Managing Data Confidentiality
Data confidentiality is the protection of data from and about individuals and organizations. It encompasses steps taken to ensure that data is not disclosed without authorization or accessed by unauthorized users. Data confidentiality procedures often include categorizing data according to the amount and type of damage that could be done if disclosed.
Tiered prevention protocols are implemented based on each data confidentiality category. These define specific processes for the settings, devices, and people handling the data as well as the transmission and storage of it. Data confidentiality security measures include:
- Training anyone who touches confidential data
- Hardening facilities, hardware, and software where data resides and travels
- Maintaining records of sensitive data’s movements and who accessed it
- Employing data loss prevention (DLP)
- Endpoint security
By definition, confidential data is not publicly available. Most confidential data is personally identifiable information (PII), but can include a wide variety of other data, such as trade secrets, business plans, and financial information. As related to organizations, confidential data is often subdivided into three categories:
- 1. Employee information
- 2. Management information
- 3. Organization-specific information
Guidelines for Data Confidentiality
A number of principles and legislative requirements bolster data confidentiality policies, standards, and guidelines. To maintain data confidentiality, it is important to understand and apply confidentiality principles, rules, and methods and take precautions to prevent the unintentional release of or unauthorized access to data that could identify people, households, or organizations.
Four Foundational Principles for Data Confidentiality Protocols
- 1. Consistency
- 2. Safety
- 3. Simplicity
- 4. Utility
10 Best Practices to Enable Data Confidentiality
- 1. Close any files containing electronic data when computers will be left unattended.
- 2. Employ role-based security methods to assign and enforce data access levels based on the principle of least privilege.
- 3. Encrypt all confidential data.
- 4. Ensure that anyone who interacts with confidential data has sufficient training in how to handle it.
- 5. Keep access control lists and other file permissions up to date.
- 6. Limit access to only authorized users with two-factor authentication, confidential login credentials and/or biometrics to authenticate users.
- 7. Replace Protected Personally Identifiable Information (PPII) identification codes.
- 8. Restrict access to master code lists or key codes.
- 9. Store all physical copies of confidential data in locked cabinets or rooms.
- 10. Store master lists separately from the data and destroy PII records as soon as they are no longer needed.
Three Types of Data Confidentiality Safeguards
- 1. Administrative safeguards for data confidentiality
- Clearly delineate who does and who does not have access to confidential data
- Define in what ways authorized users may access confidential data
- Minimize the number of places where confidential data is stored and the number of times it is transmitted
- 2. Physical safeguards for data confidentiality
- Secure the physical location of confidential from unauthorized personnel (e.g., locked filing cabinets, secluded interview rooms, private offices)
- Secure any computers that handle confidential data (e.g., use air-gapped computers that have no wired or wireless network interfaces connected to outside networks, disconnect storage devices from networks)
- 3. Technical safeguards for data confidentiality
- Implement appropriate security measures that protect confidential data from unauthorized individuals, loss, theft, or modification
Data Confidentiality in the Cloud
In cloud computing environments, users’ data is stored on remote servers, which may be operated by others and that are accessible through an internet connection. This makes data confidentiality in the cloud a challenge. Proactive steps must be taken to ensure data confidentiality in the cloud and prevent unauthorized access.
To provide data confidentiality in the cloud, service providers offer a range of security solutions. These can range from technology that isolates sensitive data in a protected CPU enclave during processing to encryption services that protect data at rest (e.g., storage media, databases) and data in transit (i.e., moving over a network connection). By implementing these security solutions and enforcing users’ security protocols, data confidentiality in the cloud can be effectively protected.
Data Confidentiality During Data Collection
When research teams are required to collect and maintain PII, data security must be a top priority. Security protocols must be implemented and enforced to ensure data confidentiality during data collection and when it is used and stored.
Requirements for protecting PII and how it will be used for research purposes are specified in the investigator’s agreement with participants. This is also codified in the informed consent forms signed by participants, which includes details about how the PII will be handled, managed, and disseminated as well as how it will be protected from disclosure outside of the research setting or without authorization. For research that engages human subjects, data confidentiality during data collection is overseen by Institutional Review Board (IRB) approval.
