Any information stored in an organisation has to follow the security and confidentiality procedures. Information security and confidentiality is the process where data is kept away from unauthorised access. It applies to both physical and electronic data. All organisations store a large amount of confidential information about their employees, customers ect.. So while handling this information, security and confidentiality procedures have to be followed. There could be serious consequences for an organisation if information falls into the wrong hands. Due to Data Protection, private information must be kept securely to prevent a data breach. Confidential information should have password protection. When sending confidential information provide the password separately from the file. The Data Protection Act also states that information should not be held on to longer than is necessary; this is why organisations have a set length of time that they retain data.