Having an experience at the moment which just illustrates how different people have a different view on privacy.
The voluntary work I do, it gives me a very limited access to client’s details. Name and phone number, mostly. The charity take data privacy very seriously, in fact the rules have been written into one law or another for almost forty years now. So, basically, I have to be very careful about saying anything which might disclose a client’s identity. Even when I send an email to staff at the exact same charity, just because the nature of email means that it flies across the (very public) ether.
For my part, I’m very conscious to make sure that any client-specific data stays at the charity’s office, just because it offers a degree of protection for me if there ever is a data breach. Indeed, that’s the overriding reason for going into their office to do my work, rather than doing it from the comfort of my sofa.
So, both the charity and I take Data Protection very seriously.
Let’s put that to one side for a moment. Last week, I contacted an organisation (on behalf of one of the charity’s clients, as it happens). I suppose the organisation is more kind-of community-based, certainly not out to make a profit. I think they have a .org.uk web site, if that means anything to you.
The enquiry was quite general in nature, just to get their contact details, so my client could phone somebody up and confirm the date and time of the next gathering, etc. I made the initial enquiry just via social media. Somebody – I’m guessing a member of this organisation – sent some details to me, along with what was presumably their home phone number. Not asked for, beyond a general “contact info” request. Bear in mind that, apart from having a name on social media (which may or may not be my real name) I was a perfect stranger.
I don’t wish to judge but there is a difference going on here. Perhaps because of the work I’ve done, both in the charity sector and previously in IT, I’m more clued up than most? Certainly, I’m aware of the statutes. As a rule of thumb, I avoid disclosing anything that might be used to identify a client. I use generics like “a man in his 60s”, but not really anything more specific. That could probably only narrow down someone’s identity to a few million! The get-out clause here is if the client discloses their own data to someone, but certainly I’m not allowed to disclose it on their behalf. But all the rules make perfect sense, because our information has value to other people. It’s funny because you often see things on social media offering their service (a game usually( for “free” (i.e. no money involved), in return for your data. People aren’t supposed to realise that their information, too, has a value. So, in my scenario, I wonder whether the responder was aware of what they were giving away? Presumably, they are just a private (albeit very helpful) individual, who hasn’t necessarily been exposed to all these rules and regulations.?
Fortunately it ended well in the end. An “official” representative of the organisation got in touch, with “official” contact details. So the information supplied by my first responder got instantly deleted, with no harm done. I’m more comfortable with that anyway – I’m not really happy even to have known this information, even temporarily, it feels far more satisfactory to know that I have a number that they are happy to be distributed to our clients.