Privacy is one party’s state of being free from another party’s unwanted surveillance or visitation. In information security, privacy refers to one’s protection against having others view or control data that belongs to them.
When privacy refers to online activity, standards of privacy generally surround minimal expectations (and regulations) about how personally-identifiable information (PII) is handled by those caring for it. Government and industry often group PII, cardholder data, and ways of authenticating these, in a separate class of records requiring special security practices and technologies. Often, sensitive data is not permitted to be held at all, or it must be encrypted if it is allowed to be held or transmitted. Other definitions of digital privacy not relating to PII include a person’s right to be free from unwanted exposure on the Internet, or the unwelcome sharing of their Internet browser habits to a third party such an advertising agency with which the data subject has no connection.
Additionally, as in the case of healthcare covered by Health Insurance Portability and Accountability Act (HIPAA), privacy and confidentiality are intermingled with a patient’s or the insured’s right to be informed, and give informed consent, when data in the charge of others is shared. In the European Union, privacy tied with informed consent is part of one of the most comprehensive and binding regulations about data, the General Data Protection Regulation (GDPR).
“My primary care doctor emailed a copy of my exam results to a colleague seeking another expert opinion on the diagnosis, but he didn’t inform me of this. Even though he meant well, this is a violation of HIPAA since I was left in the dark about this.”