Confidentiality is a security attribute used in order to protect sensitive data from unuathorised users or processes. As well as preventing the wrong people and processes getting access to the data, confidentiality also needs to ensure that the right people and processes can get access to it.
Personal information is one class of data which is frequently required to be kept confidential, due to its value from its use by cyber-fraudsters in identity fraud. Other types of confidentiality can be secretive environments where organisations are concerned with keeping secrets from their competitors or enemies, with this being particularly important in R&D, military, and many divisions of government (especially intelligence agencies).
- In the UK, the Data Protection Act limits the personal information that organisations are allowed to give out about people.
- Encryption is one way in which data can be kept confidential, by only allowing authorised users to have the decryption key to access it.
- Access control is one way in which data files can be kept confidential, by limiting the ability to read, as well as edit and execute certain files.
Last updated: 8 October 2017