This is an old revision of the document!
Confidentiality is usually covered by the use of Confidentiality Agreement or Non-Disclosure Agreement (NDA) which defines a set of rules or a promise limiting access or places restrictions on certain types of information. Areas that have legal agreements covering confidentiality are:
As a rule of thumb, it is best to treat all Personal Identifiable Information (PII) as confidential and to secure it (i.e., require authentication and authentication to access the data, log access to the data).
The US nist describe the kinds of data that should be treated as PII1) as:
NIST also identifies information which potentially can be used to identify people: