What is data privacy and why is it important?

Privacy news
12 mins
An eye in a camera.

Data privacy is important because it is a protection of your data to prevent the lack of access control to your personal information that can put you at risk for a variety of cybersecurity threats. As digital tools and technologies advance, the data we share with companies and services creates an opportunity for them to improve our user experience.

On the flip side, it also raises the question of whether our data can remain private. Let’s take Facebook as an example. When you share data on that platform, a lot of what you share is also shared with its advertisers and third parties. Is Facebook right to share your data? Questions like these are at the heart of data privacy.

With consumers becoming increasingly conscious of data privacy, it’s really up to the companies and services to step up their data privacy game. While using a VPN is one of the best ways to protect your privacy, there are several other things consumers can do to protect themselves further.

Here’s what data privacy is, and why you should care about it, regardless of whether you’re a consumer or business owner.

Jump to…

What is data privacy?
4 reasons you should start caring about your privacy
Best practices for data privacy and protection
Well-known data privacy laws that govern data privacy
Why is data privacy important to businesses?
FAQ: About the importance of data privacy

What is data privacy?

Data privacy is the concept of giving consumers control over how their personal data is accessed, used, or shared. This personal data includes your name, location, birthday, bank account information, and online activity.

Data privacy impacts our everyday lives. As a consumer, you should choose services that care about protecting your data privacy. And as a business owner, it’s an important factor to consider in your branding and business strategy as customers increasingly care about it.

Key data privacy concepts

Data privacy is centered around how data should be collected, accessed, and stored. It ensures that you have the best protection against a data breach. Here’s are some concepts that are important to understanding data privacy:

Data collection

Data collection is the process of companies gathering customers’ personal data. This usually helps companies gain more insight into their customers and make informed business decisions. Businesses should give a Personal Information Collection Statement, which states the purposes for which personal data will be used. If not, the privacy policy should make that clear, at the very least.

Data breach

A data breach is a security violation in which personal information stored in a database is accessed, stolen, or used in an unauthorized manner. Data breaches are one of the most common and most costly cybersecurity threats. What’s more, private companies aren’t the only victims as governments are occasional targets as well.

Data access

Data access refers to an individual’s ability, right, or permission to access data stored within a database. Controlling data access is one of the best ways of protecting data privacy

Data storage

Data storage refers to the recording of information in a storage system for future use. These storage systems include electromagnetic, optical or other media which can backup and restore the data. In the event of a cyberattack, data storage is useful in helping to recover the data. However, the data storage itself can also be a target for cyberattacks.

Data privacy vs. data security

Data privacy and data security are related, but they aren’t the same. The major difference between them is that data privacy refers to a user’s ability to control their personal data while data security refers to the system that keeps said data safe from a breach, leak, or cyberattack. As a consumer, you will only want to use services that value your data privacy and have a strong data security system.

4 reasons you should start caring about your privacy

1. Everyone has something to hide

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”
-Edward Snowden

Everyone has something to hide, even if they don’t realize it.

Here’s an example:

In a 2009 CNBC documentary, then-Google CEO Eric Schmidt famously said: “If you’re doing something you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”

He was referring to how Google records users’ search inquiries, implying that ‘innocent’ people have nothing to hide. (We’ll get to the ‘innocent’ part later.)

Yet when CNET Magazine published an article containing private info about Schmidt, including his income, his neighborhood, and his political donations, he condemned the site for invading his privacy and under Google’s control publicly blacklisted the site.

Though Schmidt wasn’t breaking any laws or dipping his hand in nefarious activity, he was still subject to exposure and so felt the sting of having parts of his privacy—as simple and mundane as they were—exposed.

2. Mass surveillance is conditioning you to act differently

People often act differently when they believe they’re being watched. In the 1950s, psychologist Solomon Asch conducted a series of now-famous experiments on the psychological effects of a surveillance state. The results were staggering.

He was able to prove how people were so ingrained in social conformity that they were willing to follow the crowd — even when they knew the crowd was wrong. Even worse, when people knew they were being surveilled, they were found to have higher levels of stress, anxiety, and doubt.

3. The very meaning of privacy is changing

“Privacy is no longer a ‘social norm’.”
–Mark Zuckerberg

The internet is changing what it means to be private. When you post something on social media, you’re choosing what you want to share. But what about all the information you don’t want to be made public?

Every time you type a search query in Google, that phrase is stored. Your IP address is assigned a random string of numbers that companies can use to track you and serve customized ads based on your browsing habits. Using numerous other data points such as your browsing history, purchasing history, and social media activity, companies can build an extensive profile on your habits and behaviors.

4. Surveillance is evolving

“There will come a time when it isn’t ‘They’re spying on me through my phone’ anymore. Eventually, it will be ‘My phone is spying on me’.”
-Philip K. Dick

If you’ve used an anti-blocking or -tracking extension, then you’ve seen just how much ‘muck’ there is online.

And that’s just scratching the surface. What about the sites that use the information they learn about you and your browsing habits to determine how much they should charge? In 2012, travel site Orbitz received a lot of negative attention for charging Mac users more for hotel options than PC users.

This is just one example of what happens when companies have more information than they rightfully should. Imagine when that info goes deeper than just what browser you’re using or when you bought your last pair of jeans.

Best practices for data privacy and protection

It’s in every company’s best interest to prevent cyberattacks. They can bring costly damage, and it’s the law to abide by data privacy practices and protect their customers’ interests. Here are the best practices companies should stick to for data privacy:

Data loss prevention (DLP)

Data loss prevention is a part of a company’s overall security strategy that prevents sensitive data from loss, misuse, and unauthorized access. To reinforce data loss prevention, organizations use tools, practices, and practices to detect and identify indicators of compromise and prevent data loss.


Used for monitoring and filtering a network’s traffic, firewalls protect your network and devices by preventing unauthorized access. Companies should protect their networks and servers with several layers of enterprise-grade firewalls.


Encryption is a security process of making data only accessible by authorized parties. This is done by turning original data into random data with a cryptographic key. Only users with that key can decrypt and access the data. To prevent data breaches, companies should encrypt traffic between branch offices and between remote workers

Data erasure

Also known as “data clearing” and “data wiping,” data erasure is a software-based process of overwriting digitally stored information with random binary data. Simply put, it makes sure that your data can’t be recovered. This fulfills your “right to be forgotten,” mandated under Article 17 of the GDPR (General Data Protection Regulation).

Data resiliency

Data resilience refers to an organization’s ability to ensure business continuity despite any unexpected disruption, like a natural disaster or data breach. Hosting online services on a cloud infrastructure is a good way to ensure data resiliency.

Data backups

Data backup is the process of copying data from one location to another—to protect it in case of a natural disaster or cyberattack. However, companies will need to balance between the need to store data to prevent data loss and the customer’s right to be forgotten.

Well-known data privacy laws that govern data privacy

Technological advances have given rise to how our data can be used and exploited. This has led to different entities and governments regulating the storage and use of personal data. These are some of the most important regulations to note:

General Data Protection Regulation (GDPR)

As the toughest privacy and security regulation in the world, the GDPR set guidelines that govern the collection and processing of personal information. Although it was passed in the EU (in 2016), it pretty much applies to organizations anywhere in the world, so long as they target or collect data from individuals from the EU.

California Consumer Privacy Act (CCPA)

The CCPA, signed into law in 2018, gives Californians the right to know what personal data is collected, used, shared, or sold by businesses. The company doesn’t have to be headquartered in California. The law applies as long as it deals with customers from California.

Payment Card Industry Data Security Standards (PCI-DSS)

The Payment Card Industry Data Security Standard is a set of information security standards that ensure that all companies that handle branded credit cards maintain a secure environment. If you have a credit card, it’s likely you’re already protected by PCI-DSS.

The Sarbanes-Oxley Act of 2002 (SOX)

The Sarbanes–Oxley Act of 2002 is a U.S. federal law to protect investors from fraudulent financial reporting from corporations. It mandates certain practices in financial reporting and record keeping, not only to make sure the records are accurate, but also stored correctly.

Nevada’s Senate Bill 220

Following in California’s footsteps, Nevada’s Senate Bill 220 gives customers more ability to prevent businesses from selling their information to third parties. Under this bill, companies must provide a toll-free number or an option in emails to opt out of having their data shared.

The Gramm-Leach-Bliley Act (GLBA)

Passed in 1999, the GLBA requires companies that provide consumers with loans, financial or investment advice, insurance, or other financial products and services to explain how their information is shared and protected.

The Computer Fraud and Abuse Act (CFAA)

The CFAA, enacted in 1986, prohibits accessing a computer or performing a computer-related activity without authorization, or in excess of authorization.

Why is data privacy important to businesses?

It’s because bad data privacy can lead to various potential risks for the business, including misuse of information, loss of identity, loss of reputation, loss of trust, loss of revenue, and increased costs due to fines. We’ve gathered some major reasons why you should care about data privacy for your business.

  • Customers care about privacy: According to a survey by ExpressVPN, 96% of Americans thought that online data privacy was important to them. It’s easy to understand that though. After all, it comes down to the nature of having some control over your life, a big part of which sits in the online world nowadays.
  • Data privacy helps your brand: Data privacy is good for business! It impacts how customers perceive the brand, and if done right, helps to gain customers’ trust. Brand trust is a key consideration for customers in deciding to invest in your product or service
  • It will support the code of ethics: A company’s code of ethics is a set of guiding principles to ensure the practice of honesty, integrity, and professionalism within the company. Proper data privacy practices enunciate your company’s code of ethics, showing that you are doing right by your customers as well as by employees.

Tips for improving the data privacy for your business

Data privacy should play a big role in your business practices. Here are a few tips to step up your game in data privacy.

Incorporate data privacy into your branding strategy

Putting your customers first will always set you apart from your competitors. And when it comes to customers’ data, this means you value their privacy and give them control over how their data is handled. When you incorporate data privacy as part of your branding strategy, you present your brand as honest and transparent. This boosts your brand’s reputation and adds value to your business as a whole.

The good news is, it’s not all that hard to make customers know you care about their privacy. Start by keeping them informed of how their data is collected, used, or shared. Also, always let them opt out of sharing their data with third parties.

Look for hires who are privacy-conscious

Your employees should be a good fit with your company culture. To make data privacy a priority at your organization, it’s helpful to find hires who already have the right mindset about data privacy.

Establish data privacy compliance procedures

To ensure data privacy compliance, create operating procedures that maintain data privacy to ensure the confidentiality, integrity, and availability of data.

Create a data breach response plan

Data breaches happen more often than you think. Having a data breach response plan is crucial in minimizing the damage caused by a breach and ensuring the recovery of your business. The data breach response plan should outline actionable steps in the event of a breach.

Ensure proper data storage

When your customers trust you enough to provide you with their personal information, you owe it to them to store their data properly.

FAQ: About the importance of data privacy

Which is more important—data privacy or security?
What are the 7 principles of data protection?
Can personal data be shared without permission?
What is the purpose limitation in data privacy?
What is confidentiality and data protection?