Privacy vs. Confidentiality

'Privacy' is the right of a person to control who has access to their personal information.

 

'Confidentiality' refers to the obligation not to disclose confidential information without the consent of the party disclosing it

 

Privacy is about protecting people and confidentiality is about protecting data.[1]

 

It is important to understand the difference between Privacy and Confidentiality so you know your obligations to protect your business from significant risks and avoid legal consequences for non-compliance.

 

Define Privacy

 

Privacy refers to the right of individuals to control their personal information and prevent access or disclosure to third parties. 

 

Andrew Pickett, Trial Attorney, Andrew Pickett Law, PLLC says Privacy refers to an individual's right to keep their personal information private, away from public view or access. This includes sensitive medical records, financial information, and personal preferences.

 

In the EU, privacy encompasses the right to a private life, autonomy, control over personal information, and the right to be left alone, assumes a central role. Privacy is not merely an individual right but also a recognized social value.

 

We all want to keep certain aspects of our lives private and protect them from disclosure.

 

For instance, financial information, medical history, therapist sessions are some examples that we all like to keep private unless we decide otherwise.

 

 

Your privacy is your

right to prevent others

from accessing your personal information

It is suggested that Privacy can be divided into a number of separate, but related, concepts [2]:

• Information privacy, which involves the establishment of rules governing the collection and handling of personal data such as credit information, and medical and government records. It is also known as ‘data protection’;

• Bodily privacy, which concerns the protection of people’s physical selves against invasive procedures such as genetic tests, drug testing and cavity searches;

• Privacy of communications, which covers the security and privacy of mail, telephones, e-mail and other forms of communication; and

• Territorial privacy, which concerns the setting of limits on intrusion into the domestic and other environments such as the workplace or public space. This includes searches, video surveillance and ID checks

 

In this article, we are primarily concerned with Information privacy i.e. the right of an individual to limit the access to their personal information by third parties.

 

Due to the complexity of technology and the sophistication of data collection practices, it has become more difficult to safeguard our privacy, since so much information is collected without our knowledge.  

For Entrepreneurs: Information Privacy and Security Considerations for Your Business.

 

73% of U.S. consumers said they are more concerned about their data privacy now than they were a few years ago, as per the online survey conducted by SAS

 

• Are you collecting personal information of your customers?

 

If you answer yes to any of the questions below, then you have access to personal information of your customers:

 

 

(a) Online Purchase -  Have customers provided shipping addresses, payment details, and contact information during online purchases on your platform?

(b) User Registration - Does the customer share their email, username and password when creating an account on your platform

(c) Online Survey To Redeem a Gift - Do you conduct a survey and ask for customer’s feedback? If yes, does the customer share their  personal information?

(d) Healthcare Forms - Do you have access to your patient’s medical history and personal details?

(e) Website Cookies - Does your website accept cookies to track your user preferences?

• If yes, here’s a Privacy Checklist for your business:

 

Here’s a ready checklist to follow and ensure privacy compliance:

 

(a) Data Inventory

 

Identify the personal data your business is collecting. Establish clear policies and procedures governing how personal data is collected, processed, and stored. 

 

(b) Guidelines and Employee Training

 

A joint study from Stanford University Professor Jeff Hancock and security firm Tessian revealed that 88 percent of data breach incidents are caused by employee mistakes. It is important to establish policies and educate the employees on

• • Methods used to obtain personal information

  • Nature of information requested

  • Access minimum information required to fulfill the purpose

(c) User Consent

 

Obtain explicit consent of the users / customers before obtaining personal data

 

(d) Privacy Policy

 

Establish a clear privacy policy to communicate your policy on handling of personal data to the  customers, and communicate to the customers

 

(e) Cross-Border Data Transfer

 

If applicable, ensure compliance with regulations regarding the cross-border transfer of personal data.

 

(f) Privacy Impact Assessments

 

Conduct privacy impact assessments for new projects or initiatives to identify and mitigate potential privacy risks

 

(g) Periodic  Audits

 

Conduct regular privacy audits to assess the effectiveness of your privacy program and identify areas for improvement.  According to Dapinder Singh KC, Director at Wilford Smith Solicitors, regular audits and assessments are also pivotal to a healthy privacy compliance processes.

 

(h) Data Retention Policy

 

Establish clear policies for the retention and disposal of personal data, ensuring it is not kept longer than necessary. 

 

(i) Respond to inquiries from data subjects

 

Implement a system to respond to user inquiries about the data you have about them and with whom you share it. [3] To read more about data protection checklist, click here

 

Joseph Harisson, CEO of IT Companies Network and the author of "Top 25 IT KPI Metrics You Should Be Tracking As a Business Owner," leverages his extensive expertise in network support, cybersecurity, and cloud technologies. Here, he outlines the systematic approach he takes to guarantee privacy compliance within his business:

 

 

1. Familiarizing with applicable privacy laws, such as GDPR in Europe or CCPA in California, forms the foundation of my compliance strategy.
   
   

2. Identifying personal data collected, its usage, storage locations, and access permissions through a thorough data audit is paramount.
   
   

3. Establishing stringent data protection policies involves setting clear rules for handling collected data, ensuring strict adherence to legal compliance standards.
   
