Privacy is often defined as control, regulation, and access to personal information - anything data that can be used to determine identity - and how it is used. Security on the other hand refers to how well data is protected from unauthorized access through a breach, leak, or cyber attack. The two are closely related, with security and privacy often being used interchangeably.
Security violations (like data breaches) often mean a loss of privacy while preserving privacy requires more than just a secure system. The difference is more nuanced though, reflecting which data is being protected, how it’s being protected, from whom it’s being protected, and who is responsible for that protection. Security then focuses on protection while privacy is concerned with responsible data use. The other substantial difference is the type of protection involved and the entity seeking access to some sensitive data. This difference is reflected in privacy regulations that define data holders and protect users from untrusted-third party data access. Meanwhile, security measures protect data from malicious access or theft, targeting the act rather than the intent of the third party.
Although concepts of security and privacy are tangled, we know that it is possible to have security without privacy, but impossible to have privacy without security. Given this relationship, privacy has historically been considered secondary or less important than security. Security's historical importance means there are well-established principles, guidelines, and standards.
Privacy however has a more diverse set of notions like k-anonymity, l-diversity, differential privacy, homomorphic encryption, and secure multi-party computation (or cryptographic/information-theoretic secrecy) each with their own application scenarios. Given that data privacy is increasingly being recognized as a fundamental human right, a hybrid design of security and privacy principles to design privacy-preserving systems is the need of the hour.