There are a lot of best practices around confidentiality. Most groups have a policy which will basically state that you can’t tell confidential stuff to anyone who does not have the right to hear the news.
The first step of any confidentiality policy is determining whether or not the group has any confidential information. The usual definition of confidential is any personal information that is not available in a phone book or on social media sites such as Facebook.
An organization that does not have any confidential information can post their minutes on their website and not worry.
Most groups have some confidential information – a typical example would be payroll information for their employees.
Once confidential information has been determined, then the rest of the policies can be created.