Data confidentiality is something that most users of networks are involved in every day, but are not aware of.

Imagine the chaos if we all have access to all files across our network. Your colleagues will have access to your personal files and vice versa. Or that all users had access to sensitive data for all projects that are underway.

Sharing information with unintended recipients can cause severe damage such as:

• Legal Damage
• Damage to reputation
• Damage to organizational reputation

There must be a process in place which defines what users can access when it comes to files on the network. Such a process is called Data Confidentiality.

When an employee or contractor arrive at a high security facility, it is very common to have them enter and exit the building through detectors to ensure they aren't carrying unauthorized equipment and once they have cleared security check it a practice to hand them identification tags to gain access. This type of security is designed for several purposes, one of which is to ensure that no one walks out or walks in with restricted media (floppy disks, CD-ROMs, DVD-ROMs, ZIP Disks, Hard Drives, and so on) that could jeopardize the security of the organization.

The ability to share information between users is a sensitive issue for most organizations and the onus of such a decision should lie at higher levels..

The definitive source on how information can be shared can be made available via the Security Policy.

References And Credits:
1 - http://www.iso.org - Guidelines form – ISO 27001