When referencing confidentiality, the key to maintaining privacy is only allowing authorized individuals to access information. A user’s access should be categorized based on role-based privileges determined by the administrator. Each user must be held accountable for keeping the information stored and consumed accurately and privately, thus encouraging them to remain accountable for safeguarding that information.

The first issue that may arise when storing electronic information about individuals is the use of a system to exploit information for the purposes of fraud and theft. In an attempt to garner financial gain, inside or outside sources may employ systems to gain lucrative information about another individual. These threats can attempt to gather information in order to carry out a fraudulent transaction. This can be carried out via social media, social engineering, or an Advanced Persistent Threat.

The next issue to consider is a potential security breach. Security breaches can be carried out via attackers, bot network groups, criminal organizations, foreign intelligence, phishers, spammers, malicious code authors, terrorists and spies. The goal of these individuals or groups is to illegally access information to cause damage to or steal information.

A system implementation carried out by a malicious hacker may also be a threat to maintaining confidentiality. Malicious hackers may employ viruses, trojan horses, worms, logic bombs, or ransomware in order to obtain private information from a network. Viruses can be easily spread throughout the network by users increasing the amount of available information to the hacker. Trojan horses disguise themselves in plain sight in order to gain access to information. Worms self replicate throughout systems. Logic bombs are used to garner information at a predisposed time, and ransomware employs the use of code to block information until given a ransom, typically monetary.

Data inaccuracies may also pose an ethical threat to keeping individual electronic information. Insiders may delete, destroy, or alter information within the network or hardwares, entirely. Systems can be purposely crashed, or administrative tasks altered in order to gather private information. It is up to businesses to decide how and when to report these issues to their consumers.