Definitions[edit | edit source]
Computer security[edit | edit source]
|“||assurance that information is not disclosed to unauthorized persons, processes, or devices.||”|
|“||the requirement that private or confidential information not be disclosed to unauthorized individuals. Confidentiality protection applies to data in storage, during processing, and while in transit.||”|
|“||[p]reserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.||”|
|“||the obligations of individuals and institutions to use information under their control appropriately once it has been disclosed to them. One observes rules of confidentiality out of respect for and to protect and preserve the privacy of others.||”|
Data[edit | edit source]
Data confidentiality is
|“||(1) how data will be maintained and used by the organization that collected it; (2) what further uses will be made of it; and (3) when individuals will be required to consent to such uses. It includes the protection of data from passive attacks and requires that the information be accessible only for reading by authorized parties. Access can include printing, displaying, and other forms of disclosure, including simply revealing the existence of an object.||”|
|“||[a] service [that] can be used to provide for protection of data from unauthorized disclosure. The data confidentiality service is supported by the authentication framework. It can be used to protect against data interception.||”|
|“||the ability to protect system data (including internal programs) from disclosure to unauthorized individuals or use of data for unauthorized purposes.||”|
|“||[the requirement that] data or information acquired by an agency under a pledge of confidentiality for exclusively statistical purposes shall not be disclosed by an agency in identifiable form, for any use other than an exclusively statistical purpose, except with the informed consent of the respondent.||”|
FISMA[edit | edit source]
Under the Federal Information Security Management Act of 2002, confidentiality means
|“||preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.||”|
General[edit | edit source]
|“||the property that information is not made available or disclosed to unauthorized individuals, entities, or processes.||”|
"A pledge of confidentiality is a promise not to further share information that has already been shared. In commercial environments, this protects privacy because it allows sharing consistent with what a consumer likely wants, and no further. When governments mandate the collection of information, confidentiality rules approximate privacy as well as possible."
Research[edit | edit source]
|“||in the research context involves an agreement in which a research participant makes personal information available to a researcher in an exchange for a promise to use that information only for specified purposes and not to reveal the participant’s identity or any identifiable information to unauthorized third parties.||”|
Contract clause[edit | edit source]
"This language outlines confidential material, knowledge or information that the parties exchange, such as customer PII or company trade secrets. The parties agree not to share further or disclose information obtained under the contract."
References[edit | edit source]
- CNSSI 4009.
- NIST Special Publication 800-33.
- Electricity Subsector Cybersecurity Risk Management Process, at 61; 44 U.S.C. §3542.
- Privacy and Civil Liberties Policy Development Guide and Implementation Templates, App. E, Glossary.
- ITU, "Compendium of Approved ITU-T Security Definitizons," at 15 (Feb. 2003 ed.) (full-text).
- Mobile Medical Applications: Guidance for Industry and Food and Drug Administration Staff, at 59.
- See 44 U.S.C. §3501 note.
- 44 U.S.C. §3542(b)(1)(B).
- ISO 13335-1:2004; 45 C.F.R. §164.304 ("Confidentiality means the property that data or information is not made available or disclosed to unauthorized persons or processes.")
- Framework for Privacy Analysis of Programs, Technologies, and Applications, at 7 n.2.
- Putting People on the Map: Protecting Confidentiality with Linked Social-Spatial Data, at 13.
- Report on Cybersecurity Practices, at 28.