Data confidentiality is a principle that ensures information is protected from unauthorized access, use, disclosure, or distribution. This is especially important when working with personal or sensitive data, where mistakes can lead to data leaks and legal consequences.

In the context of data annotation, this means:

• Access on a Need-to-Know Basis
  Annotators should only access the data necessary for completing their tasks. They must not share this data with others or use it outside the scope of the project.
  
• Limiting Distribution
  Data—especially if it includes human faces, addresses, numbers, or internal documents—must not be copied, published, or used for unrelated purposes.
  
• Compliance with Non-Disclosure Agreements (NDAs)
  Many projects include agreements requiring annotators to keep information confidential. Violating such agreements can lead to serious consequences.
  

Why Data Confidentiality Matters for Annotators

Legal Responsibility‍

Annotators working with personal or sensitive data may be held accountable for any leaks. If annotation is conducted under a contract or NDA, breaches of confidentiality may result in fines, termination, and legal action from the client.

Professional Reputation‍

A data leak caused by an annotator can seriously damage their reputation as a professional:

1. the client may choose not to work with them again,
   
2. the information may be shared with other employers or platforms,
   
3. access to new projects—especially confidential or high-paying ones—may be restricted.
   

Violation of Professional Ethics‍

Data annotation requires precision and responsibility. Leaks undermine trust from:

1. the client who provided the materials,
   
2. the team that expects mutual rule-following,
   
3. the individuals depicted in the data (e.g., photos or videos of people).

Impact on Career Growth

Responsible handling of data is a key indicator of a mature professional. Annotators who strictly follow confidentiality rules:

1. gain access to more complex and restricted projects,
   
2. may be promoted to validator or team lead roles,
   
3. are more likely to receive referrals.
   

Maintaining confidentiality is not just a formality. It’s the foundation of trust in the annotation profession, a way to protect yourself and your team from complications, and a chance to demonstrate competence and reliability.

What Kind of Data Is Considered Confidential in Annotation?

Confidential data refers to information that must not be disclosed, copied, used outside the project, or shared with third parties. Such data may involve both personal and commercial secrecy.

Main types of confidential data in annotation projects:

1. Personal Data
   Information that can directly or indirectly identify a person, including:
   
   • faces in photos or videos,
     
   • passport information, phone numbers, addresses,
     
   • name tags, badges, license plates,
     
   • voice recordings.
     
     
2. Medical and Biometric Information
   Projects involving medical images or biometric data (e.g., facial scans, iris scans, fingerprints) require special caution:
   
   • such data is protected by law (e.g., HIPAA, GDPR),
     
   • even anonymized images can be sensitive.
     
     
3. Internal Company Data
   Information related to internal processes, technologies, or logistics:
   
   • footage from factory cameras,
     
   • software interfaces, databases, diagrams,
     
   • blueprints, device screens, workplace documents.
     
     
4. Data Related to Secured Facilities or Restricted Areas
   
   • building plans, secured zones, security systems,
     
   • location of surveillance cameras or guards,
     
   • license plates of service vehicles.
     
     
5. Commercial and Intellectual Property
   
   • product prototypes, logos, project names,
     
   • documents marked as “confidential” or “internal use only,”
     
   • elements not yet released to the public (e.g., products in development).

Important to Remember: Even if the data "doesn’t seem important," it might still be confidential. If you’re unsure, it’s always best to consult your team lead or project manager for guidance on handling specific types of data.

How Annotators Can Ensure Data Confidentiality

1. Work Only in a Trusted Environment
   
   • Use only official accounts and devices approved for the project.
     
   • Do not download or store data on personal phones, laptops, or USB drives unless explicitly allowed.
     
   • Avoid working in public places (cafés, co-working spaces), especially with open Wi-Fi networks.
     
     
2. Do Not Take Screenshots or Record the Screen for Personal Use
   Annotators are strictly prohibited from saving images, videos, or parts of the project interface on their devices for personal purposes — this may lead to a data breach. Screenshots are allowed only with the team lead's permission and strictly for work-related needs, such as asking a question or reporting an error. Always use official project communication channels for this.
   
   
3. Do Not Discuss Data Outside the Work Environment
   
   • Never share images or links in personal chats, Telegram, Discord, etc.
     
   • Do not discuss project content with friends, family, or annotators not involved in your project.
     
     
4. Follow the NDA (Non-Disclosure Agreement)
   
   • If you signed an NDA, follow its terms precisely.
     
   • Even after the project ends, you are obligated to keep the information confidential.
     
     
5. Use Corporate Tools Only
   
   • Work within official platforms, such as CVAT.
     
   • You are granted access to the task only through specific platforms. Downloading data and annotating it outside the system is strictly forbidden. All work must be done within the official project environment.
     
   • All discussions should take place only in work-related chats — Telegram groups, Slack channels, or other official communication tools.
     
     
6. Do Not Use Project Materials in Your Portfolio
   
   • Do not post data or annotation screenshots in your resume, social media, or public profiles.
     
   • If you need to showcase your experience, use anonymized and pre-approved examples.
     

What to Do If You Suspect a Data Leak

1. Report It Immediately to the Responsible Person
   If you notice something suspicious — such as unauthorized access, unknown copies of data, or unethical behavior from a team member — report it immediately to your team lead or project manager. The sooner the leadership is informed, the more effective and timely the response can be.
   
   
2. Do Not Try to Fix the Situation on Your Own
   Attempting to "fix" or delete files yourself can make things worse. This may result in:
   
   • deletion of important evidence,
     
   • disruption of the investigation process,
     
   • escalation of the data breach.
     Wait for instructions from your manager or the security team.
     
