A data breach is a type of privacy incident that happens whenever an unauthorised person could have gotten access to someone else’s personal information. They are the result of failing to protect personal information. We believe that people and organisations need to protect personal information to prevent other people and organisations from suffering real harm. Harm is any damage that the data breach causes.
Why do data breaches cause harm?
Data breaches and other privacy incidents damage organisation’s public reputations, existing relationships, and prospects of getting new business because:
- they have the potential to expose personal information in a public or semi-public way; and
- the mere prospect of having your personal information exposed affects how you behave.
Imagine that you are dancing by yourself in your living room. You would probably be fairly uninhibited, not overly self-conscious, and fairly relaxed. Now imagine that you knew there was a surveillance camera in your living room from which your security company could watch you dance. You would have no way of knowing whether they are actually watching you or not at any given moment, but there is always the possibility that they could be. I’m sure you’d dance a little less enthusiastically, that is – if you continued to dance at all.
There is an excellent TED talk where Glenn Greenwald uses the dancing analogy to explain why privacy matters: