Privacy is a concept that applies to data subjects while confidentiality applies to data.
The concept is defined as follows: “It is the status accorded to data which has been agreed upon between the person or organisation furnishing the data and the organisation receiving it and which describes the degree of protection which will be provided.”.
The right of a party to maintain control over and confidentiality of information about itself. (NISTIR 4734)
Assurance that the confidentiality of, and access to, certain information about an entity is protected. (NIST SP 800-130)
ISO/TS 21089:2018 HEALTH INFORMATICS — TRUSTED END-TO-END INFORMATION FLOWS
security principle that protects individuals from the collection, storage and dissemination of information about themselves and the possible compromises resulting from unauthorized release of that information
right of individuals to keep information about themselves from being disclosed to anyone
Note 1 to entry: Also, freedom from intrusion into the private life or affairs of an individual when that intrusion results from undue or illegal gathering and use of data about that individual and the ability of an individual or group to seclude themselves, or information about themselves, and thereby express themselves selectively.
ISO/TS 14265:2011 HEALTH INFORMATICS – CLASSIFICATION OF PURPOSES FOR PROCESSING PERSONAL HEALTH INFORMATION
freedom from intrusion into the private life or affairs of an individual when that intrusion results from undue or illegal gathering and use of data about that individual
ISO/IEC TR 20547-1:2020 INFORMATION TECHNOLOGY — BIG DATA REFERENCE ARCHITECTURE — PART 1: FRAMEWORK AND APPLICATION PROCESS
right of individuals to control or influence what information related to them may be collected and stored and by whom that information may be disclosed
Security and Privacy Controls
Security controls are “the management, operational, and technical controls (i.e., safeguards or countermeasures) prescribed for a system to protect the confidentiality, integrity, and availability of the system, its components, processes, and data.” (NIST Glossary)
Privacy controls refer to “the administrative, technical, and physical safeguards employed within an organization to satisfy privacy requirements.” (NIST Glossary)