Data confidentiality is a property of data, usually resulting from legislative measures, which prevents it from unauthorized disclosure.[1]

Data is said to be confidential when they appear in conjunction with an individual’s name or other identifier such as Social Security number, Credit card number, Driver’s license number, Bank account number , and Protected health information, as defined by HIPAA^[1]

"Confidentiality" refers to the legislative measures or other formal provision which prevent unauthorised disclosure of such data that identifies a moral or physical person either directly or indirectly. Also refers to the procedures in place to prevent disclosure of confidential data, including rules applying to staff, aggregation rules when disseminating data, provision of unit records, etc.^[2]

Safeguarding data confidentiality may involve special training for those privy to such documents. Such training would typically include security risks that could threaten this information. Training can help familiarize authorized people with risk factors and how to guard against them. Further aspects of training can include strong passwords and password-related best practices and information about social engineering methods.^[3]

Data encryption is a common method of ensuring confidentiality. User IDs and passwords constitute a standard procedure; two-factor authentication is becoming the norm. Other options include biometric verification and security tokens, key fobs or soft tokens. In addition, users can take precautions to minimize the number of places where the information appears and the number of times it is actually transmitted to complete a required transaction. Extra measures might be taken in the case of extremely sensitive documents, precautions such as storing only on air gapped computers, disconnected storage devices or, for highly sensitive information, in hard copy form only.^[3]

References

1. ↑ http://www.it.cornell.edu/services/guides/data_discovery/confidential_data.cfm
2. ↑ EU Quality Assurance in vocational education and training/Glossary
3. ↑ ^{3.0 3.1} whatis.techtarget.com/definition/Confidentiality-integrity-and-availability-CIA