   

4. Obtaining explicit consent from individuals before collecting their data and maintaining transparency about data usage are fundamental principles in my privacy approach.
   
   

5. Recognizing employees as custodians of sensitive information, I prioritize educating them on the significance of data privacy to mitigate human errors that may lead to breaches.

    

6. Crafting a clear plan for responding to data breaches, including immediate notification procedures, is crucial for effective incident management.
   
   

7. Incorporating regular reviews and updates into my routine ensures continuous alignment with the latest privacy laws and standards, reflecting a commitment to staying ahead in the evolving landscape.
   
   

8. Keeping meticulous records serves as a detailed diary of my data journey, providing invaluable documentation for audits and legal compliance.

 

 

• Consequences of Breach

 

Privacy Compliance is essential to build trust with your customers and for legal compliance.

 

The EU and many other countries now have strict laws for protecting personal data and consequences for breach can result in significant fines for your business.

 

Hence, it is imperative to have implemented measures so you're in compliance with privacy laws.

Define Confidentiality   

 

The term ‘Confidentiality’ means ‘the fact of private information being kept secret’

 

Confidentiality 

is the act of not disclosing information marked confidential 

by the party who shared it with you.

 

In legal terminology,  ‘Confidentiality’ pertains to the obligation to not to disclose confidential information with a third party without consent of the disclosing party.

 

The concept of ‘Confidentiality’ is relevant particularly in case of professional settings such as  business relationships, healthcare, lawyer-client relationships etc.

 

• Patient confidentiality

 

Confidentiality in healthcare means doctors and other healthcare professionals are bound by ethical and legal obligations to keep patient information confidential. 

 

• Business Information

 

Confidentiality in business collaboration arises when two businesses are exploring a collaboration which requires access to certain non-public information of each other’s business in order to determine whether they wish to proceed with the collaboration.

 

Examples of such information include trade secrets, intellectual property, financial data, customer lists, or any proprietary information of the business. 

 

In such scenarios, parties execute a Confidentiality agreement  to define the confidential information, elucidate the obligations of the parties, limit access to such information and lay down the consequences for breach.

 

• Lawyer- Client Confidentiality

 

A lawyer-client privilege protects confidential communications between attorneys and their clients when the communication is for the purpose of providing or obtaining legal advice or assistance.

 

Breaches of confidentiality can have severe consequences, including legal action, hence it is important to be aware of your rights and responsibilities.

For Entrepreneurs: Considerations for handling Confidential Information?

 

• Are you sharing Confidential Information with other Companies?

 

Sharing information about your business often becomes necessary during collaborations, partnerships etc. Examples of Confidential information include proprietary business strategies, financial data, client lists, or product development plans.

 

It is important to exercise caution when sharing such information as it might be confidential and access by a third party might be detrimental to your business. 

 

In this scenario, a Non-Disclosure Agreement (NDA) can be used to legally bind both parties to keep the shared information confidential.

 

Read more about Non-Disclosure Agreements, click here

• Are you receiving Confidential Information?

 

As an entrepreneur, you are often at the receiving end of information that is marked confidential.

 

In the absence of a formal agreement such as NDA, you must establish clear policies for how such information will be handled, managed, and disseminated within your organization.

 

This not only ensures that your team understands the gravity of maintaining confidentiality but also lays the groundwork for trust and ethical business practices.

 

Implementing robust internal protocols for handling confidential information is paramount to safeguarding your business interests and maintaining a reputation built on integrity

 

• Consequences for Breach

 

A breach of confidentiality can have severe consequences, potentially resulting in the loss of trust and damage to one's reputation.

 

For businesses, such breaches may lead to civil lawsuits, where affected parties seek compensation for damages incurred due to the unauthorized disclosure of sensitive information.

 

In cases involving the theft of intellectual property (IP), the repercussions can escalate to criminal lawsuits, with legal authorities pursuing charges against those responsible.

Privacy vs. Confidentiality 

 

Privacy focuses on personal information, while confidentiality extends to any sensitive or confidential information, whether it is personal or not. Additionally, privacy is a legal right, while confidentiality is an ethical obligation. [4]

 

Let’s list the differences between Privacy and Confidentiality:

Feature	Privacy	Confidentiality
Definition	Privacy refers to the right of individuals to control their personal information and prevent access or disclosure to third parties.	Once the confidential information is shared, it is the duty of the party receiving it to protect such information from unauthorized access or  disclosure.
Legal Framework	Privacy laws, such as GDPR, CCPA, and others, set standards for the collection, use, and storage of personal data	Confidentiality agreements and professional codes of conduct provide a legal framework for protecting sensitive information within specific relationships
Examples	Medical records, personal data etc.	Trade secrets,  financial data etc.

 

 

It is vital to navigate the delicate balance between privacy and confidentiality in an age where information flows seamlessly.

 

Individuals must be empowered to control their personal information, while professionals and organizations must uphold their commitment to protecting sensitive data.

 

 

[1] Ben Michael, Attorney, Michael & Associates

[2] D Banisar, Privacy and Human Rights 2000: An International Survey of Privacy Law and Developments Privacy International <www.privacyinternational.org/survey/phr2000/overview.html> at 5 May 2008

[3] Hannah Sanderson is the CEO/Founder of Clever Canadian

[4] Dana Ronald, CEO of Tax Crisis Institute