Confidentiality has been defined by the International Organization for Standardization (ISO) as "ensuring that information is accessible only to those authorized to have access" and is one of the cornerstones of Information security. Confidentiality is one of the design goals for many cryptosystems, made possible in practice by the techniques of modern cryptography.
Confidentiality also refers to an ethical principle associated with several professions (eg, medicine, law, religion, professional psychology, journalism, and others). In ethics, and (in some places) in law and alternative forms of legal dispute resolution such as mediation, some types of communication between a person and one of these professionals are "privileged" and may not be discussed or divulged to third parties. In those jurisdictions in which the law makes provision for such confidentiality, there are usually penalties for its violation.
Confidentiality of information, enforced in an adaptation of the military's classic "need-to-know" principle, forms the cornerstone of information security in today's corporates. The so called 'confidentiality bubble' restricts information flows, with both positive and negative consequences.[1]
Contents |
Lawyers are often required by law to keep confidential anything pertaining to the representation of a client. The duty of confidentiality is much broader than the attorney-client evidentiary privilege, which only covers communications between the attorney and the client.
Both the privilege and the duty serve the purpose of encouraging clients to speak frankly about their cases. This way, lawyers will be able to carry out their duty to provide clients with zealous representation. Otherwise, the opposing side may be able to surprise the lawyer in court with something which he did not know about his client, which makes both lawyer and client look stupid. Also, a distrustful client might hide a relevant fact which he thinks is incriminating, but which a skilled lawyer could turn to the client's advantage (for example, by raising affirmative defenses like self-defense).
However, most jurisdictions have exceptions for situations where the lawyer has reason to believe that the client may kill or seriously injure someone, may cause substantial injury to the financial interest or property of another, or is using (or seeking to use) the lawyer's services to perpetrate a crime or fraud.
In such situations the lawyer has the discretion, but not the obligation, to disclose information designed to prevent the planned action. Most states have a version of this discretionary disclosure rule under Rules of Professional Conduct, Rule 1.6 (or its equivalent).
A few jurisdictions have made this traditionally discretionary duty mandatory. For example, see the New Jersey and Virginia Rules of Professional Conduct, Rule 1.6.
In some jurisdictions the lawyer must try to convince the client to conform his or her conduct to the boundaries of the law before disclosing any otherwise confidential information.
Note that these exceptions generally do not cover crimes that have already occurred, even in extreme cases where murderers have confessed the location of missing bodies to their lawyers but the police are still looking for those bodies. The U.S. Supreme Court and many state supreme courts have affirmed the right of a lawyer to withhold information in such situations. Otherwise, it would be impossible for any criminal defendant to obtain a zealous defense.
California is famous for having one of the strongest duties of confidentiality in the world; its lawyers must protect client confidences at "every peril to himself or herself." Until an amendment in 2004, California lawyers could not breach their duty even if they knew that a client was about to commit murder.
Recent legislation in the UK curtails the confidentiality professionals like lawyers and accountants can maintain at the expense of the state. Accountants, for example, are required to disclose to the state any suspicions of fraudulent accounting and, even, the legitimate use of tax saving schemes if those schemes are not already known to the tax authorities.
The modern English law of confidence stems from the judgment of the Lord Chancellor, Lord Cottenham,[2] in which he restrained the defendant from publishing a catalogue of private etchings made by Queen Victoria and Prince Albert.
However, the jurisprudential basis of confidentiality remained largely unexamined until the case of Saltman Engineering Co. Ltd. v Campbell Engineering Co. Ltd.,[3] in which the Court of Appeal upheld the existence of an equitable doctrine of confidence, independent of contract.
In Coco v A.N.Clark (Engineers) Ltd (1969) R.P.C. 41, Megarry J developed an influential tri-partite analysis of the essential ingredients of the cause of action for breach of confidence: the information must be confidential in quality, it must be imparted so as to import an obligation of confidence, and there must be an unauthorised use of that information to the detriment of the party communicating it.
The law in its then current state of development was authoritatively summarised by Lord Goff in the Spycatcher case.[4] He identified three qualifications limiting the broad general principle that a duty of confidence arose when confidential information came to the knowledge of a person (the confidant) in circumstances where he had notice that the information was confidential, with the effect that it would be just in all the circumstances that he should be precluded from disclosing the information to others. First, once information had entered the public domain, it could no longer be protected as confidential. Secondly, the duty of confidence applied neither to useless information, nor to trivia. Thirdly, the public interest in the preservation of a confidence might be outweighed by a greater public interest favouring disclosure.
The incorporation into domestic law of Article 8 of the European Convention on Human Rights by the Human Rights Act 1998 has since had a profound effect on the development of the English law of confidentiality. Article 8 provides that everyone has the right to respect for his private and family life, his home and his correspondence. In Campbell v MGN Ltd,[5] the House of Lords held that the Daily Mirror had breached Naomi Campbell’s confidentiality rights by publishing reports and pictures of her attendance at Narcotics Anonymous meetings. Although their lordships were divided 3-2 as to the result of the appeal and adopted slightly different formulations of the applicable principles, there was broad agreement that, in confidentiality cases involving issues of privacy, the focus shifted from the nature of the relationship between claimant and defendant to (a) an examination of the nature of the information itself and (b) a balancing exercise between the claimant’s rights under Article 8 and the defendant’s competing rights (for example, under Article 10, to free speech).
It presently remains unclear to what extent and how this judge-led development of a partial law of privacy will impact on the equitable principles of confidentiality as traditionally understood.
The ethical principle of confidentiality requires that information shared by the client with the therapist in the course of treatment is not shared with others. This is important for the therapeutic alliance, as it promotes an environment of trust. However, there are important exceptions to confidentiality, namely where it conflicts with the clinician's duty to warn or duty to protect. This includes instances of suicidal or homicidal ideation, child abuse, elder abuse and dependent adult abuse.