Confidentiality has been defined as the "ensuring that information is accessible only to those authorized to have access" and is one of the cornerstones of information security. Confidentiality also refers to an ethical principle associated with several professions (e.g., medicine, law, religion, professional psychology, and journalism). In ethics, and (in some places) in law and alternative forms of legal dispute resolution such as mediation, some types of communication between a person and one of these professionals are "privileged" and may not be discussed or divulged to third parties.
2. data means information which
(a) is being processed by means of equipment operating automatically in response to instructions given for that purpose,
(b) is recorded with the intention that it should be processed by means of such equipment,
(c) is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system, or
(d) does not fall within paragraph (a), (b) or (c) but forms part of an accessible record as defined by section 68;
3. “processing”, in relation to information or data, means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including—
(a) organisation, adaptation or alteration of the information or data,
(b) retrieval, consultation or use of the information or data,
(c) disclosure of the information or data by transmission, dissemination or otherwise making available
2. Sensitive personal data
In this Act “sensitive personal data” means personal data consisting of information as to—
(a) the racial or ethnic origin of the data subject,
(b) his political opinions,
(c) his religious beliefs or other beliefs of a similar nature,
(d) whether he is a member of a trade union (within the meaning of the [1992 c. 52.] Trade Union and Labour Relations (Consolidation) Act 1992),
(e) his physical or mental health or condition,
(f) his sexual life,
(g) the commission or alleged commission by him of any offence, or
(h) any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.
Confidentiality of Data & Various Legal Aspects:
Confidentiality involves a sense of ‘expressed’ or ‘implied’ basis of an independent equitable principle of confidence. Privacy is the claim of individuals, groups or institutions to determine for themselves when, how and to what extent information about them is communicated to others. Right to privacy is more of an implied obligation. It is the ‘right to let alone.’
Under legal phraseology the issue of confidentiality arises where an obligation of confidence arises between a ‘data collector’ and a ‘data subject.’ This may depend upon facts & circumstances also upon the nature of information disclosed.
Discloser of confidential information may be done under any sphere; it may be in the Medical Profession, Legal Profession and discloser of security of state or military information. Sensitive Personal Data of any individual can be disclosed which may lead to his defamation or some kind of loss in his business etc. This information may be conveyed orally or in writing, it would also include information that is not in military form; i.e. Plans and ideas discussed in informal meetings between the parties. There may be 4 main classes of information covered under breach of confidence; the categories are personal information such as material secrets
There can be a disclosure of trade secrets also; it could be wide range of information. Technical secrets was an issue in Saltman Engineering Case & Court of Appeal upheld the existence of an equitable doctrine of confidence, independent of contract.
In Ansell Rubber Co. Ltd. v. Allied Rubber Industries Pty Ltd . the court protected the information relating to design, construction and operation of machinery. Business secrets was the issue in Rob v. Green .Court in a case of Coco v. AN Clark (Eng.) P. Ltd.  RPC 41 at 47, mention 3 requirements to prove breach of confidentiality:
a). The information is confidential
b). The information is communicated in confidence
c). There must be unauthorized use of the information to the detriment of the plantiff.
Lawyers are often required by law to keep confidential anything pertaining to the representation of a client. However, most jurisdictions have exceptions for situations where the lawyer has reason to believe that the client may kill or seriously injure someone, may cause substantial injury to the financial interest or property of another, or is using (or seeking to use) the lawyer's services to perpetrate a crime or fraud.
In such situations the lawyer has the discretion, but not the obligation, to disclose information designed to prevent the planned action.
Laws Pertaining to Confidentiality of Data:
As the emergence of crimes in cyber space also the laws relating to privacy also getting firm day by day the concept of data protection is also getting its recognisition. The law does not determine what privacy is, but only what situations of privacy will be afforded legal protection. Confidentiality may be covered under law of privacy also, disclosing any one’s confidential information may be his breach of privacy.
Every country has its own privacy laws also now the laws relating to confidentiality of data also enacted by the various countries:
Breach of privacy and Confidentiality under Information Technology Act, 2000
It is significant to note that by enactment of the Information Technology Act, 2000, the Indian Parliament provided a new legal idiom to data protection and privacy. The main principles on data protection and privacy enumerated under the Information Technology Act, 2000 are:
(i) defining ‘data’, ‘computer database’, ‘information’, ‘electronic form’, ‘originator’, ‘addressee’ etc.
(ii) creating civil liability if any person accesses or secures access to computer, computer system or computer network
(iii) creating criminal liability if any person accesses or secures access to computer, computer system or computer network
(iv) declaring any computer, computer system or computer network as a protected system
(v) imposing penalty for breach of confidentiality and privacy
(vi) setting up of hierarchy of regulatory authorities, namely adjudicating officers, the Cyber Regulations Appellate Tribunal etc.
Section 72. Penalty for breach of confidentiality and privacy
Save as otherwise provided in this Act or any other law for the time being in force, any person who, in pursuance of any of the powers conferred under this Act, rules or regulations made thereunder, has secured access to any electronic record, book, register, correspondence, information, document or other material without the consent of the person concerned discloses such electronic record, book, register, correspondence, information, document or other material to any other person shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.
The aforesaid section has a limited application only. It confines itself to the acts and omissions of those persons, who have been conferred powers under this Act, Rules or Regulation made there under.
