and data protection
refers to the range of administrative, technical and physical
mechanisms that aim to preserve privacy
and confidentiality, by restricting information access
to authorized "knowers" for authorized purposes.
Computer and communications
security efforts also have the goal of assuring the accuracy
and timely availability of data for the legitimate user
set, as well as promoting failure resistance in the electronic
There is a tendency
to focus on technical measures, such as encryption,
when discussing information security. Relatively simple physical
protections, such as restricting access to areas with computers,
fax machines, etc., can be just as important.
are the "administrative" (policy and procedural)
efforts, from the rules about "who may see what"
to details such as how userids and passwords are disseminated.
Even the most sophisticated technical and physical measures
will be defeated by bad practices.
As in physical
contexts, increased information security raises costs. The
explicit expense comes in outlays for additional computer
and telecommunications hardware, associated software, and
technically-trained personnel. The implicit cost stems from
the time and inconvenience to legitimate users as they navigate
across protective barriers (such as logging in and presenting
passwords), and endure the strictures of security-enhancing
The balance is
in part a engineering question of costs and system capabilities
given available technologies -- a balance which is ever shifting.
It is also, fundamentally, a political question: How much
privacy and confidentiality does a society or a particular
organization in that society want? What will it "trade"
Terms like privacy,
confidentiality and security often bring more confusion than
clarity, given the range of meanings in play. Accordingly,
the label data protection has been coined to encompass
the range of legal, regulatory and institutional mechanisms
that guide collection, use and disclosure of information.
(The term is more commonly used in Europe than in the US.)