Privacy vs information security

What is the difference between privacy and information security? As an employee, how can you prevent security incidents and data breaches? Why is it important to be aware of this? Security Officer Hedy Bulten and Privacy Officers Aniek Wols and Enna Lujinović answer these questions.

What is the difference between privacy and information security? 

Privacy and information security are crucial for safe and responsible handling of information. Privacy is about managing personal data, using personal information for legitimate reasons and protecting the individual rights of data subjects against unauthorised access. Information security focuses on protecting all data and systems, with the aim of keeping information available, incorruptible and confidential and preventing various threats such as hackers and viruses. 

For which questions and topics can I go to you, and who should I contact?

See the diagram below for who you can contact for which topics.

Differences between privacy and security

Why is it important to pay attention to information security and privacy?

Although people often say, "I have nothing to hide", when it comes to information security and privacy, everyone has data that should not be public, such as personnel files or annual appraisal forms.

With growing online crime (an organisation is hit somewhere in the world every 11 seconds) and the average damage of €4 million per organisation after a cyber-attack, it is crucial to pay attention to information security. We all know the example of Maastricht University, which had a huge impact on its operations. 

It is sometimes difficult to grasp the extent of cybercrime because you don't 'see' it. Take a look at this real-time cyber-attack map, which shows all cyber-attacks in the world right now. 

What often causes security incidents and data breaches, and what can I do as an employee to prevent them? 

Most security incidents and data breaches occur due to unconscious human actions, such as losing information, clicking on phishing links, or scams. At FSS, we will therefore focus on raising awareness in the near future. Soon, you will receive tools and tips on how to work safely and recognise cyber-attacks. 

Start today:

  • A tidy workplace
  • Using Windows+L when leaving your workplace
  • The BCC function when sending emails to many recipients
  • Report phishing via message reporting in Outlook and data leaks to the ICT Helpdesk.

How can we get in touch with you?

If you have any questions, ideas or suggestions regarding privacy and information security, please do not hesitate to contact us.

Privacy & Information Security Team
Security Officer: Hedy Bulten - hedy.bulten [at] ru.nl (hedy[dot]bulten[at]ru[dot]nl)   
Privacy Officers: Aniek Wols & Enna Lujinović - privacy.fsw [at] ru.nl (privacy[dot]fsw[at]ru[dot]nl) 

Hedy Bulten

Hedy Bulten

My name is Hedy Bulten, and I have been the Information Security Officer (ISO) at the Faculty of Social Sciences (FSS) since 1st September. Previously, I worked as an ISO in financial services. My main task is to safeguard information security at FSS to ensure that all information remains available with integrity and confidentiality. I'm enthusiastic about this challenge and look forward to working together to strengthen our information security.

Aniek Wols

Aniek Wols

I am Aniek Wols, Privacy Officer at FSS since the end of August. During my PhD, I was the secretary of FSS's Ethics Committee, which made me increasingly concerned with privacy and the AVG. As a privacy officer, I want to contribute to the quality and impact of our education and research, with careful attention to the protection of personal data of staff, students and research participants. 

Enna Lujinovic

Enna Lujinović

My name is Enna Lujinović and I have been working as a privacy officer at the Faculty of Social Sciences since March 2022. Before this, I worked as an FG/privacy consultant for various organisations ranging from education to SMEs. What makes the GDPR (General Data Protection Regulation) so interesting is that its objective is to protect personal data on one hand, while on the other hand, it aims to facilitate data processing. As a privacy officer, I consider it important to always take these objectives into account in my advice.