Skip to content

Term of the Week: Confidentiality

What is it?

The safeguarding of data from unauthorized access or disclosure.

Why is it important?

Confidentiality is part of the confidentiality, integrity, and availability (CIA) security triad. In the CIA security model, the objective of confidentiality is to prevent the disclosure of information to unauthorized entities.

Why does a business professional need to know this?

Confidentiality is a fundamental concept of information security that business professionals, as well as cybersecurity professionals, must understand. After information is collected or generated, it must be evaluated and assigned a level of security appropriate to company policy and other regulatory controls. Maintaining confidentiality in accordance with the security level assigned by the organization is a responsibility of all business professionals.

The question of data confidentiality gained media attention when Edward Snowden disclosed NSA documents in 2013, revealing data collected by the U.S. government’s internet and phone surveillance program (Snowden, Edward)(House of Representatives report 2016). The issue in this case was whether Snowden was acting as a whistleblower when he disclosed these documents and whether acting as a whistleblower justified the release of these documents, despite their level of confidentiality.

Regulatory legislation and standards to protect personal information exist at all levels from international standards to local laws. Examples include the following:

  • US: Health Insurance Portability and Accountability Act (HIPAA)(HIPAA)
  • EU: General Data Protection Regulation (GDPR)(GDPR)
  • Industry: Payment Card Industry Data Security Standard (PCI DSS)(PCI-DSS)
  • US: Children’s Online Privacy Protection Act (COPPA)(COPPA).
  • California: Shine the Light Law(CA 2003)

Once information is classified, organizations use employee education (for example, password complexity guidelines) and technical controls to protect confidentiality. Technical controls include: secure protocols, encryption, password protection, firewalls, and antivirus mechanisms.

To design a secure infrastructure, companies must provide safeguards against unauthorized access and maintain the confidentiality of information assets as mandated by both the relevant regulatory bodies and business policy.

References

About Audrey Gendreau

Photo of Audrey Gendreau

Audrey Gendreau, PhD, Certified Information Systems Security Professional (CISSP), and Global Information Assurance Certified Forensic Examiner (GCFE), is a security analyst in the retail industry with a background in university-level research and teaching. A frequent presenter at international conferences, her publications have focused on intrusion detection and the Internet of Things. Audrey is a coach and mentor for the Air Force Association CyberPatriot program, which inspires K-12 students in the US to prepare for careers in science and technology.

Term: Confidentiality

Email: audreygendreau@icloud.com

Website: researchgate.net/profile/Audrey_Gendreau

LinkedIn: linkedin.com/in/audrey-gendreau-148806a

Leave a Reply