I wouldn’t say so. Example: Someone discovered I contacted AIDS treatment center, however my communication with them has been encrypted so there is no telling what we’ve discussed 🙂 I’d say confidentiality hasn’t been broke but privacy was. What are your thoughts?
2 Answers
Despite what ACloudGuru says, privacy is not the same as confidentiality, or security for that matter. The concept of privacy is the right to ownership to ones personal data; the right to alter it, delete it, review it, etc. The CIA triad is key to enabling, protecting, and allow individuals to control their privacy. I’ve seen legal experts categorize privacy as a right, vs confidentiality which is an agreement. Another piece of evidence that they are different can be found in SSAE 16 – SOC 2 reports. SOC differentiates Privacy and Confidentiality as completely separate elements of an attestation.
No. Confidentiality is a necessary but not sufficient criterion for privacy. Confidentiality can be enforced on a data stream through preventive controls. Privacy, which is fundamentally an agreement between human beings regarding the correct handing of information that has value to one or both parties, cannot be enforced through preventive controls. That is why we continue to have privacy violations dealing with data streams that have excellent confidentiality controls.