Home Resources The Privacy Series: Data privacy vs Data security Compliance The Privacy Series: Data privacy vs Data security To help marketers prepare for the impact that the privacy reforms will have on the industry and our marketing strategies, practices and processes, we have created The Privacy Series. Each month we will deep dive into one of the key components set to reshape the Privacy Act to understand what they mean for marketers and their businesses. Data privacy vs Data security Whether you work for a multinational company, a small boutique enterprise or something in between – if you and/or the decision makers in the business you work for have only invested heavily in cyber security in preparation for privacy reforms, be urged to rethink this strategy. All too often, cyber security is mistaken as privacy protection, and understandably so. Afterall, in this digital age most data that exists does so in cyber space and there are elements of data security that sit within Privacy regulation (and vice versa). So, IT teams across the nation are then tasked with setting up appropriate cyber security stacks to protect a business’s data. However, this does not guarantee data privacy. There is a definite distinction between the two and organisations relying solely on their cyber security investment in preparation for privacy reforms will risk their data being unusable to drive business growth in the future. To help marketers ensure they are properly preparing and are fully equipped for the changing regulatory landscape, below we will explore the difference between data privacy and data security and what the implications are when data privacy lacks proper investment. What is the difference between cyber/data security and data privacy? While these names may seem synonymous, data security and data privacy are not the same thing. As a risk mitigation strategy to avoid unauthorised access, data security is incredibly important, however, data security does not guarantee your data privacy. So, let’s look at this in a little more detail. More widely known as cyber security, data security is focussed on protecting data from unauthorised third-party access, malicious attacks, and the exploitation of stolen data for profit. In recent times, we have heard of an increasing number of cyberattacks and data leaks as big companies have been subjected to hackers farming for data and demanding large ransoms. This is the type of activity that data security is specifically designed for. A cyber security stack should be working to keep a company’s data safe and secure, and inaccessible to unauthorised third parties. Cyber security has no concern for what data it is protecting, how much data is being protected, what the data is used for, or if it is personal information, sensitive information, or de-identified information. Rather, the only concern a cyber security stack has is that the data it is protecting remains unthreatened, intact, and in-house. On the other hand, unlike data security, data privacy is concerned with what data is held, how much data there is, the purpose for its collection, how the data is used, and the type of information the data is categorised as, such as personal or the higher threshold of sensitive for example. This is because data privacy is about the responsible use and governance of personal data and the rights of individuals concerning their personal information. That’s why businesses need to ensure a best practice approach to their data collection. At the end of the day, this data is connected to a person, and that person is a customer. As businesses need customers and their personal information to generate business growth, stringent data privacy practices are paramount. So while it may seem logical to collect all the data available to create a more detailed customer view to optimise growth, this is not considered best practice and businesses should be careful of this approach during this transitionary period of regulatory reform. Instead, only collect, use and store the data that is essential for your marketing activity, and then delete it when it is no longer required. This will best set your business up for data privacy success in multiple ways, namely compliance and equally as important, in gaining your customers’ trust. In exploring the difference between data privacy and data security, it is clear that both are critical but one without the other can have significant pitfalls. That’s why investment in both is necessary as the safeguarding of one does not assume protection of the other. In fact, at a recent SXSW Sydney 2024 panel discussion on whether privacy and safety outcomes must come at a cost to one or the other, eSafety Commissioner Julie Inman - Grant and Privacy Commissioner Carly Kind agreed that “while privacy and safety have distinct roles to play in protecting Australians online, both can coexist and the debate need not be all-or-nothing”. Failing to invest or investing to fail? Whether your business is failing to