The following types (this list is not exhaustive) of information are classed as confidential:
Person-identifiable information is anything that contains the means to identify a person, e.g. name, address, postcode, date of birth, NHS number, National Insurance number etc. Any data or combination of data and other information, which can indirectly identify the person, will also satisfy the definition.
A duty of confidence arises where one person discloses information to another (e.g. patient to clinician) in circumstances where it is reasonable to expect that the information will be held in confidence.
Special categories of personal information (previously known as ‘sensitive’ personal data) as defined by GDPR and the DPA 2018 refers to personal information about:
- Race or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Trade union membership
- Genetic and Biometric data
- Health data
- Sexual history and/or sexual orientation
- Criminal convictions data
Non-person-identifiable information can also be classed as confidential such as confidential business information e.g. financial reports; commercially sensitive information e.g. contracts, trade secrets, procurement information, these should also be treated with the same degree of care.