A “privacy case” is any situation where a person’s personal or sensitive information is involved in a way that affects their right to keep it from being exposed, accessed, or used without proper authorization or consent.

Because you asked “which of the following is always a privacy case?” but did not list any options, I can’t point to a specific one from a set. Instead, here’s a quick way to recognize what is always a privacy case:

What is always a privacy case?

A situation is always a privacy case when it involves:

  • Identifiable personal data (like name, contact details, ID numbers, financial details, health data) being accessed, viewed, changed, or shared without proper permission.
  • Sensitive categories of information (health conditions, sexual life, mental health, intimate body parts, HIV or other serious infections) where disclosure or mishandling can reasonably be seen as highly intrusive.
  • Any risk of loss, unauthorized access, or alteration of a person’s data that could cause harm or distress to that person.

An example: if an employee’s medical record is emailed to the wrong person, that is always a privacy case, because it exposes sensitive, identifiable information to someone who should not have it.

How to decide in a multiple‑choice question

If you are looking at options like:

  • “Losing an encrypted laptop with no way to link data to a person”
  • “Posting a patient’s name and diagnosis on a public board”
  • “Aggregated, fully anonymized statistics about customers”
  • “A system outage with no data exposure”

Then the one that is always a privacy case is the one that clearly includes identifiable personal information being exposed, used, or at risk (for example, posting a patient’s name and diagnosis).

If you share the answer choices, I can tell you exactly which one qualifies as “always a privacy case” and why.