Confidentialities between client and professional might be less than professional after all. Non-repudiation and confidentiality are not always implemented correctly in the workplaces. If someone hires a lawyer to do some work and the lawyer fails to provide the services he was legally obligated to, what happens next? Well, I will tell you. He is likely to hide behind confidentiality and disclaim his client's requests. Facts are, many of the jails in our country still rely on written communications. There isn't always an official process to "prove" that you have been telling your lawyer to submit evidence over and over. Or that you need him to file paperwork. Confidentiality becomes a curtain which is shut on the client. Auditing these communications is necessary for the enforcement of a client's rights, however confidentiality is preached in an illegal way. It is used to prevent auditing from administrating departments that likely lack the education in the cybersecurity, computer science, law, and other relevant fields which are required to fill this tremendous responsibility. How does America open the curtain for justice again? It's a question I would like this community to work on?
You are probably asking too much of the relatively simple and pure principle of confidentiality in the context of information security, and applying it to a bad service provider. Confidentiality doesn’t just stand on its own however.
That’s why it’s important to have good SLAs with your service provider independently backed by contracts that are legal and enforceable in your jurisdictions of business, and have an independent mechanism for tracking performance.
Sure your contract should be confidential between you and your lawyer, however you should ensure it is available to you, and the document has its integrity preserved.
One way of doing this could be Qualified Digital Signatures, especially if you are in Germany.
You’ll need to talk to your dodgy lawyer about justice I’m afraid…
@franklim1990. Context is very important here, Confidentiality may be required to meet legislative requirements - such as The Official Secrets Act 1911 within UK for instance, which has very strict controls about the usage of Official Information and many other nations will have similar legislation.
If you are talking Commercial Confidentiality, then back to agreed contracts and policies with the organisation itself, plus the terms of employment with the employees as well..
You will have to be very selective and careful on how wide a scope you set for this conversation, there are many factors at work here, both at a national and contractual law perspective as well as Privacy Acts as well.
But if an employee, feeds the organisations confidential information into an public AI, this problems goes away indefinitely, because it becomes public knowledge - which is another factor one will have to deal with as well. Then you have a problem with whether the organisation can remain trusted, and with known integrity or even whether it would have to be liquidated.
Regards
Caute_Cautim