     
3. Pause Work with Suspicious Data or Devices
   If you suspect that a file, platform, or device might be compromised, stop working with it until you receive further clarification. This can help prevent the spread of confidential information.
   
   
4. Maintain Confidentiality While Discussing the Incident
   Do not share details about the suspected breach outside of the small group responsible for project security. Avoid discussing it in public chats, social media, or messaging apps. This helps prevent panic, rumors, and unauthorized data exposure.
   
   
5. Cooperate with the Investigation
   If an internal investigation is initiated, fully cooperate and provide any necessary information — such as access logs, details of your work with the data, etc. This will help identify the source of the problem and take corrective action faster.
   

Why Is Proper Response Important?

• Quick action helps minimize damage and prevents similar incidents in the future.
  
• Following protocol maintains client trust and the team’s reputation.
  
• Correct behavior ensures compliance with laws and the company's internal policies.

Legal Aspects of Data Confidentiality for Annotators: USA and Europe

Modern data annotation requires strict compliance with privacy regulations, especially when handling personal or sensitive information. Annotators working with projects from the US or Europe must understand the core legal frameworks governing data protection to avoid serious legal consequences and ensure data security.

Europe — General Data Protection Regulation (GDPR)

What is GDPR?‍

The General Data Protection Regulation (GDPR) is the main data protection law in the European Union. Enforced since 2018, it is one of the strictest privacy laws in the world.

Examples of data considered confidential under GDPR:

• Photos and videos with recognizable faces — these are biometric data.
  
• IP addresses and cookies, if they can be used to identify a user.
  
• Voice recordings — even short clips may qualify as personal data.
  
• Medical records — including scans, diagnoses, and prescriptions.
  
• Automated user profiles — such as classifications based on interests or behavior.
  

What annotators need to know:

• Even if a person in a video is not named, if they are recognizable, it qualifies as personal data.
  
• GDPR requires anonymization or pseudonymization of data before processing.
  
• Annotators may not use data outside the project — not even for portfolios or training purposes.
  

United States — Sector-Specific and State-Level Regulations

Unlike the EU, the US does not have a single, unified law like GDPR. Instead, it follows industry-specific and state-level regulations.

HIPAA (Health Insurance Portability and Accountability Act)

Who is covered?‍

Medical institutions and anyone handling health-related data.

What is considered confidential?

• Patient names
  
• Medical images (e.g., MRI, X-rays)
  
• Medical record numbers
  
• Photos where a patient can be identified
  

For annotators:‍

If you work with medical imagery from the US, you must hide or ignore any personal identifiers.

COPPA (Children’s Online Privacy Protection Act)

Who is covered?‍

Anyone collecting data from children under 13 years old.

Examples of confidential data:

• A child's face in a photo or video
  
• Their voice, name, or location
  
• Any account activity related to a child
  

For annotators:‍

Be especially careful when working with children's data. Such data almost always require parental consent and enhanced protection.

California Consumer Privacy Act (CCPA) and CPRA

What is protected?‍

Personal data of all California residents.

Examples:

• Names, email addresses
  
• Geolocation
  
• Online purchase and behavior data
  
• Biometric information
  

User rights under CCPA/CPRA:

• Know what data is collected
  
• Opt out of data selling
  
• Request deletion of their data
  

For annotators:‍

If your project involves users from California, it is critical not to store, share, or replicate data unnecessarily.

Key Takeaways for Annotators

• It doesn’t matter where you are located — what matters is where the data originates.
  
• If you process data from EU citizens, you are required to follow GDPR.
  
• If you work with US-based data, make sure you understand the relevant sectoral and state-level regulations.
  
• Security and confidentiality are not optional — they are core professional responsibilities.
  

Data Breaches: Real Cases and Consequences

Heart of England NHS Foundation Trust Employee‍

An employee accessed medical records of 14 individuals, including family and friends, without authorization. She was found guilty of violating the UK Data Protection Act and fined £1,000, plus court costs.

RAC Employee‍

An employee unlawfully collected and passed client data to third parties, which led to unwanted phone calls. She received an 8-month suspended prison sentence and was ordered to pay £25,000.

Carlos Lopez & Associates Employee‍

An employee accidentally emailed a spreadsheet with personal data of 130 current and former employees, including Social Security numbers and addresses, to 65 colleagues. Despite no proven misuse, three victims filed a class-action lawsuit claiming risk of identity theft. The court ruled that even potential harm is grounds for legal action.

WM Morrison Supermarkets Data Leak‍

In 2014, an internal audit employee working remotely copied and leaked personal data of nearly 100,000 employees on a public file-sharing platform. He was sentenced to 8 years in prison. The company also faced a collective lawsuit from affected employees.

These cases underscore the importance of following security protocols and raising awareness among team members. Unauthorized access — even accidental — can lead to severe consequences.

Conclusion

In today’s world, data confidentiality is not just a legal requirement but a fundamental part of professional ethics and safe information handling.

For annotators, following confidentiality rules is essential — it protects not only sensitive and commercial data but also your own professional reputation and that of your team and organization. Understanding the types of confidential data, working with discipline, and knowing key legal frameworks such as GDPR and HIPAA help minimize risks of data breaches and legal liability. Real-life cases show that even unintentional mistakes can result in serious sanctions and damage. Paying careful attention to confidentiality is the foundation of a successful, secure annotation career — and the key to earning client trust and long-term professional growth.

‍