Page 64 - CA_165_V2.0_C9_Flipbook
P. 64
Confidentiality refers to keep the data or information secret and allowing only authorised people to
access the information. The same information can be confidential for some individuals whereas non
confidential for another set of individuals.
The following data generally come under confidential category:
l Medical history or records
l Date of birth
l Contact details
l Income status
l Itinerary, celebration photographs of family or friends
It is unethical to popularise information or data which is meant to be confidential. If an individual is part
of an information group whose login and password details are to be kept within a specific set of people
only, then one should avoid leaking that information to others who are outside the group. For example,
if an organisation of fifteen people shares a single user id and password for accessing Internet through
Wi-Fi/broadband, then passing on the details to the sixteenth person without knowledge of the rest of
the team would be considered breach of confidentiality.
Approaches to Protect Confidentiality of Information
To protect sensitive data and ensure its confidentiality, it is essential to implement various best practices.
These practices reduce the risk of unauthorised access and potential breaches:
Access Control Measures: Use strong passwords and multi-factor authentication (MFA) for added
l
security. Apply the least privilege principle, granting access only to authorised individuals. Regularly
update user permissions and implement role-based access controls (RBAC) to limit data access
based on job roles.
l Data Encryption: Encrypt sensitive files, emails, and communication using SSL/TLS and AES. Ensure
end-to-end encryption for secure data transfer and storage.
l Firewall Protection: Use firewalls to block unauthorised access and prevent external attacks.
Regularly update firewall settings to keep pace with emerging security threats. Employ both hardware
and software firewalls for added protection.
l Secure Data Storage and Disposal: Store confidential data in encrypted locations, both physically
and digitally. Securely shared physical documents and wipe digital data before disposal to avoid
leaks.
l Confidentiality Agreements: Implement Non-Disclosure Agreements (NDAs) for employees,
contractors, and third parties handling sensitive data. Ensure confidentiality policies are clearly
defined in employment contracts and service agreements.
Secure Communication Practices: Use encrypted email services and secure messaging platforms to
l
communicate confidential information. For remote access, always use a VPN to protect data in transit.
l Email Handling Best Practices: Avoid opening email attachments or clicking on links from
unknown sources. Verify the authenticity of senders before responding to confidential requests.
Implement spam filters to minimise phishing risks. Regularly update email security settings to
prevent unauthorised access.
62 Touchpad Computer Applications (Ver. 2.0)-IX

