Thanks for your answers, Brad, and I appreciate that you can only speak for the situation before your leaving.
A lot of what I'm getting at, I guess, is wondering how seriously the privacy policy will be enforced and whether this information will be common knowledge in the office (and thus easily accidentally disclosed) or whether it will be checked by someone and then placed somewhere secure and not generally known by everyone who works in the office.
My concerns are also that security breaches may be swept under the carpet, and ignored or denied as the easier option.
Thank you for the clarification as to Florida law and the likely policy the Foundation would follow if they received a legal request for the information. While I realize that the Foundation may not be in the position of an iron-clad guarantee about anything, I would hope at least that the correct procedure to follow will be decided upon in advance and that the standard procedure include notifying the subject of any subpoena/investigation/discovery if that is possible.
I know under certain circumstances such a notification is prohibited and that the Foundation may not be able to contact someone, but my concern is that if what to do in that circumstance is not considered in advance, policy may be made up on-the-fly in a panic and my experience is that poor decisions are sometimes made in such circumstances.
As I said, my own identity is by no means considered a secret, though my real name is sufficiently frequent that it's not enough to obtain positive identification. I'm asking more out of a feeling that some of these things need to be raised in advance of problems.
Thanks,
-Matt