Data security, according to the common definition is confidentiality, integrity, and availability of data. It is the act of guaranteeing that the information is safe from unauthorized access, ensures that the information is reliable and accurate which is accessible whenever it is required. An information security design incorporates features, for example, gathering the required data, protecting it, and obliterating any data that is never again required [1]. Privacy, on the other hand, is the appropriate use of information. In other words, merchants and companies should use the data provided to them only for the intended purpose. For example, if an individual purchase a product from XYZ Company and provides them with their personal information like address, card number, etc. then this company cannot sell that information to the third party. Companies need to enact a data security policy for the sole purpose of ensuring data privacy of their consumer personal information. Moreover, companies must ensure data privacy because the information is an asset to the company. However, no data security policy can overcome the