The IT Law Wiki


Computer security[]

Confidentiality is

assurance that information is not disclosed to unauthorized persons, processes, or devices.[1]
the requirement that private or confidential information not be disclosed to unauthorized individuals. Confidentiality protection applies to data in storage, during processing, and while in transit.[2]
[p]reserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.[3]
the obligations of individuals and institutions to use information under their control appropriately once it has been disclosed to them. One observes rules of confidentiality out of respect for and to protect and preserve the privacy of others.[4]


Data confidentiality is

(1) how data will be maintained and used by the organization that collected it; (2) what further uses will be made of it; and (3) when individuals will be required to consent to such uses. It includes the protection of data from passive attacks and requires that the information be accessible only for reading by authorized parties. Access can include printing, displaying, and other forms of disclosure, including simply revealing the existence of an object.
[a] service [that] can be used to provide for protection of data from unauthorized disclosure. The data confidentiality service is supported by the authentication framework. It can be used to protect against data interception.[5]
the ability to protect system data (including internal programs) from disclosure to unauthorized individuals or use of data for unauthorized purposes.[6]
[the requirement that] data or information acquired by an agency under a pledge of confidentiality for exclusively statistical purposes shall not be disclosed by an agency in identifiable form, for any use other than an exclusively statistical purpose, except with the informed consent of the respondent.[7]


Under the Federal Information Security Management Act of 2002, confidentiality means

preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.[8]

A loss of confidentiality is the unauthorized disclosure of information.


Confidentiality refers to "the nondisclosure of information beyond an authorized group of people."

Confidentiality is

the property that information is not made available or disclosed to unauthorized individuals, entities, or processes.[9]

"A pledge of confidentiality is a promise not to further share information that has already been shared. In commercial environments, this protects privacy because it allows sharing consistent with what a consumer likely wants, and no further. When governments mandate the collection of information, confidentiality rules approximate privacy as well as possible."[10]



in the research context involves an agreement in which a research participant makes personal information available to a researcher in an exchange for a promise to use that information only for specified purposes and not to reveal the participant’s identity or any identifiable information to unauthorized third parties.[11]

Contract clause[]

"This language outlines confidential material, knowledge or information that the parties exchange, such as customer PII or company trade secrets. The parties agree not to share further or disclose information obtained under the contract."[12]


See also[]