A common area of confusion around data confidentiality is anonymity and how the two relate. The difference between anonymity and data confidentiality is as follows.
- Anonymity means that there is no way for anyone, even the research team, to access any PII from study participants, and no PII can be traced back to a subject.
- Data confidentiality means that the participants can be identified, but no one outside the research team can access the PII. Only the researcher knows the participants’ identities, and data management and security measures are established to ensure data confidentiality.
In some cases, PII is linked to subjects using ID numbers or pseudonyms (e.g., for qualitative research). This allows PII to be stored separately from the subject data.
Whether a study is anonymous or confidential, it is important to inform participants about what information will be collected from them and how their identities will be protected. Ideally, this information is included in informed consent forms.
Considerations for Protecting Data Confidentiality During Data Collection
- Are there legal or ethical requirements (e.g., HIPAA)?
- Are there protocols for in-person interviews and focus groups to maintain data confidentiality?
- How will data confidentiality be maintained when PII and data are collected in the field for input later?
- How will researchers protect the confidentiality of diagnostic or genetic information when testing is performed by a third party?
- What data protection protocols are in place to maintain data confidentiality during data collection?
- What information will be held in order to follow up with participants? How long will that information be retained, and what are the procedures for destroying it after it is no longer needed?
- What measures are in place to ensure that only users with authorization access PII and data?
- What steps will be taken to ensure electronic data is protected during data collection? For instance, will participants completing online surveys be advised to close the browser or browser window after completing forms?
- When data collection requires translators or interpreters who are not members of the research team, will non-disclosure agreements be used to protect PII and data?
- Will codes or identification numbers be used to decouple PII and data? If so, how will the master code list be protected to prevent a breach of data confidentiality?
- Will the confidentiality of PII be part of the informed consent form?
- Will data from online surveys be protected in transit?
- Will PII be collected along with the data, or will it be collected and stored separately?
- Will the release of the PII cause the subjects harm?
Data Confidentiality Disclosures
In studies involving humans, researchers are required to tell participants:
- How the information collected from / about them will be used (i.e., the purpose of the study)
- Whether confidential data will be disclosed in reports or publications as part of the research output
- Who will have access to confidential data and the other information collected about them
Additional disclosures that can be helpful for participants include:
- Why the confidential data is necessary for the research
- Retention duration of the confidential data
- What procedures will be put in place to prevent unauthorized access to the research data
Data Confidentiality and Data Analysis
To ensure data confidentiality during data analysis, various methods are used to alter and perturb data before it is released to research teams to be used for analytics.
Technical methods of maintaining data confidentiality are:
- Adding random noise
- Blurring or disguising data
- Data swapping
- De-identification or pseudonymization
- Synthetic data
Operational ways to maintain data confidentiality are:
- Making selected information files available under licensing arrangements with restrictions for data confidentiality
- Permitting only specific online data analysis
- Providing access to detailed data only in controlled environments where the appropriateness of use can be monitored
- Restricting access to authorized individuals who are trained in confidentiality protection
Why Data Confidentiality Is Important
One of the primary drivers for data confidentiality is regulatory compliance. National and international guidelines and regulations set standards for and enforce data confidentiality.
These include the Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability and Accountability Act (HIPAA), and the General Data Protection Regulation (GDPR). Each of these requires organizations to have systems and processes in place to maintain data confidentiality and have the ability to impose stiff fines for compliance failures.
However, beyond meeting compliance requirements, every organization that interacts with sensitive data should prioritize data confidentiality for the simple reason that trust is at the core of all relationships. Customers, research subjects, partners, and vendors alike want to know that their confidential data is safe. Data breaches that compromise data confidentiality do irreparable damage to reputations and brands.
Attending to and investing in data confidentiality not only enables regulatory compliance, but also instills trust in everyone who shares confidential data with that organization. The assurance of data confidentiality has a multiplying effect on the positive perception of an organization.
Egnyte has experts ready to answer your questions. For more than a decade, Egnyte has helped more than 16,000 customers with millions of customers worldwide.
Last Updated: 7th January, 2022