A privacy breach is the term used when sensitive or personal information has been compromised. Any time sensitive, confidential, personally identifiable or protected information is viewed, used or stolen by someone who is not authorized to do so it constitutes a data or privacy breach. A data or privacy breach typically involves any type of personal information including:

  • Personal Health Information (PHI)
  • Personally Identifiable Information (PII)
  • Trade Secrets
  • Intellectual Property

How does a privacy breach occur?

The most common type of privacy breach is when sensitive data is stolen from a corporate network by an attacking hacker. This is not the case every time, but the vast majority of data or privacy breaches occur in this fashion. There are other ways privacy can be breached on a much smaller scale. For instance, if a hospital employee who is not authorized to view patient information inadvertently sees their private information on a fellow employee’s computer screen the patient’s privacy has been breached.

Are there any guidelines to protect against privacy breaches?

There are many different guidelines for industries and government regulations which are designed to protect personal and sensitive information. Inside the corporate environment, there are specific individuals who are allowed to handle, view and use sensitive personally identifiable information such as PIN numbers, credit card numbers, bank account numbers and names and addresses.

In the healthcare environment, HIPAA (Health Insurance Portability and Accountability Act) sets forth regulations on who can see and use personal health information such as name, birth date, health history and social security numbers.

What constitutes a privacy breach?

Any time a person who is not authorized to view or use personal information it constitutes a privacy breach. If an unauthorized person views personal information the healthcare organization or corporation is said to have suffered a privacy or data breach. If the breach is the result of identity theft or is in violation of industry or governmental mandates, the organization can face fines or prosecution.