a steel sphere than a wiffle ball!

What is data privacy?

Data privacy, on the other hand, points to the expectation that personally identifiable data will only be used in the agreed-upon manner. This is rooted in the principle that individuals have the right to choose what information they want to disclose and to whom.

When the parents asked you to make their glitter bomb, they trusted you with information that they would not want shared in any other context beside their grand event. A bond of trust is formed between you and the parents, and they’re trusting you not only with the data (the colour-coded glitter), but all the details related to that gender reveal party.

What happens if you took all that information and sold it to the baby store down the street? They might want to make a return on their investment by calling your clients to pitch baby clothes and nursery decor that are designed for a particular gender. If that happens, that will cause consternation for the celebrants: How did they know about the event? How did they know the gender? Have they started talking to our neighbors, too?

When trust is betrayed like this, the parents will be less likely to share any information with you in the future — and you won’t be invited to their next gender reveal party! In fact, no parent may ever trust you to keep their gender “data” secrets again! And if that happens, what do you think would happen to your party supplies business? It will blow up as badly as that glitter bomb! (To some very unintended outcomes…)

Similarly, any industry, be it retail or health care, can be impacted severely by privacy breaches of personal data. In fact, data privacy is so important that it is protected by at least one of three sets of rules or norms, namely:

  • Industry standards – To protect all participants of a particular industry, that industry imposes regulations upon itself. A prime example of self-regulation is the Payment Card Industry Data Security Standard (PCI DSS) by the Payment Card Industry Security Standards Council.
  • Government regulations – In the interest of protecting their constituents, more and more governments are executing their own data privacy regulations. Canada has its very own policy: the Personal Information Protection and Electronic Documents Act (PIPEDA) (Currently proposed to be replaced by the Consumer Privacy Protection Act (CPPA))
  • Societal norms – In the age of mass communications and social media, large numbers of customers may reject an organization that violates societal privacy norms. Two of the most effective tools for enforcing such norms are the boycott and the public forum.

So, I have to protect the glitter and not reveal the party details?

Exactly! Implementing data security does not automatically mean that data privacy is being protected. That is, an organization may be keeping data safe from misuse by cybercriminals and disgruntled employees, but they may also be violating the privacy rights of their clients.

If you’re going to protect the Mom- and Dad-to-be’s big surprise, you’re going to have to ensure that no invited guest knows the colour of that glitter in advance, and you’re going to have to be sure that glitter bomb is delivered only to the expecting couple, shows up on the day of the reveal, pops open at the agreed-upon time, and only invited guests know about it.

In short, while data security is about preventing the unauthorized use of data, data privacy is about ensuring that data held in trust is not misused by any party, including those who are authorized to use it.

If you can do that with your customers’ data, you won’t be feeling blue, and they’ll be tickled pink!

Implementing policies and protocols for keeping both data security and data privacy is important in maintaining the trust of your customers. It’s just good business. To help you achieve this, turn to XBASE’s Exponentially Better™ professional services. Drop us a line to learn more.

Like This Article?

Sign up below and once a month we'll send you a roundup of our most popular posts