Section 72 of the Act relates to any person who, in pursuance of any of the powers conferred by the Act or its allied rules and regulations has secured access to any:
i) Electronic record, ii) book, iii) Register, iv) Correspondence, v) Information, vi) Document, or vii) Other material. If such person discloses such electronic record, book, register, correspondence, information, document or other material to any other person, he will be punished with imprisonment for a term, which may extend to two years, or with fine, which may extend to two years, or with fine, which may extend to one lakh rupees, or with both.
This section applies only to person who has gained access to the abovementioned information in pursuance to a power granted under Information Technology Act, its allied rules e.g. a police officer, the Controller etc. it would not apply to disclosure of personal information of a person by a website, by his email service provider etc.
Data Protection Act 1998- United Kingdom:
There is an Act to providing the regulation of the processing of information relating to individuals, including the obtaining, holding, use or disclosure of such information. The Act provides definitions, offences, duties and various data protection principles under its schedules.
Laws for confidentiality in USA:
Four separate laws cover the protection of the confidentiality of individually identifiable information collected by the National Center for Education Statistics (NCES)-the Privacy Act of 1974, the Education Sciences Reform Act of 2002, the USA Patriot Act of 2001, and the E-Government Act of 2002.
Under the Privacy Act, a willful disclosure of individually identifiable data is a misdemeanor, subject to a fine up to $5,000. However, the Privacy Act contains a number of conditions for disclosure that serve as exceptions to the requirement to protect the confidentiality of the data.
Law on Confidentiality by Republic of Lithuania:
On July 17, 1999, the Parliament of the Republic of Lithuania passed the Personal Data Act, which regulates the protection of personal data. There are several acts, which define the data protection requirements in governmental authorities in Lithuania. Also there is a Data Protection Inspectorate in Lithuania, which regulates the abidance of Personal Data Act and other data protection acts and regulations in Lithuania. There is Data Security and Confidentiality Service in Statistics Lithuania, which is responsible for data security in all levels: physical, legal and technological.
consists of seven employees.
There are internal documents, which regulates data protection in the office:
• Annual confidential statistical data protection means plan;
• Data protection on the networks;
• Confidential statistical data protection order on physical level;
• Persistence routine rules;
• Rules for internal network;
• Confidentiality rules for Population and Housing Census 2001;
• Specific regulations on statistical confidentiality.
All questionnaires enclose a note on data security and confidentiality guarantee.
All employees, who work with confidential data, sign a deed of covenant.
Thus, there are various laws enacted by various countries and guidelines can be taken from those.
Various defences could be taken under breach of Confidence:
1. just causa or excuse
In certain case the defendant may be escaped by showing that the breach of confidentiality revels an inequity, such as fraudulent or criminal behaviour on part of the plantiff. The court would also take into account the nature of information reveled and to whom it is disclosed.
2. Legal Compulsion
The plea of legal compulsion could be taken by the defendant. It could be accepted by the court that there was some kind of legal compulsion under which the defendant was bound to disclose the information.
Various remedies available for breach of Confidentiality:
In many breach of confidence cases the plantiff may not be seeking monetary compensation, but would rather keep the information out of public domain altogether. This may be achieved by the court order of injunction either restraining the defendant from doing something or compelling the defendant for doing something.
Account of Profit:
An account of profit is a remedy that strips the defendant the profits made as a result of infringement.
There can be damages claimed and be awarded by the court for breach of contract or for disclosure of the confidential information.
Breach of confidentiality could be covered under the privacy laws, the meaning of the word “confidentiality” and “privacy” are somewhat synonymous. In the legal parlance the issue of confidentiality comes up where an obligation of confidence arises between a ‘data collector’ and a ‘data subject.’ This may flow from a variety of circumstances or in relation to different types of information, which could be employment, medical or financial information. An obligation of confidence gives the data subject the right not to have his information used for other purposes or disclosed without his permission unless there are other overriding reasons in the public interest for this to happen. That is, where an information for a purpose other than that for which it was provided.
# International Organization for Standardization (ISO); also see: “spoken or written in confidence”- Oxford Dictionary-pg-176, Oxford University Press
# Data Protection Act, 1998- Part I, Preliminary: Basic interpretative provisions; available at:
# Data Protection Act, 1998- Part I, Preliminary:
# Sensitive personal data; available at:
# Harvard Law Review. Vol. IV December 15, 1890 No. 5, by Warren and Brandeis; available from:
# data controller” means, subject to subsection (4), a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed- Data Protection Act, 1998- Part I, Preliminary; available at:
# data subject” means an individual who is the subject of personal data- Data Protection Act, 1998- Part I, Preliminary; available at:
# Supra note iv
# Argyll v. Argyll 1i.e plaintiff’s intimate affairs, following an acrimonious separation; available at:
# Saltman Engineering Co. Ltd. v Campbell Engineering Co. Ltd. (1948) 65 R.P.C. 203
# VR 37
#  2 QB 315; also see Survey’s & Mining Ltd. v. Morrission Qd R 470
# New Jersey and Virginia Rules of Professional Conduct, Rule 1.6, available at:
# Available at:
# Available at:
# Available at:
The author can be reached at: email@example.com / Ph no: +91 9711961483