Privacy vs. Security
Sometimes people use the terms privacy and confidentiality or security interchangeably, especially when responding to people who are concerned about why personal information about them that they consider private is maintained by someone else, typically a company or government office. The response, especially from IT professionals, often is: we have this information password controlled, maybe encrypted, and highly secured physically. That, of course, is important to the consumer, but it is separate from the question of privacy. Privacy has to do with what personal information an individual chooses to share with others, and on what terms. Security has only to do with how protected such information is. A company may have the very best security possible to protect information, but it may be information that an individual chooses not to share with that company or anyone else. Or, the individual may agree to share that information, such as a home address and phone number, only for the purposes of a particular service or transaction, and not more.
To illustrate, state governments require anyone registering for a drivers license and car registration to provide the person's date of birth, home address, make of car, etc., and will take a (typically unflattering) picture of the applicant. One cannot legally drive without a license and cannot own a car that is being driven without a car registration. One cannot drive without surrendering this kind of information to the state. It is a pre-condition to driving. Some states, however, have sold such information including even photos to organizations with a commercial interest without the permission of the individuals concerned. If you have ever received an unsolicited promotional letter suggesting that you sell your 5-year old car (make and model) and buy a new one of the make being promoted, you will know what this is all about. Outraged citizens have caused most state legislators to pass legislation prohibiting the use of personal information gained for one purpose for other purposes without the prior written consent of the subject of that information, or unless it is clearly stipulated (even if in 10 pages of very fine print) that by requesting this service, you agree that the information you supply will be made available to third party business partners of the organization collecting the information. If not illegal to use personal information for purposes other than which it was requested, it is certainly unethical.
Minimum Topics for Coverage in Privacy Policies
— Rick Barry, Editor and Content Manager, MyBestDocs