Protecting data from accidental, illegal or unauthorised access, disclosure or theft is a matter of data confidentiality.
Confidentiality must do data protection, including permission to access, disseminate, and use it. Information that has low confidentiality issues, if exposed outside its intended audience, can be deemed ‘public’ or otherwise not threatening. To avoid identity theft, breach of accounts and processes, legal or reputational harm, and other serious consequences, information with high confidentiality issues is considered discreet and should be kept that way.
Examples of data with high questions regarding confidentiality include:
- Identity numbers, which must remain secretive in order to avoid misuse of identity.
- passwords, intended for the protection of systems and accounts, must remain confidential.
In handling data protection, consider the following:
- To whom details may be revealed
- If laws, rules, or contracts require details to be kept secret
- If under some circumstances, data can only be used or published
- Whether knowledge is sensitive by nature and if revealed, would have a negative effect
- If knowledge is useful to undeserving people (e.g., hackers)
Guidelines for data confidentiality
Follow these guidelines when handling data confidentiality:
- Devices and paper records that are physically secure.
Controlling data access means controlling access, both digital and physical, of all sorts. Protect computers and paper documents by keeping them in secured areas from misuse or theft. Never leave computers or confidential information in public places unattended. - Dispose of files, computers, and paper records safely.
If the data is no longer required for company related purposes, it must be properly disposed of.- To ensure that it cannot be retrieved and misused, confidential data, such as identification numbers, must be safely removed.
- Tools used for company related purposes or otherwise used for the storing of confidential information should be destroyed or removed safely in order to ensure that their previous content cannot be retrieved and misused.
- Instead of being discarded in garbage or recycling bins, paper documents containing classified data should be shredded.
- Handling data collection.
Be mindful of how much data is really needed and carefully consider privacy and confidentiality in the acquisition process when gathering sensitive data. Unless appropriate, stop collecting sensitive data, one of the easiest ways to minimise the risk of confidentiality is to reduce the amount of data gathered in the first place. - Manage the utilisation of data.
By using sensitive data only as accepted and as required, confidentiality risks can be further reduced. The abuse of sensitive data violates the privacy and confidentiality of that information and of the persons or groups identified by the data.