Retailers may receive requests from other organizations to share information that would identify an individual. Few circumstances legally require a private company to share someone’s health information with the government.
Before you share any information, verify whether the organization, e.g., a health authority, has a legal basis for requesting it, or if they are just asking you to cooperate.
If you do share a person’s information, assess the request carefully. Taking care what information you release, why, and to whom will help you reduce regulatory, litigation and reputational risk. Whether you are legally required to share someone’s personal information or not, documenting how you analyzed privacy considerations in the process of deciding to share that information would be wise. Privacy principles such as accountability, transparency, consent and limiting data collection and sharing still apply. View more legal information