Sometimes at Forrester, if we're looking for a fight, the security and risk management team will kick of discussions on the difference between privacy and security. Slashdot contributor Bennett Haselton wrote an article for Slashdot that is a great example of the difference. The example looks at membership lists for certain websites.

To throw my two cents into the argument, I define privacy as the appropriate use of information, whereas security is CIA, confidentiality, integrity and availability. You can't have privacy without security, you still need to keep the data away from the bad guys, but privacy is also concerned about using that information properly. For instance, your grocery store likely already knows what food you buy, what if they sold that information to the weight-loss center down the street so they could target you. It's not a security violation, but it certainly feels like a privacy one!