Mar 2, 2022
4 min read

What is a privacy incident?

Privacy incidents concern the risk of loss, unauthorized access and/or changes to consumer personal data. But what are they in practice?

Privacy laws have boomed around the world. While privacy was always a thing, with the sharing of our lives online and a blending of the digital and real world has led to increased concerns over who does what with our data. While here the security of our data is certainly important and there are special procedures and standards to follow to ensure data security incidents don’t occur, there is now concern for the prevention of so-called privacy incidents as a set of issues which are completely separate from security incidents.


  • A privacy incident concerns the risk of loss, unauthorized access and changes to consumer personal data
  • Security incidents are about systems, privacy incidents are about people
  • Privacy incidents lead to fines, in addition to reputational issues 

What is a security incident

Security and privacy are said to go hand in hand, so before we get to privacy: what exactly is a security incident? 

“An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.” NIST definition

Some examples of security incidents:

  • Unauthorized access, changes, disclosure, or destruction of systems
  • Loss/theft of equipment containing company data
  • Interference with IT resources that affects performance

The security incidents that we are used to hearing about in the news usually concern hacks and ransomware, in which computer systems are breached and external actors gain unauthorized access to systems and data.

Such incidents usually come with a monetary cost as the victim needs to pay to restore their system and its defences.

The EU GDPR set’s fines for security issues at a maximum of 10M EUR or 2% of global annual turnover. However, the same regulation sets the fines for privacy incidents at double: 20M EUR or 4% of global annual turnover.

So what privacy incidents and why do the regulators place more emphasis on their avoidance in the form of greater punishment for infringement?

Privacy incident

A privacy incident concerns the risk of loss, unauthorized access and/or changes to consumer personal data. The idea here is that a privacy incident can cause harm not only to your company, but also the customers whose data is exposed, lost, stolen or affected in any other way.

Compliance with privacy legislation to keep consumer data has become a requirement for businesses globally, putting businesses who don’t take privacy seriously at risk of brand damage, in addition to GDPR fines which average at $1.8M.

“We have already seen that your security barriers form your first line of defence to secure your business infrastructure and the personal data you store. When your perimeter is secure, you will want to secure the data that you are transmitting inside your perimeter.”
Learn more about privacy incidents

Since privacy regulations are laws, the cost of a privacy incident can run much higher than a security incident. While security incidents can affect your business due to loss of contracts, corrosion of trust in your brand; with privacy incidents, these kinds of outcomes are exacerbated with fines and unhappy customers.

Learn more about the privacy gap by reading the full report.

Privacy incidents aren’t covered by security measures and tools but privacy compliance is mandated by law. But what are examples of privacy incidents?

Privacy incident examples

A good example of a privacy incident is when an authorized third party integration you company is using gets more customer information than is established in the contract or than you have specified in your privacy policy. In this situation you could be using a marking-automation tool and providing excessive PII to it.

Learn what happens when you give excessive access rights to employees

Another example would be when you collect more data than you state you will in your privacy policy. For example, collecting location data from your customers without their consent.

Read the full report on privacy incidents.

These privacy incidents have business and legal consequences which could spell the death sentence for your business.

To cover the risks of these incidents happening to your company, you will need to monitor how you are handling PII, for what purposes and who you are sharing it with. This can be done with an automated solution that can give you a view of PII at rest and in motion.

Soveren offers you a way to analyze traffic and the PII that is flowing through your systems so that you can detect privacy incidents. Soveren’s real time analysis of structured communication traffic inside your company’s infrastructure gives you actionable intelligence on personal data to spot and prevent privacy incidents.

Book a call with us to learn more about how you can prevent privacy incidents

Receive helpful tips, practical content, and updates

Thank you! You have been successfully subscribed
Oops! Something went wrong while submitting the form.