Privacy Versus Confidentiality: What Every Business Needs To Know

These days, with all the data privacy concerns, I see some people as either confused or losing sight of the major concerns and misconceptions surrounding privacy. For one, lots of folks confuse “privacy” with “confidentiality.” While they both involve protecting an individual’s information, each requires different business obligations.

One approach is the ethical obligations around each concept, and the other consideration is legal requirements. It’s important to observe both if you want to keep the trust of your clients and customers—plus stay out of the courtroom or crosshairs of the government.

As a top talent agent who is also a media and privacy attorney, business clients ask me about privacy and confidentiality all the time. If you are a business owner who handles private or confidential information, you need to understand the difference to comply with local, state, federal and even international laws.

We grapple with this in the marketing teams at my various firms and with clients’ companies—since even just having a website with cookies or web forms will subject you to major regulation and consequences. The difference breaks down like this:

Confidentiality

Confidentiality is an ethical—and sometimes legal—duty that prevents people from sharing information with third parties. Confidentiality is often associated with professional relationships between individuals and their attorneys, doctors or clergy.

For example, you may have heard the phrases “doctor-client privilege” or “attorney-client privilege.” Doctor-client privilege protects a patient’s private communications with their doctor, while attorney-client privilege protects confidential communications between a client and their lawyer.

Everything you say to your doctors, lawyers and clergy is supposed to remain private, except in extreme circumstances, such as when a client intends to commit a crime or someone is a danger to themselves. This also covers all recorded communications: Written records, email, video and audio.

While confidentiality is mostly an ethical issue, there are laws and penalties for breaching confidentiality. Lawyers can be disbarred, and doctors can lose their medical license.

Private Information

Privacy, on the other hand, is more of a legal issue. It’s based on consumer privacy laws, mostly by the Federal Trade Commission (FTC) and under the U.S. Fourth Amendment, which is the right against unreasonable search and seizure. In practice, it means individuals have a reasonable expectation of privacy and are free of unlawful surveillance or harassment from the government. The FTC extends these protections to individuals and consumers when it comes to businesses and third parties and how certain information is handled.

In terms of business and government, most privacy issues relate to data—and the right of individuals to decide how their personal information is collected, used and shared by third parties. Data can include things like browsing history, location, medical records, financial information and personal communications.

For businesses, it’s important to keep customer data private, or there could be legal repercussions.

Privacy And Compliance Checklist For Businesses

So, what does this mean for your business?

For most businesses, the protection of customer privacy is paramount. This means you need to have a plan on how you will comply with local, state and federal laws—and international laws if you do business internationally.

Basically, this means you should establish a privacy compliance checklist to handle the following privacy issues:

• Data privacy: How will you plan to collect, use, store and share customer data?

• Data security: What robust security measures will you use to protect data from unauthorized access, breach or loss?

• Data minimization: How will you collect only the minimum amount of data necessary for your business operations?

• Consent management: How will you obtain clear and informed consent from customers before collecting or using their personal data?

• Transparency: How will you be transparent about your data practices and inform customers about how their data is used?

• Right to access and correction: How will you permit customers to access and correct personal information stored by your business?

• Right to deletion: How will you comply with requests to delete personal information when it is no longer needed for legitimate purposes?

• Data breach notification: What plan will you have in place to notify customers in case of a data breach?

Remember, confidentiality could be more about being ethical, and privacy is about following the law. However, when it comes to your customers, your business has an ethical—and legal—obligation to protect their private information.

If you do both, you will have happier customers who have more faith and trust in your business.