LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

How can classic IT security goals (CIA) conflict with data protection goals?

IT security goals and data protection goals can conflict — for example, replicating personal data to global servers improves availability but may violate data protection requirements around data location and purpose limitation.

Example conflict: Availability vs. Data Protection

Aspect IT Security Goal Data Protection Concern
Goal High availability through global replication Data minimization and storage limitation
Action Replicate personal data to servers worldwide IP addresses and other data stored in countries with weaker privacy laws
Result System stays available even if one region fails Privacy is compromised in favor of availability

Other potential conflicts:

  • Integrity through logging vs. data minimization — Comprehensive audit logs improve integrity but collect more personal data than necessary
  • Confidentiality through monitoring vs. privacy — Network monitoring detects threats but also surveils user behavior
  • Availability through backups vs. right to deletion — Backups preserve data that users may have requested to be deleted

How to resolve these conflicts:

The goal is to find a balance that satisfies both security and privacy requirements. This often involves:

  • Privacy-preserving logging (logging events without storing unnecessary personal details)
  • Data localization strategies (keeping replicas within privacy-friendly jurisdictions)
  • Retention policies that expire backups according to deletion requests

Tip: When designing systems, always evaluate each security measure through both lenses: "Does this make the system more secure?" AND "Does this respect data protection principles?"

From Quiz: PRIVACY / Identities, Anonymity & Data Protection Goals | Updated: Jul 14, 2026