Suggestions for developing strategies for information security and privacy protection have recently been provided to corporate executives through a joint paper from the Canadian Information and Privacy Commissioner and professional services firm Deloitte & Touche LLP.

The paper, The Security-Privacy Paradox: Issues, Misconceptions and Strategies, examines the complex and often misunderstood relationship between the disciplines of information security and privacy protection.

“This capability for high-speed, high-volume processing and dissemination of personal information creates the potential for substantial risks – as well as large-scale opportunities – associated with information security and privacy protection,” said Ann Cavoukian, the information and privacy commissioner. “However, you must address both; never just one. While information security and privacy do overlap, at times they may appear to contradict. In preserving one alone, companies can do serious damage to the other.”

The paper helps to clarify the security-privacy paradox for senior executives and other professionals. The paper:

• Describes major characteristics, points of difference and areas of overlap between information security and privacy protection;

• Addresses issues and misconceptions that can lead to wasted money, time, effort, conflict and, all too often, inappropriate measures and programs; and

• Recommends and prioritizes business, organizational and technical approaches that are cost-justifiable and can be beneficial in reaching regulatory compliance.

“For those companies that can effectively master building a foundation of trust between themselves and their customers the rewards will be significant,” said William Levant, global privacy leader for Deloitte & Touche. “The creation of trust in this online business world is what can give one company a competitive advantage over another.”