Defining categories of data that are confidential.

The following types (this list is not exhaustive) of information are classed as confidential:

Person-identifiable information is anything that contains the means to identify a person, e.g. name, address, postcode, date of birth, NHS number, National Insurance number etc. Any data or combination of data and other information, which can indirectly identify the person, will also satisfy the definition.


A duty of confidence arises where one person discloses information to another (e.g. patient to clinician) in circumstances where it is reasonable to expect that the information will be held in confidence.

Special categories of personal information (previously known as ‘sensitive’ personal data) as defined by GDPR and the DPA 2018 refers to personal information about:

  • Race or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic and Biometric data
  • Health data
  • Sexual history and/or sexual orientation
  • Criminal convictions data

Non-person-identifiable information can also be classed as confidential such as confidential business information e.g. financial reports; commercially sensitive information e.g. contracts, trade secrets, procurement information, these should also be treated with the same degree of care.

Help us improve

Tell us what's happened so we can fix the problem. Please do not provide any personal, identifiable or sensitive information.


Thanks for the feedback!