hello,
this is a common issue with DLP as you cannot use exclusion rule to do this, because they are excluding all document or all message from detection. I hope one day symantec will add an operator in rule definition so we will be able to strictly define i want this keyword but not this one.
Whatever, you can do what you want in different way, from my point of view the simplest one is to define your detection rule as a regexp which will look for confidential but not with otherwise in front or information after. I did this sometimes to look for customer email address to exclude common internet email domain from detection rule. May be you can use a data identifier too looking for your pattern and excluding other patterns.
Contact me via MP or email if you need more information.
Regards.