What is the confidentiality of the information?
The importance of protecting information and data confidentiality is especially relevant in the information society in which we live. How can individuals and organisations protect their sensitive or critical information? What is confidentiality and how are security measures implemented to ensure it?
What is it?
Confidentiality, in computing, is a fundamental principle of information security that guarantees the necessary level of secrecy of information and its processing, to prevent unauthorised disclosure when it is stored or in transit.
How can data confidentiality be ensured?
The confidentiality of the information is achieved or ensured through the implementation of technical or organisational measures such as:
- Encryption of information that does not allow it to be understood by persons who do not have the necessary passwords/certificates (authorised persons or recipients) even if it is intercepted in transit or the repository where it is stored is reached.
- Control of access to facilities, repositories and systems where the information is located or to the network through which it travels, preventing unauthorised access.
- Formal procedures for classifying information according to its value, sensitivity and legal requirements, and for processing it (what can be done with it and what cannot).
- Training and awareness of people regarding confidentiality and protection of information.
- Formally established (signed) Non-Disclosure Agreements (NDAs) with employees who access and treat confidential information.
Examples of information leaks
Recently, 10 TB of information from the Portuguese electricity company EDP was leaked, demanding EUR 10 million, under threat of leaking the data, in order to return access to its files which were encrypted with a Ransomware attack. Leaks from PlayStation Network, Google+, Cambridge Analytics, etc., have also been high-profile.
Data leaks due to improper handling can cause extensive damage to individuals and groups. Therefore, information confidentiality is considered one of the fundamental pillars of security, along with its availability and reliability.