Skip to main content

Exposing sensitive data

When you expose sensitive data, the consequences can be disastrous, affecting everything from a person’s job to their relationships, to their health and home. Why so serious?

Sensitive data gets its very name from the fact that its exposure could cause harm. Whether the data is only viewed by a limited number of unauthorised persons or made totally public, it’s a big problem. Let’s talk about just what happens when you expose sensitive data.

exposing sensitive data

What happens when you expose sensitive data?

Exposing sensitive data is not a mistake you can undo. Once exposed online, a person’s sensitive data can get compiled with other information about them that is publicly available. For example, on social media, search engines, and public databases. Here are some of the things that can happen when you expose sensitive data:

  • You violate people’s privacy. When you leak someone’s personal information, it violates their privacy and can even put them in danger.  For example, if you leak someone’s social security number or mother’s maiden name they could easily become a victim of identity theft or fraud. Meanwhile, even leaking things as basic as a person’s name, email address, or phone number could put them at risk of unwanted marketing or worse, harassment and stalking.
  • Their money can be stolen. It goes without saying that exposing someone’s credit card information or banking details is unsafe. Financial information that goes online unprotected is an invitation for dishonest characters to use it to rob the person or make unauthorised transactions in their name.
  • They may suffer from profiling, discrimination, and unfair decision-making. Exposing sensitive information can make a person the target of negative stereotypes that block their access to education, employment, housing, healthcare, and more.

Let’s take a little more time to discuss this last point. If you’ve ever had to make a quick decision about a person you don’t know based on a small amount of information about them, congratulations! You profiled them. This happens on first dates, during job interviews, in courtrooms, and beyond. But what if negative information is needlessly thrown into the mix, out of context, and impacts an important decision about the person?

Exposed sensitive data used for unfair profiling

Profiling essentially involves making assumptions about people or predicting their behavior based on their history or characteristics. Making very important decisions based on a limited amount of data about a person is standard practice for banks, insurance companies, landlords, employers, law enforcement, and more. These decisions can affect people’s livelihood, health, relationships, and other key factors to their happiness and well-being.

Certainly, profiling can be useful, legal, and fair in certain contexts. For example, an employer may ask to check someone’s criminal record, with their consent. The person understands why the record is needed, and how it will be used. They provide it willingly. After seeing a clean police record, the employer decides to hire the person.

On the other hand, imagine you accidentally expose personal data about someone else’s physical or mental health. Their future employer sees it. The employer could easily become biased against the person and give the position to someone else. The person becomes the victim of an unfair decision, all because you exposed their personal information.

If you expose additional sensitive information about a person without being authorised to, it could affect decisions made about them for years to come. Here are a few other examples of unfair profiling that could happen if you expose someone’s personal data:

  1. A family is house hunting and they finally find the perfect place. They fill in a rental application and submit it to the landlord. The landlord goes online and finds a negative performance review about the applicant that your company uploaded to the wrong place. He decides not to rent the place to them.
  2. A birth mother has chosen someone as an adoptive parent for her unborn baby. Later, she finds information online that you accidentally leaked about their political beliefs several years ago and she changes her plans.
  3. You run a tour company and a disgruntled employee steals customers’ travel data and puts it out on the public forum. Data he exposes about your customers includes when, where, and with whom they traveled. This affects their employment and relationships for a variety of reasons.

The list could go on. Whether it is applying for school, qualifying for insurance, joining a club, or getting a job or loan; this rule applies: The outcome for a person will often depend on what information decision-makers have about them. That’s why they should be in control of the personal information they provide. Don’t let your company’s mistakes cause someone to lose out on an important opportunity.

Get our Newsletter!

In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.

When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.

How exposing sensitive data can damage a business

Aside from the harm you cause to others when you expose their personal data, a business can also suffer tremendously when it’s sensitive data is made public. Here’s how exposing sensitive data damages your business:

  • Your reputation will suffer. When you expose people’s sensitive data, you lose their trust. News of a data breach spreads quickly, resulting in negative publicity and public perception. Customers, clients, and partners may lose confidence in your ability to protect their data. This can directly affect your business opportunities and cause long-term damage to your brand.
  • You might get a fine or face legal charges. Most countries have data protection laws in place that require organisations to take reasonable measures to safeguard sensitive information. If you cannot prove that you were doing everything you should protect data at the time of the leak, you could be hit with heavy legal actions, regulatory fines, and penalties.
  • It will interrupt your business. Dealing with the aftermath of a sensitive data exposure incident sucks up tons of time and resources. You’ll need to investigate the breach, contain it, notify affected individuals, implement remediation measures, and enhance security protocols. This means operational inefficiencies, productivity losses, and diversion of resources from core business activities.
  • You can lose your competitive advantage. Up until now, we’ve focused on the consequences of leaking other people’s data. But a data leak may also expose your company’s sensitive business information. For example, intellectual property, trade secrets, and proprietary algorithms. This type of confidential information is a key part of your competitive advantage. Its theft or exposure can undermine your company’s ability to innovate, maintain market advantage, and generate revenue.

In short, sensitive data exposure can have severe consequences for your business, directly affecting your finances, reputation, legal compliance, and operational stability. The longer the problem goes on the worse it will be and the more liability for your company. That’s why it’s so important to discover weak points in your security before they cause problems.

Start your GDPR cleanup where it is needed the most

Sensitive data can tends to accumulate in the employees' e-mails. With a GDPR Risk Scan from DataMapper, you get a report that shows any potential GDPR risks in the company's e-mails.

Spot problems that could expose sensitive data

Monitoring your data storage is key if you want to improve compliance and spot problems that could expose sensitive data. Start by creating an inventory of the sensitive data you store. Pay special attention to high-risk sensitive personal data and confidential business data like IP and trade secrets. Check where you store it and who has access to it. Then, look out for potential weak points that could put your most valuable data at risk. Red flags include outdated software, insecure network configurations, and inadequate access controls.

If you would like an easy way to monitor your sensitive data and make sure you do not expose it, try our Data Discovery Tool, DataMapper.

Sebastian Allerelli

Founder & COO at Safe Online
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →

GUIDE

How to handle sensitive personal data

GUIDE

How to find personal data with datamapping tool

GUIDE

How to prepare for a data audit