Confidentiality and privacy
The Privacy Guard
Privacy is about personal data specifically: de-identify by the right method, apply the right regime, and start the breach clock on time.
How the exam words it
- -The stem contrasts privacy with confidentiality and asks which applies, keying on whether the data is personal.
- -It describes masking, pseudonymization, or anonymization and asks which de-identification technique is described or is strongest.
- -It names a regulation and asks its scope, contrasting HIPAA protected health information with GDPR personal data.
- -It asks about a breach-notification deadline or the data-minimization principle.
The playbook
- 1Split the concepts: confidentiality protects any sensitive business data, while privacy governs personal data about individuals and their rights over it.
- 2Rank de-identification: masking hides displayed values, pseudonymization replaces identifiers with reversible tokens, and anonymization irreversibly strips identity (the strongest).
- 3Match the regime to the data: HIPAA covers protected health information held by covered entities, and GDPR covers the personal data of individuals in the EU.
- 4Apply data minimization (collect only what is needed) and meet the notification clock: GDPR requires notifying the supervisory authority within 72 hours of awareness.
The trap
Treating privacy and confidentiality as the same, or calling pseudonymization irreversible. Privacy is specific to personal data, and only anonymization removes identity for good.
How the exam varies it
The same pattern, re-skinned along these axes:
Privacy versus confidentialityDe-identification method: masking, pseudonymization, or anonymizationRegulatory scope (HIPAA versus GDPR) and the breach-notification clock
Drill this pattern
8 questions of The Privacy Guard from across the AUD topics. Clear it by getting 5 right with a streak of 3.