Gathering Personal Information Discreetly

Gathering personal information discreetly means that you are only sharing the bare minimum, via email or other methods of communication. It is best to share in person, behind closed doors, whenever possible.


PII is considered sensitive when it would cause “harm, embarrassment or inconvenience” to an individual or organization if disclosed. Examples include zip code, phone number and date of birth.

3. Give it to the right people at the right time.

If you’re going to reveal confidential information, share it with only the people that absolutely need to know, in person or over secure communication channels. It’s also a good idea to “inoculate” the people you plan to share with over time, by giving them small bits of personal information about themselves and their circumstances at the right times (to build trust).

In order to collect personal data lawfully, businesses need to be transparent about what they are collecting and why (to improve their content or products, tailor advertising, enhance customer service, etc.). However, it can be tricky to do this without invading people’s privacy or making them feel pressured.

This guide is designed to help HSCP partner agencies understand what they can and cannot do in order to fulfil their legal duties to protect and safeguard the public. The guidance does not cover all areas of activity and it is important that each HSCP partner agency seeks to obtain their own assurance that the information they hold is lawfully processed, only disclosed where necessary and is held securely.

4. Give it to the right people at the right place.

In addition to being sensitive to the sensitivity of personal information, you need to be particularly thoughtful about who gets to gather it and at what time. For example, if you physically enter someone’s private space to gather personal information like photographs or data points, you can be held liable for intrusion upon seclusion. So make sure your employees understand the importance of being discreet and how to gather information without violating privacy laws. Similarly, if you send out a survey to gather personal information from customers, be clear and transparent about the purpose of the survey and any planned uses for the data (like personalization of content or offers, developing customer service, etc.).

It’s also good to have a complete inventory of where you keep personal information in your business-including files, computers, mobile devices, home computers, flash drives, disks, and digital copiers. You never know where confidential information might be hiding, and an inventory can help prevent sensitive personal information from falling into the wrong hands. In addition, it’s important to “inoculate” people with whom you plan to share information over time, so that they aren’t shocked when the information is revealed.