Most organizations in the Digital Age find themselves the custodians of an increasing amount of personal information and/or personal health information. At the same time, privacy breaches are on the rise, and there is a growing number of potential plaintiffs seeking to recoup damages through what is an evolving area of tort law. Not surprisingly, therefore, privacy has become a hot topic on many organizations’ risk management agendas.