You must ask four questions about responsibly managing the private data of others. First, “Do we possess personally identifiable and sensitive information about others?” Second, “If that information were compromised, can harm befall those whose information has been exposed?” Third, “What are we doing to protect that data?” Finally, “When, not if, a breach occurs, how will we react, respond, and recover?” The first may be simple to answer. The second is more difficult and subjective, but necessary. The third is very important and demands an answer, but the fourth is critical and must be addressed. What are your answers?