Definition of Data Privacy:

Data Privacy, also known as ‘Information privacy’, relates to Personally Identifiable Information (PII) and how it is acquired, managed, processed, protected and distributed by the third party to whom it has been trusted. Thus, data privacy laws govern how those entrusted with PII use it for the purposes disclosed. Whereas, data protection, also known as ‘cybersecurity’, governs the processes for the protection of PII, and other types of proprietary data, to prevent unauthorized uses or loss.
None of the major data privacy laws actually define ‘data privacy’. Rather, they each define what information is private and how the data is to be obtained, used, stored, analyzed and/or deleted.

The additional information below is quoted from wikipedia.org

Information privacy law or data protection laws prohibit the disclosure or misuse of information about private individuals. Over 80 countries and independent territories, including nearly every country in Europe and many in Latin America and the Caribbean, Asia, and Africa, have now adopted comprehensive data protection laws. The European Union has the General Data Protection Regulation (GDPR), in force since May 25, 2018. The United States is notable for not having adopted a comprehensive information privacy law, but rather having adopted limited sectoral laws in some areas.

These laws are based on Fair Information Practice guidelines developed by the U.S. Department for Health, Education and Welfare (HEW), by a Special Advisory Committee on Automated Personal Data Systems, under the chairmanship of computer pioneer and privacy pioneer Willis H. Ware. The report submitted by the Chair to the HHS Secretary titled “Records, Computers and Rights of Citizens (07/01/1973), proposes universal principles for the privacy and protection of consumer and citizen data:

  • For all data collected there should be a stated purpose.
  • Information collected from an individual cannot be disclosed to other organizations or individuals unless specifically authorized by law or by consent of the individual
  • Records kept on an individual should be accurate and up to date
  • There should be mechanisms for individuals to review data about them, to ensure accuracy. This may include periodic reporting
  • Data should be deleted when it is no longer needed for the stated purpose
  • Transmission of personal information to locations where “equivalent” personal data protection cannot be assured is prohibited
  • Some data is too sensitive to be collected, unless there are extreme circumstances (e.g., sexual orientation, religion)