Before I started covering cybersecurity, I thought the term ‘breach’ had a single meaning — that an attacker stole data from a computer system. I also thought all the different versions of the word meant the same thing.
However, I’ve since learned the nuances and differences between a breach, a data breach and a data privacy breach. The difference is important. Classifying a breach poorly can result in unknowingly breaking a law or not complying with regulations.
Privacy regulations, such as the General Data Protection Regulation (GDPR) or state-specific laws, specify how an organization must respond to a privacy breach. Not complying correctly can mean fines and more negative publicity. According to Gartner, the personal data of 65% of the world’s population will be protected by modern privacy regulations by 2023, which is a major increase from 10% in 2020.
Breach, Data Breach or Data Privacy Breach?
Compliance with data privacy regulations hinges on correctly understanding the terms.
The general term ‘breach’ or security breach means that someone who is not authorized to access a computer system has done so. However, it only refers to the act of accessing systems, not really stealing data.
In a data breach, information has been accessed — and likely stolen — from the systems that were breached.
In a data privacy breach, the personal information that was accessed is Personally Identifiable Information (PII). Department of Homeland Security defines PII as any information that permits the identity of a person to be directly or indirectly inferred. That includes any information that is linked or linka ..
Support the originator by clicking the read the rest link below.
