Which concept is about preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information?

Confidentiality is about ensuring information is accessible only to those who are authorized to see it and preventing unauthorized disclosure. It covers protecting personal privacy and proprietary information by applying controls that restrict who can view or share data, such as access controls, authentication, authorization, data classification, and encryption. By keeping sensitive data private—whether it’s a person’s records or a company’s trade secrets—the organization reduces the risk of information leakage and misuse. Availability deals with making sure data and systems are accessible when needed, which is a different objective. Custodian and Data Owner/Controller are roles responsible for implementing and governing protections, but the concept described targets the protection of information from unauthorized access and disclosure itself.