Data security! What is data security and why is it so important? What is the difference between data security and data protection? It's a complex topic and often causes confusion. In a joint campaign, The Core facilities for communication and IT want to raise more awareness. Pat Privacy, Ingo Innocent and the Gremlin are helping.
Data security deals with the protection of data, regardless whether it has a personal reference or not. Data security concerns all measures to protect data from manipulation, loss or unauthorized access, regardless of whether it is in analog or digital form. In principle, this applies to all information, including research data, business concepts, design plans, tax records, etc.
The German Federal Data Protection Act (BDSG) contains a series of technical and organizational measures designed to guarantee data security. Both access to the computer and to paper folders or workbooks must be prevented in rooms with public traffic.
In contrast to data security, data protection refers to all measures taken to protect an individual with regard to his or her personal data. It serves to protect the privacy of each individual. Personal data should neither be misused nor passed on without being asked. In principle, each person should be able to decide for themselves which of their data should be accessible to whom and when.
According to the EU Parliament, this right to informational self-determination is derived from Article 8 (1) of the European Convention on Human Rights.
The security of IT systems must be distinguished from data security and data protection. This is not just about protection against unauthorized access, but also about ensuring that data is available and that regular backups are made. Existing IT systems must function reliably, and the paths of technical processing must be just as secure as the storage location.
Different protection goals: What should be protected and why?
Confidentiality: Data may only be viewed and used by authorized persons.
Integrity: Data must be correct, unchanged, and reliably used. Data must not be falsified (improper use, faulty software/hardware).
Authenticity: Ensure the authenticity, reliability and binding nature of data.
Availability: It must be possible to use both the data and the programs or resources used at any time.