Discuss about privacy and confidential information and effect ofthe laws pertaining to itIntroductionEvery business must be aware of the types of information that it handles and whetherthis constitutes personal, sensitive personal and/or confidential information, in orderthat it can comply with all applicable legal obligations. The starting point inascertaining such obligations must be to conduct a thorough information audit. Thiswill produce a snapshot of all information processed by a business at any one time.Where possible, this should be carried out by independent auditors but whether this isappropriate will depend upon the size of the business.What is the privacy and confidential information-?Information privacy, or data privacy is the relationship between collection anddissemination of data, technology, the public expectation of privacy, andthe legal and political issues surrounding them.Privacy concerns exist wherever personally identifiable information is collected andstored – in digital form or otherwise. Improper or non-existent disclosure control canbe the root cause for privacy issuesConfidentiality is an ethical principle of discretion associated with the professions,such as medicine, law, psychotherapy. In the field of ethics, law, and mediation, analternative type of legal dispute-resolution, there exist communications between theclient and the professional, which are “privileged” communications that legallycannot be discussed with or divulged to third parties. In business, the confidentialityof information, a mainstream adaptation of the “need to know” principle of themilitary ethic, is basic to the security of corporate information; the employee occupiesa “confidentiality bubble” that restricts the flow of positive and negative informationthat he or she requires to do a job.There are differences between confidentiality and privacy issues.Confidentiality, as it pertains to the triad of information security (confidentiality,integrity and availability), deals with the fact that we need assurances that theinformation being transmitted can be viewed only by the intended recipients.Encryption is a good enabling technology that makes confidentiality possible. Privacy,on the other hand, is the level of confidentiality provided.Corporate users, for instance, have an expectation of privacy, for example, when it
comes to e-mail. That is, they believe that their corporate e-mail account is privateand no one should view their e-mail. In reality, most companies do have a privacypolicy that states effectively that employees e-mail is NOT private and that thecompany has the right to view the employees e-mail at any time.PolicyPrivacy Right and Access to Personal InformationThe right of privacy includes an individual’s right to determine with whom he or shewill share information and to know of and exercise control over collection, use,disclosure, access and retention concerning any information collected about him orher. The right of privacy and consent are essential to the trust and integrity of theclient care or service provider relationship.Information rights include the right of access to records, with limited exception andthe right to request correction of personal information about oneself. Individualsmay formally request access to or correction of personal information by followingproper procedures as outlined in the access to and release of information policies.For example, privacy has become a problem for online customers, since the Internethas become transmission line and repository for privacy information. In thee-commerce environment, security system provider asks customers to provide theirown personal information, but customers have little knowledge about how theirinformation will be used. There is still a lack of standards for privacy protection in theonline environment, by taking the limitations and risks of current Internettechnologies into account.Responsibility for ConfidentialityConfidentiality information will have the necessary quality of confidence where it isof confidential character. All reasonable measures must be taken to ensure thatpersonal information is collected, used and disclosed only in circumstances necessaryand authorized for client care, research, education, or as necessary in the conduct ofthe business of the organization. Use, sharing or disclosure of information must bein accordance with the appropriate legislative authority
standard” for providing secure e-commerce transactions over the Internet.