It’s the 2020s - data is critical to growth at almost every company. And with data, comes opportunity, but also legal responsibility and risks.
Two of the most important categories of data law are security and privacy.
Privacy law governs the collection, use, and sharing of personal data. It sets limits as to what kinds of data companies can collect, what kind of notices they have to provide customers, and what kinds of consent may be required. Privacy law also creates rules about how companies use the personal data - for example for marketing their products; And it limits how and under what circumstances personal data can be shared with third parties, for instance, for the parties’ marking purposes.
This different from cyber security law which governs how companies must secure information, mostly personal data it collects; and what companies need to do when they have a data breach - which can include stopping the breach, investigating what happened, notifying individuals and regulators; and providing support for people;
Cyber security law also includes cyber crimes - laws that prohibit things like “computer trespass” - accessing a computer you are not supposed to be in/without authorization or exceeding authorized access.
Privacy and cyber security law are different - but they are also related. You can’t have security without privacy or privacy without security.
What does that mean? It means if you don’t know what data you're collecting or where it is, it is much harder to secure, and on the other side, if you can’t secure your data, it will become less private.
So if you are involved in gathering or using personal information - you are bound by rules about collecting and using data (privacy); and protecting that data (cyber-security).