Short answer: it’s a trick question. Privacy is part of security.
But just because one is part of the other doesn’t mean they are the same. There’s a nuance there that’s important.
The word “security” is shorthand for “information security” or “cybersecurity” in this parlance.Information Security is about controlling access to information. Privacy is about making sure users’ expectations about use of their personal data are reflected in the real world.
These are extremely similar, but not identical.
Both are about avoiding misuse of data. The difference is in one component― the policy , i.e., the expectation of how information is supposed to be used.
With Privacy, this is an important point because that needs to be captured from the user at various points in the lifecycle of a product or service.
The main difference is that with security the policy for protection and use is a given, and with privacy it’s a conversation with the user.
With the larger Information Security field, this expectation of protection and use component is given to us as an explicit policy at the beginning. These people can do this with this data, these people cannot. Etc.
That’s really the difference.
So don’t listen to anyone who says they’re either completely different or completely the same. It’s more nuanced than that.
Both are about protecting information from violating policy―which is information security. Privacy just involves gathering that policy from the user as part of the process.