There’s a mistake commonly made in the United States that a law that was passed to help people move their healthcare information to a new doctor or provider was actually passed to originally implement universal, wide-ranging privacy controls on that same type of information. This is the mixup with HIPAA—the Health Insurance Portability and Accountability Act—and while the mixup can be harmless most of the time, it can also show up in misunderstandings of other privacy concepts around the world.
Importantly, the mixup colors how we approach data protection, as a requirement and a set of rules, and privacy, as a right granted to certain sectors of our lives. In the European Union, this split is spelled out more clearly in their laws, but in the US, this split is still muddled—there are data protection laws in the United States that aim to achieve data privacy, and there is an entire realm of privacy law that was developed before our current understanding of data.
Today, on the Lock and Code podcast with host David Ruiz, we speak with Gabriela Zanfir-Fortuna, the vice president for global privacy at Future of Privacy Forum, to finally clear the air on these related but not interchangeable topics. As Zanfir-Fortuna explained in our conversation, data protection can achieve privacy, but it isn’t the only goal that data protection should care about.
“The challenge with data protection, though, is that it needs to balance all of the rights, and sometimes they’re competing rights. That’s challenging indeed. But it’s important to note that the ultimate purpose of data protection is not to achieve privacy at all costs.”Gabriela Zanfir-Fortuna, vice president for global privacy at Future of Privacy Forum
Tune in to hear all this and more on this week’s Lock and Code podcast by Malwarebytes Labs.