invest in data privacy, or investing to fail by only prioritising data security, either way there will be implications for marketers and how they use data in the future. As mentioned above, data security is necessary for risk mitigation, but it is not sufficient for data privacy. A focus on data security without embedding privacy in your business means that broader privacy issues around your data may arise, and customer trust and/or growth strategies might be compromised as a result. In other words, organisations would be securely storing data that they cannot use as it would breach legislation and would therefore be stagnating any business growth. As we know, marketing is responsible for business growth and therefore to effectively deliver said growth, marketers require data. That’s why now is the time to make your marketing voice heard by engaging with key stakeholders to educate them on why sound investment for the marketing team to upskill on data privacy is needed. It is a somewhat redundant task to heavily invest in and deploy cyber security if the data you are protecting cannot be used. A focus on investing in one of the departments that uses the data to deliver growth for your business is critical to ensure compliance in this changing regulatory landscape. Marketers need to be confident in their knowledge and understanding related to data privacy and cannot pass the buck to their legal and compliance stakeholders. Instead, legal and compliance teams (where applicable) are there to work with the marketing team to make sure an organisation’s data is collected, used and stored appropriately. As such, marketers need to be able to articulate to these relevant stakeholders the full data journey such as when and how the data is collected and what consent is required, how and why data is being used including any automated decision making (in accordance with the first tranche of privacy reforms), the kinds of data being collected and stored, and for how long the data will be retained and used before appropriately deleted. Being able to communicate this to legal and compliance stakeholders will ensure privacy policies, notices, consent practices and so on are all compliant with legislation and also help confirm that what is put into those policies (the promise to customers) can be operationalised – whether that be now, or as regulatory reform continues to unfold. Marketers are not trained in privacy, compliance and regulation and will therefore need the investment and backing of the businesses they work for to upskill. If this does not happen, there is risk of both reputational and financial penalties as data privacy breaches will occur. FIND OUT FIRST, STAY CONNECTED Sign up to receive ADMA newsletters, updates, trends, special offers, events, critical issues and more Job role*Agency Account Manager/ExecutiveAgency Account/Strategy DirectorCDOCEO / Managing DirectorClient Service / Sales ManagerClient Service/Sales DirectorCMO / CCO / Marketing DirectorCreative Director / HeadData Analyst / Scientist / EngineerDesigner/Copywriter/Creative ManagerEarly Career Data Analyst / Scientist / EngineerHead of Analytics / Analytics LeaderHead of Category/Customer Experience/InsightsHead of Marketing/BrandHead of ProductHR/Learning and Development ManagersIT Director/ManagerLegal/RegulatoryMarketing ConsultantMarketing Executive / CoordinatorMarketing Freelancer / ContractorProduct / Brand / Digital / Communication ManagerSenior Data Analyst / Scientist / EngineerSenior Marketing/Brand ManagerOther You may unsubscribe at any time using the link provided in the communication. View our Privacy Policy. Filter Resources Filter Courses Capability Capability Campaign Integration Compliance Customer Experience Marketing Technology Insights Learnings Brand Development Content Format Content Format Information sheet Member-only Press-release Article Blog Case Study Data Event Infographic Media Coverage Research Tool-kit Video Webinar Whitepaper Topics Topics CMO Crib Sheet CMO Spotlight Global Forum Global Forum 2023 Privacy Awareness Week Privacy series Regulatory Spotlight Resource The Weakest Link Compliance Resources CEO Blog Compliance Regulatory Content Copywriting Creative Data Data-driven Marketing Digital Campaigns Leadership Social Media Thought Leadership Article 25th Jun 2025 9 minutes The Privacy Series: Data breach response plan To help marketers prepare for the impact that the privacy reforms will have on the industry and our practices, we have created The Privacy Series. Each month we will deep dive into one of the key components set to reshape the Privacy Act to understand what they mean for marketers and their businesses. This month we look at data breach response plans. Article 25th Jun 2025 7 mins The Weakest Link Series: The Government ADMA’s “Am I the weakest link: Privacy edition” explores the idea that the privacy data chain is made up of six main parties – the marketer, the consumer, the platform, the agency, the government, and the board – all with the potential to be ‘the weakest link’. However, each of these parties contribute in different ways to the standard of data practices in Australia’s economy. Can we really point the finger at any one party? In this article series, we will deep dive into each of the links in the chain, assess the areas for improvement and how marketers can help strengthen the chain overall through their own roles. Article 25th Jun 2025 7 minutes Privacy Awareness Week 2025: From Awareness to Action This year’s Privacy Awareness Week (PAW) continued to fuel the national privacy conversation, driving it from surface-level awareness to deeper, systemic action. The week was a flurry of activity by all supporters. Read all about it in this article. 