Is it Privacy or “Legislated Confidentiality”
Since my previous blog, I came upon an interview that the Cyber Security Observatory had with Dr. Mansur Hasib[1]. He had an interesting perspective of what Privacy is. His perspective is that “privacy is simply legislated confidentiality – a key aspect of cyber security”. So, what is confidentiality? Confidentiality is part of the CIA triad, it stands for Confidentiality, Integrity and Availability.
Confidentiality is the principle that information assets are not disclosed to unauthorized subjects. A key component of maintaining confidentiality is ensuring that people without proper authorization are prevented from accessing information assets important to your organization. Conversely, an effective system also ensures that those who need to have access have the necessary privileges. To fight against confidentiality breaches, you can classify and label restricted data, enable access control policies, encrypt data, and use multi-factor authentication (MFA) systems.
The system could ensure the confidentiality of the data by applying controls that ensure data is restricted to authorized individuals. However, the privacy of that information could be compromised because the authorized individual may access the specific data without a valid work reason or may release that information to a third-party without the data subject’s consent. Doing this would have legal consequences based on the type of data and the associated law. The associated privacy laws provide the legislative support for the data subject to protect the privacy of his/her information.
Privacy talks about a person (data subject), but Confidentiality is about information. Privacy restricts the public from accessing the personal details about a person (data subject), whereas Confidentiality protects the information from the range of unauthorized persons.
You may find this short presentation by Kate Dewhirst Health Law particularly useful in explaining the difference between Privacy and Confidentiality the using a situational example in a healthcare environment.[2]
I hope that this blog generate some feedback and views on the subject.
0 Comments