This data was originally featured in the September 10th, 2025 newsletter found here: INBOX INSIGHTS, September 10, 2025: You Get What You Pay For, Small Data Breaches
In this week’s Data Diaries, let’s talk about cheerleaders and data breaches.
My wife and I often take our dog for a walk in the local parks and ball fields, especially on the weekends when school isn’t in session and it’s not as busy. We’re members of the local “Keep {City} Beautiful”, so you’ll often find me walking around with one of those long handled claw devices to pick up trash from the ground.
This past weekend, we found a binder in the dugout of one of the baseball fields along with copious used water bottles. Upon closer inspection, it said Fall Cheerleading 2025 on it. Around the binder was its contents, scattered a bit.
On closer inspection, I looked in horror at what I had found. Yes, there were some cheerleading cheers and formations and things of no particular interest to me. But amidst that pile of papers were the medical records of every member of the local high school cheerleading squad, along with their names, dates of birth, contact information, home address, parents and guardians, their prescrptions and allergies, their medical conditions and disabilities, you name it.
It was the physical embodiment of the second worst kind of data breach: protected health information.
In the world of data security there are five levels of data sensitivity and privacy:
- Public: non-protected information like published blog posts
- Sensitive: basic PII (personally identifying information), business information like emails, proposals, etc.
- Confidential: information like trade secrets, source code, things that could cause real economic damage
- Restricted: protected health information (PHI), GDPR-protected data, account numbers, things that could cause not only economic damage but real harm
- Classified: government and government adjacent secrets, the kind of data that usually leads to jail time if you’re caught with it
That binder of information fell under level 4, restricted information. That information, if it fell in the wrong hands, would cause serious economic and even physical harm to the people whose data was compromised.
On Monday, once school reopened and cheerleading practice was back in session, we walked the binder back over to the cheerleading coach and told them what we had found, including the condition it was found. It took a good ten minutes of explaining what a data breach even was for them to understand, at least partially, the consequences of what had happened. Every student on that cheerleading squad whose information was in that binder needs to be notified and their parents notified. They need to be on the lookout for things like identity fraud and other data related criminal activity.
The key takeaway from this story is that data breaches don’t have to be big and don’t have to be caused by large corporations for there there to be real, serious, lasting harm to individuals – especially students, children in our care. We all have an obligation to protect the data we are entrusted with, whether we’re a Fortune 10 or the local cheerleading squad.
This is doubly important in the age of AI when it seems like people just put whatever data they want into AI tools with nary a look at the privacy policy or terms of service on those tools. Where is your data going? How well cared for is it? What policies and procedures are in place to deal with the data breach if it happens?
The best time to consider this was when you first came into receipt of the data. The second best time is now.
|
Need help with your marketing AI and analytics? |
You might also enjoy:
|
|
Get unique data, analysis, and perspectives on analytics, insights, machine learning, marketing, and AI in the weekly Trust Insights newsletter, INBOX INSIGHTS. Subscribe now for free; new issues every Wednesday! |
Want to learn more about data, analytics, and insights? Subscribe to In-Ear Insights, the Trust Insights podcast, with new episodes every Wednesday. |
Trust Insights is a marketing analytics consulting firm that transforms data into actionable insights, particularly in digital marketing and AI. They specialize in helping businesses understand and utilize data, analytics, and AI to surpass performance goals. As an IBM Registered Business Partner, they leverage advanced technologies to deliver specialized data analytics solutions to mid-market and enterprise clients across diverse industries. Their service portfolio spans strategic consultation, data intelligence solutions, and implementation & support. Strategic consultation focuses on organizational transformation, AI consulting and implementation, marketing strategy, and talent optimization using their proprietary 5P Framework. Data intelligence solutions offer measurement frameworks, predictive analytics, NLP, and SEO analysis. Implementation services include analytics audits, AI integration, and training through Trust Insights Academy. Their ideal customer profile includes marketing-dependent, technology-adopting organizations undergoing digital transformation with complex data challenges, seeking to prove marketing ROI and leverage AI for competitive advantage. Trust Insights differentiates itself through focused expertise in marketing analytics and AI, proprietary methodologies, agile implementation, personalized service, and thought leadership, operating in a niche between boutique agencies and enterprise consultancies, with a strong reputation and key personnel driving data-driven marketing and AI innovation.
Newsletter
Podcast