25th Jun 2025 4 mins Six Reasons Why You Need to Be at ADMA’s Global Forum 2025 Join us at ADMA Global Forum 2025, where the industry’s powerhouse thought leaders come together to tackle the biggest challenges shaping the future of marketing. The theme, ‘Elevate – for marketing’s next horizon’, focuses on addressing how we empower marketers to sharpen their edge, build capability, and embrace strategic transformation in an industry reshaped by disruption, innovation and accelerating complexity. Article 23rd Jun 2025 7 mins “Would you call it fair and reasonable?”: Daniel Eadon on the new rules of responsible marketing As the industry braces for Privacy Act reform and rapid AI adoption, Daniel Eadon, Associate Director of Marketing Performance at Optus, believes the future of marketing depends on a single principle: trust. Here, he explains how privacy impact assessments, collaboration and common sense will define tomorrow’s best marketers. Article 23rd Jun 2025 9 mins The tech behind the personal touch: How to build an efficient personalisation stack Customers today expect brands to understand them and serve products and messaging that reflect their tastes. Many marketers are eager to meet these expectations with personalised content. But few know where to start. The good news? With the right tools and structure, you can automate smarter, more efficient personalisation. Let us explain. Load More
Article 25th Jun 2025 9 minutes The Privacy Series: Data breach response plan To help marketers prepare for the impact that the privacy reforms will have on the industry and our practices, we have created The Privacy Series. Each month we will deep dive into one of the key components set to reshape the Privacy Act to understand what they mean for marketers and their businesses. This month we look at data breach response plans.
Article 25th Jun 2025 7 mins The Weakest Link Series: The Government ADMA’s “Am I the weakest link: Privacy edition” explores the idea that the privacy data chain is made up of six main parties – the marketer, the consumer, the platform, the agency, the government, and the board – all with the potential to be ‘the weakest link’. However, each of these parties contribute in different ways to the standard of data practices in Australia’s economy. Can we really point the finger at any one party? In this article series, we will deep dive into each of the links in the chain, assess the areas for improvement and how marketers can help strengthen the chain overall through their own roles.
Article 25th Jun 2025 7 minutes Privacy Awareness Week 2025: From Awareness to Action This year’s Privacy Awareness Week (PAW) continued to fuel the national privacy conversation, driving it from surface-level awareness to deeper, systemic action. The week was a flurry of activity by all supporters. Read all about it in this article.
25th Jun 2025 4 mins Six Reasons Why You Need to Be at ADMA’s Global Forum 2025 Join us at ADMA Global Forum 2025, where the industry’s powerhouse thought leaders come together to tackle the biggest challenges shaping the future of marketing. The theme, ‘Elevate – for marketing’s next horizon’, focuses on addressing how we empower marketers to sharpen their edge, build capability, and embrace strategic transformation in an industry reshaped by disruption, innovation and accelerating complexity.
Article 23rd Jun 2025 7 mins “Would you call it fair and reasonable?”: Daniel Eadon on the new rules of responsible marketing As the industry braces for Privacy Act reform and rapid AI adoption, Daniel Eadon, Associate Director of Marketing Performance at Optus, believes the future of marketing depends on a single principle: trust. Here, he explains how privacy impact assessments, collaboration and common sense will define tomorrow’s best marketers.
Article 23rd Jun 2025 9 mins The tech behind the personal touch: How to build an efficient personalisation stack Customers today expect brands to understand them and serve products and messaging that reflect their tastes. Many marketers are eager to meet these expectations with personalised content. But few know where to start. The good news? With the right tools and structure, you can automate smarter, more efficient personalisation. Let us explain.