The Spanish DPA has issued a blog post in its website regarding the Data protection and security of any data processing.
Let’s imagine for a moment that we are walking down the street and someone comes up to us and tells us that they have great information about our family. A stranger who, for example, tells us something like he knows our children, knows their names, the school they go to and the names of their friends.
The same person claims that this is a small part of the information he has, but we do not need to worry: he is only doing it for our own good and all this data is safe in his possession. He has all the possible certifications that guarantee that there will be no problem that could put at risk the confidentiality, integrity and availability of the information he holds.
Data protection is a human right that is linked to the Universal Declaration of Human Rights adopted by the General Assembly of the United Nations in 1948 with the aim of guaranteeing human dignity and as an instrument for combating oppression, impunity and affronts to human dignity.
Article 12: No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks on his honour or reputation. Everyone has the right to the protection of the law against such interference or attacks.
Article 2: Everyone is entitled to all the rights and freedoms set forth in this Declaration, without distinction of any kind, such as race, colour, sex, language, religion, political or other opinion, national or social origin, property, birth or other status. Furthermore, no distinction shall be made on the basis of the political, jurisdictional or international status of the country or territory to which a person belongs, whether it be independent, trust, non-self-governing or under any other limitation of sovereignty.
Information security is aimed at preserving integrity, availability and confidentiality through adequate and proportional technical and organizational material resources to achieve one or more objectives. These may be diverse: ensuring business continuity, State security, preventing fraud, preserving institutional image, or, for example, ensuring privacy.
The technical and organisational measures to ensure the security of personal data are part of the guarantees that allow the effective implementation of data protection. But for such measures to be truly privacy oriented, the selection and implementation of information security is one more step in the process of applying data protection principles.
Source, only available in Spanish AEPD