Privacy vs. Security
Obviously, this book covers a great deal in the area of security. Although security is a component of privacy, there is unique distinction between the two. Security's purpose is to restrict access to sensitive information from people who shouldn't have it. In the case of privacy, people who have legitimate access to data need to comply with users' preferences when it comes to how that data is handled. To be more specific, good privacy means adhering to the Safe Harbor Principles. One case in which privacy and security can conflict is when you want to log information about a user or transaction to maintain security. Carefully consider whether the logs now contain information that should be governed by the privacy policy. If the logs do contain PII, you either need to eliminate that or be prepared to handle the logs as private information.