Lectures and the cybersecurity literature have long noted that security and privacy are not the same thing, although they are related. The point of these many discussions is that security has to do with procedures and technologies that control access while privacy is about policies that prevent or discourage the misuse of data. It has always been acknowledged that good security is needed to protect privacy, but there the discussions diverge.
Understanding the differences between security and privacy and their logical relationship is best developed from the perspective of the threats that need to be mitigated. More broadly, cybersecurity defenses seek to detect and prevent attacks that can lead to the loss of data, damage to the infrastructure, or threats such as ransomware that prevent access to the data by authorized users. The loose connection to privacy is that these kinds of controls over access are a requirement to ensure that privacy protections are sustained.
The thrust and energy expended on cybersecurity over the years has been about controlling access to the network as a whole. For many systems, the assumption is that the investment should be devoted to ensuring that people accessing the network are who they say they are and that they have the right to gain access. Hence, many systems were content to set up usernames and passwords and use them to grant access to all the data on the network. This perspective was not very effective in deterring insider threats and even external threats based on such techniques as phishing.
Eventually, the emphasis changed to put the focus on the data content rather than the network itself. After some years of discussion and developing a consensus, the National Institute of Standards and Technology in August, 2020, released the Zero Trust Architecture Framework (ZTA). The special publication, NIST SP 800-207, says that “Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources….as the network location is no longer seen as the prime component to the security posture of the resource.”
The concept of moving the perimeter where security is defined to the objects stored in a network instead of the network itself ties security and privacy together much more closely. Policies controlling access to objects or data components can be implemented in new ways by embedding such polices in the objects themselves rather than indirectly through network access rules. Privacy policies that vary as a function of the object itself can be implemented down to the data element level. Concepts such as role-based access can be defined for a particular set of individual objects, derived from policies related to privacy rules or statutes.
Making the object perimeter the point of establishing protections by embedding the policies and technology needed is a better way to implement solutions when objects are distributed across networks. Digital evidence, including videos, is passed from police to prosecutor to defense attorneys to courts, often on disparate networks and systems. Instead of attempting to impose security and privacy rules across all relevant networks, the simple approach of embedding the policies and rules in the object provides the consistency needed across all applicable networks. At the same time, this approach permits access to those data objects authorized under the law without opening access to the entire network and all data.
The shift to object-based perimeter protection enables the development of technologies that can control the capture of data so as to generate immutable storage possibilities that will protect against threats such as ransomware and assure stakeholders of the integrity of the original data. In the case of video imagery, the assurance of original data or imagery integrity becomes a critical basis for the acceptability of proposed evidence. Equally important is the ability to protect certain data that cannot be shared to meet state Constitutional and statutory requirements without compromising the data integrity. Companies are creating the technology to guaranty the integrity of data capture. 
The combination of a zero-trust architecture with rules of access and monitoring violations embedded in objects and the capability to make data capture immune from modification offers criminal justice agencies a way to guarantee the integrity of digital evidence and satisfy the courts as well as the public interest.