We often find that ETO users were once Participants themselves! In these instances, Administrators might attempt to protect or limit the access to the user's previous Participant records.
Unfortunately, there is not a way to mark a single Participant as "Confidential".
If the old Participant file and associated data can be removed from ETO completely, then Admins can perform a Delete Fake. Change the Participant's name to Fake and click Delete Fakes. This will delete all demographic, Touchpoint, legacy, and associated data for the Participant.
The second option is to implement Caseload restrictions. Users can be given specific caseloads assignments and their access to ETO can be restricted based on their caseload. This requires that Admins build caseloads for users and set caseload restrictions for those users. Once implemented, the user would only be able to access the data of Participants on their caseload.
There are some other creative solutions to this problem.
Some organizations disguise the Participant data by changing the name on the record.
Some organizations delete all the enrollment history for the Participant and then restrict access to Find Participants. This ensures that lower level users cannot find Participants in the site who have never been enrolled in a program.
Beyond these options, there is not a singular way to limit Participant data access. By default, if the user has access to the program where the Participant was enrolled, they have access to the data.