Data confidentiality is a set of rules or a promise that limits access or places restrictions on any information that is being shared. Data confidentiality is a component of information security and privacy.
In order to maintain data confidentiality, a system or network must prevent unauthorized people from accessing sensitive data while allowing authorized users to do so.
Data confidentiality typically refers to the protection of customer or user information from unauthorized access, such as credit card numbers, social security numbers, driver's license numbers and addresses.
Advances in technology have led to a data explosion. The ability to easily store, share and transfer data has vastly increased organizations’ data footprints. The volume of data being generated and handled by organizations has increased exponentially over the past decade. This, coupled with the fact that their critical business or operational data is constantly under threat from malicious insiders and external hackers, makes it even more important for them to protect their sensitive information. Data confidentiality ensures that only authorized users have access to sensitive business data.
Data confidentiality has recently become a point of contention amongst large tech companies and consumer rights activists. This is seen in the various scandals that have come to light with Facebook and selling user's data without their explicit consent, and with implementation of new legislation that protects the rights of user's data (i.e. GDPR in the European Union). With this new scrutiny of tech companies and how they're using user data, it's more important now than ever to ensure users are aware of how their information is being used, who has access to it, and for how long.
To maintain data confidentiality, organizations use encryption, access control and other means to prevent sensitive information from getting into the wrong hands. There are two broad categories of methods for ensuring data confidentiality:
While encryption is a key tool for maintaining data confidentiality, it does not provide a comprehensive solution for all types of confidential information. Even with encrypted data at rest — whether it's on a laptop or in a database — an attacker could potentially gain access by compromising the server or workstation where it's hosted. And with plaintext traffic, an attacker could potentially intercept it in transit and decrypt it later, especially if they have access to an unpatched flaw in the protocol being used.