In the law, there is a difference between confidentiality and privacy, and it’s a difference that’s important for both legal history (highlighted by the 20th century focus on the right to privacy in American law, as opposed to a 19th century focus on confidentiality) and contemporary law.

UC Irvine‘s Office of Research Administration quickly summarizes the difference as follows: “Privacy is about people. Confidentiality is about data.” Now, what does that mean?

What is “confidentiality”?
Modern medical research is deeply concerned with both confidentiality and privacy, and federal regulations maintain the distinction between the two. Because of this contemporary concern, the Office of Research Administration at UC Irvine provides a good explanation of confidentiality vs. privacy in the medical context. According to the UCI ORA, confidentiality is focused on information and trust about someone, and deals with the “treatment of information that an individual has disclosed in a relationship of trust.”

The historical meaning is the same, according to Privacy’s Other Path: Recovering the Law of Confidentiality: “Confidentiality focuses on relationships; it involves trusting others to refrain from revealing personal information to unauthorized individuals.” Out of this has grown legal protections for maintaining and validating these important relationships. Such protections include the law of evidentiary privilege (attorney-client privilege, spousal privilege, etc.), fiduciary duty, trade secrets, and even the enforcement of contracts and non-compete agreements.

The law of confidentiality, although well grounded in common law and in statutory law, has found only limited support in the U.S. Constitution, specifically in the right against self-incrimination and the right to due process (both in the Fifth Amendment, then applied to the states via the Fourteenth Amendment) do connect, I think, with the law of confidentiality.

What is “privacy”?

“The right to be left alone–the most comprehensive of rights, and the right most valued by a free people.”
— Supreme Court Justice Louis Brandeis, Olmstead v. U.S., 277 U.S. 438 (1928)

Privacy, turning again to UCI and the contemporary context, is about people, and is about the “control over the extent, timing, and circumstances of sharing oneself (physically, behaviorally, or intellectually) with others.”

Historically, one can look to Samuel Warren and Louis Brandeis’ groundbreaking law review article on the right to privacy, where, in the words of Neil Richards and Daniel Solove, “the goal of privacy protections [was not seen as] enforcing the norms and moralities of relationships but as protecting an ‘inviolate personality’ and the feelings of the individual from injury.”

The right to privacy argued for by Warren and Brandeis’ 1890 law review article has grown into the Constitution since they originally articulated it, according to the Legal Information Institute at Cornell:

The right has developed into a liberty of personal autonomy protected by the 14th amendment. The 1st, 4th, and 5th Amendments also provide some protection of privacy, although in all cases the right is narrowly defined.

Additionally, statutory protections also exist at both the state and federal level:

The Constitutional right of privacy has developed alongside a statutory right of privacy which limits access to personal information. The Federal Trade Commission overwhelmingly enforces this statutory right of privacy, and the rise of privacy policies and privacy statements are evidence of its work.

Unlike the law of confidentiality, the right to privacy has developed deep support in Constitutional interpretation. The Fourth Amendment, prohibiting unreasonable searches and seizures, is the most obvious support, but additional privacy protections are found in the “penumbra” of the Constitution, including the First, Fifth, and Fourteenth Amendments.

I will explore some of the historical impact of this difference in future articles.