Blog/Infosec 101/

What is data privacy and why is it important?

John Sears

John Sears


Nov 14, 2019


4 min read

You lock the doors when you leave your house. But what do you do to protect your privacy online?Your data holds as much value (if not more) as your wallet or anything you have in your house. So what exactly is data privacy, and how do you ensure it? Read on to find out.

What is data privacy?

In simple terms, data privacy is an obligation by an individual or a company to protect the information you shared with them. For example, you may need to share certain sensitive information to gain access to their service. It could include personally identifiable information, like your name and date of birth or messages, emails, and files. In return, the company promises that no one will use or access your data without your permission.

You most likely have ticked boxes to agree to Terms & Conditions many times. If you've ever dug deeper, you must have seen the company's privacy policy. It states the type of data the company gathers about you, how they store it, and what they are allowed to do with it.

Companies have to set their privacy policies in line with their country's laws and data protection regulations. For example, European Union countries have the General Data Protection Regulation (GDPR), while companies in the United States have to follow federal and state laws.

Privacy agreements, policies, laws, and regulations are great. However, they do not guarantee that hackers won't break into the company's servers and steal your sensitive information. That's where data security comes into play.

Data security and privacy: what's the difference?

Why is encryption important? Simple — devices are physical objects.

Data security and data privacy go hand in hand. Thus they are sometimes used interchangeably, yet mistakenly. Data privacy can be referred to as regulations a company follows to ensure your data stays private. And data security is the technology it uses to ensure that no outsiders can gain access.

Data privacy cannot be guaranteed without data security – and vice versa. If the security is poor, hackers could steal your information. However, if your sensitive data is secured, but there are no privacy policies in place, then the company could share your personal information with anyone.

So how private my data really is?

Unless the company handling it has flawless data privacy and data security practices, your information isn't that private or safe. It can easily end up in the wrong hands. How?

1. Companies breach their own privacy policies

Let's say the company whose service you are using has strict privacy policies. But can you really trust it? Companies like Google and Facebook built their businesses on information gathering, and they breached their customers' trust over and over again. They unlawfully shared users' data with third parties,previously scanned the emails and files stored on the cloud, and used users' images to train their facial recognition technology.

2. Data breaches and leaks

Your data is valuable not just to companies but hackers too. They are working tirelessly to hack into databases of various companies. Why? Because they can use your sensitive information for phishing and social engineering attacks. They can also sell it on the dark web, or drain your bank accounts, take out loans under your name, steal your identity, and more. The list is endless.

That's why data security is so important. But despite that, many organizations don't invest the necessary resources into cybersecurity and therefore fail to protect their servers.

3. Man-in-the-middle attacks

Sharing or transferring files over an unencrypted connection makes you vulnerable to man-in-the-middle attacks. Sending an unencrypted file over an open web is like sending a postcard without an envelope. The postman taking it from A to B can read everything you've written on it. In technical terms, all servers that help to transfer your file can read so-called data packets as well as your IP address. This means hackers who are "sniffing the traffic" can snatch your information, steal your files, and also see your location.

How can you protect your data?

There are quite a few things that can go south when someone is handling your data, even if you trust that company. One way to prevent the damage is simply not share or limit any sensitive information. It’s rarely possible though, as you will often be asked to provide your name, email address, and your card details to use any service. The protection of your data then lies in the hands of that company.

But what about the files you store on cloud, send to your friends, or store on your device? You can take total control of their security and privacy by encrypting them with services such as NordLocker. Sounds difficult, huh? It's easier than you think it is.

You simply need to create an account, download the app, and drop your files into your Locker folder. That's it. The app encrypts your files in a matter of seconds. You can now upload them or transfer them over the internet. Due to state-of-the-art cryptography, no one except you and the recipient will be able to access and use these files.

How safe are Nordlocker encrypted files?

  • Your cloud provider can't access it. Your files are encrypted before they leave your device, and because of Elliptic-curve cryptography (ECC), your provider will not be able to open, scan, view, or use your files in any way.
  • Hackers can't access it. Even if your cloud provider's servers get hacked, bad actors will not be able to decrypt your files. So even in the worst-case scenario, your files are still safe. The same applies to man-in-the-middle attacks – if hackers get their hands on your folders, they'll only see gibberish.
  • NordLocker can't access it. NordLocker has a zero-knowledge policy, meaning we cannot access your information either. We don’t store your password either, so you must remember it and store your recovery key somewhere safe.
  • No one on your device can access it. Your files are protected even if you use a shared device. To open NordLocker, you'll need to use your master password. Make sure it's a strong one, and don't share it with others.
John Sears

John Sears

Verified author

John believes that the best things in life are simple. He uses the same approach when he’s writing about online security. John says that his #1 pet peeve is phishing scams. Ironically, his favorite non-work related activity is fishing.