Engaging in risky actions in public spaces increases the likelihood of data theft or eavesdropping

There are several well-documented real-life examples of discussing sensitive information in public that led to the breach of personally identifiable information or a fouled commercial transaction. Here are a couple of them and some tips on how you might avoid falling foul of this extant risk.

Case study: A healthcare data breach

In 2017, a group of hospital employees in a public cafeteria was overheard discussing a patient’s private medical details, including their diagnosis and treatment plan. A nearby individual recorded the conversation and later reported it. This breach led to the hospital facing regulatory scrutiny under the Health Insurance Portability and Accountability Act (HIPAA) in the United States. The organization had to pay fines and implement stricter privacy training.

Why it happened

• Public environment. The discussion took place in a public area where anyone could overhear.
• Unawareness or negligence. The employees likely underestimated the risk of being overheard.

Consequences

• Confidentiality breach. Damage to the patient’s privacy.
• Fines. Legal and financial penalties for the organisation.
• Perception. Reputational harm to the healthcare provider.

Lessons learned

This example highlights the critical importance of being cautious about discussing sensitive information in public or unsecured environments.

Case Study: Goldman Sachs Subway Incident (2009)

In 2009, an employee of Goldman Sachs was overheard on a New York City subway discussing confidential details about a potential acquisition. The information included the companies involved and the terms of the deal. A nearby passenger, a financial journalist, overheard the conversation and reported it publicly.

Why it happened

• Public setting. The employee failed to account for the risks of discussing sensitive topics in a crowded, public environment.
• Lack of discretion. The conversation was conducted loudly enough for others to overhear.

Consequences

• Market impact. Public disclosure of the deal could have disrupted negotiations or influenced stock prices.
• Reputational damage. The incident reflected poorly on Goldman Sachs, raising concerns about its internal security practices.
• Policy changes. It led to increased emphasis on discretion and security in the handling of sensitive information, including reminders to avoid public discussions.

Lessons learned

This incident highlights the importance of enforcing strict confidentiality policies, particularly in financial services, where insider information can have significant market implications.