Confidentiality

Confidentiality has been defined by the International Organization for Standardization (ISO) as "ensuring that information is accessible only to those authorized to have access" and is one of the cornerstones of Information security. Confidentiality is one of the design goals for many cryptosystems, made possible in practice by the techniques of modern cryptography.

Confidentiality also refers to an ethical principle associated with several professions (eg, medicine, law, religion, journalism,…). In ethics, and (in some places) in law and alternative forms of legal dispute resolution such as mediation, some types of communication between a person and one of these professionals are "privileged" and may not be discussed or divulged to third parties. In those jurisdictions in which the law makes provision for such confidentiality, there are usually penalties for its violation.

Confidentiality of information, enforced in an adaptation of military's classic "need-to-know" principle, forms the cornerstone of information security in today's corporates.

Legal confidentiality

Lawyers are often required by law to keep confidential anything pertaining to the representation of a client. The duty of confidentiality is much broader than the attorney-client evidentiary privilege, which only covers communications between the attorney and the client.

Both the privilege and the duty serve the purpose of encouraging clients to speak frankly about their cases. This way, lawyers will be able to carry out their duty to provide clients with zealous representation. Otherwise, the opposing side may be able to surprise the lawyer in court with something which he did not know about his client, which makes both lawyer and client look stupid. Also, a distrustful client might hide a relevant fact which he thinks is incriminating (because it shows motive), but which a skilled lawyer could turn to the client's advantage (for example, by raising affirmative defenses like self-defense.)

However, most jurisdictions have exceptions for situations where the lawyer has reason to believe that the client may kill or seriously injure someone, may cause substantial injury to the financial interest or property of another, or is using (or seeking to use) the lawyer's services to perpetrate a crime or fraud.

In such situations the lawyer has the discretion, but not the obligation, to disclose information designed to prevent the planned action. Most states have a version of this discretionary disclosure rule under Rules of Professional Conduct, Rule 1.6 (or its equivalent.)

A few jurisdictions have made this traditionally discretionary duty mandatory. For example, see the New Jersey and Virginia Rules of Professional Conduct, Rule 1.6.

In some jurisdictions the lawyer must try to convince the client to conform his or her conduct to the boundaries of the law before disclosing any otherwise confidential information.

Note that these exceptions generally do not cover crimes that have already occurred, even in extreme cases where murderers have confessed the location of missing bodies to their lawyers but the police are still looking for those bodies. The U.S. Supreme Court and many state supreme courts have affirmed the right of a lawyer to withhold information in such situations. Otherwise, it would be impossible for any criminal defendant to obtain a zealous defense.

California is famous for having one of the strongest duties of confidentiality in the world; its lawyers must protect client confidences at "every peril to himself or herself." Until an amendment in 2004, California lawyers could not breach their duty even if they knew that a client was about to commit murder.

Recent legislation in the UK curtails the confidentiality professionals like lawyers and accountants can maintain at the expense of the state. Accountants, for example, are required to disclose to the state any suspicions of fraudulent accounting and, even, the legitimate use of tax saving schemes if those schemes are not already known to the tax authorities.

Confidentiality