What is it?
Confidentiality simply means to protecting personal information, with access being limited to those who have the authorization to access it.
The CIA Triad
Confidentiality is one of the 3 key fundamentals along with Availability and Integrity of The CIA Triad, which states that only the individuals and systems that have authorization may have access to the Assets (in this case, referring to anything that has value to a person or organisation) with a legitimate reason or right for access
Who is chosen for authorization?
There are many ways that a system or person can be chosen to have access to Assets, many of them can be found in Controls however a common is a role-based system where those with the highest roles have more access to Assets compared to those that are lesser down in the hierarchy.
Case Study - London Sexual Health Leak 2015
During 2015, a London based sexual health centre had leaked the details of over 800 people who had attended HIV clinics, this was done via a group email (where all members of the group had access to everyone’s details) rather than using Blind Carbon Copy where emails can be sent to others without letting them know who received it
This severely broke confidentiality as critical personal information had leaked which could have disastrous effects on both the business and individuals affected.