Image Promo description

Register to use our site and access free newsletters, book events and lots more.

You don't have to be a member to use our site. Already registered? Login here

Become a member today

The Chartered Institute of Housing is the independent voice for housing and the home of professional standards

Are information security and data protection the same thing?


While data protection is linked and often comparable with information security, the two are not identical. Charlotte Lewendon, information management, governance and risk manager at the Guinness Partnership, explains why.

Keyboard with padlockInformation security is essentially protecting all information (both manual and electronic) and information systems from unauthorised use, disclosure, disruption or modification, in order to provide:

  • confidentiality (i.e. restrictions on access and disclosure)
  • integrity (i.e. no improper information modification or destruction)
  • availability (i.e. ensuring timely and reliable access to – and use of – information)

The Data Protection Act (DPA) is concerned with the protection of personal and sensitive personal data and is therefore a division of information security. As we are all aware, the DPA makes specific reference to information security under its list of data protection principles, but the two terms are often used together, which can create confusion.

Example: As part of an information risk assessment, an organisation is considering what controls are needed to protect its corporate website from hacking. It wants to maintain the integrity of the information that the organisation has proactively published. The website does not publish or collect any personal data but alteration of the information on the website could cause a reputational impact if was misleading or defamatory. Information security controls would need to be considered – but not the Data Protection Act.

Understanding the difference between the two is very important when making decisions about the controls you are putting in place to protect information. Recognising the difference is also vital when conducting risk assessments and privacy impact assessments, or understanding the impact of a breach and the potential to report to the information commissioner.

Find out more about keeping your data safe

Please log in to comment

Your comments

No comments made yet

Join today

We’re here to help you make a difference. Join CIH today and discover your potential


Fire safety

All the latest info and fire safety resources for housing professionals


The new housing apprenticeships

With a century of experience equipping housing professionals with the skills they need to do the brilliant work they do, we can help you make the most of the new housing apprenticeships – whatever stage of the journey you are at.