Understanding the Link Between Data Privacy and Physical Security

The past year has seen physical security and data privacy intersect like no other. Many businesses and government organizations fell victim to “doxxing campaigns” that exposed their workers to personal attacks, while the killing of the United Healthcare CEO only increased executive safety fears. Ransomware became a battleground for physical safety as well as digital, and journalists, activists, and non-profits became targets for politically and sociologically motivated attacks. 

That leads us to what we want to double down on as this Data Privacy Week comes to an end: Organizations can’t protect their people without actively working to protect their data privacy online. 

Data privacy is a requirement for physical security in the workplace

The majority of online attacks that crossed the boundary into the physical world this past year involved doxxing. 

Doxxing or “dropping docs” on someone is the practice of uncovering their personal information or contact details to then share more widely online. In most cases, this doesn’t require a hacker. The information is already exposed in some form, and all it takes is a Google search or an AI chatbot with poor guardrails to find and spread that information to anyone with malicious intent. 

It’s important to understand that doxxing isn’t just a threat to your employees’ peace of mind. There’s a risk of follow-up attacks involving physical threats like swatting. Swatting is when a perpetrator sends large numbers of police officers to the victims’ home under false pretenses, like a weapon being brandished on the premises. It can lead to false arrests or to physical harm if things get out of hand. 

But beyond doxxing or swatting, one other place where data privacy and physical security strongly intersect today is in the murky world of ransomware. Cybercriminals are stepping up personal threats beyond data exposure. 

In around two out of five cases, they have threatened physical harm to employees or executives if their demands are not met. Those threats can come complete with images of the victims’ homes and sometimes family members as well, thanks to Google Street View, data brokers, and public social media accounts. You can learn more about this risk in our recent article on the connection between data privacy and cybersecurity. 

Ultimately, employees who feel safe and protected at work are more productive, more loyal, and happier. That’s why data privacy must be a priority for organizations, particularly those with a significant risk profile. 

Who is most at risk? 

Every organization’s level of risk is different, and even within one company, some employees may be more exposed than others. However, there are certain industries and professions that are much more likely to face targeted attacks. 

1. Public sector and government agencies

The assassination of Rep. Melissa Hortman and her husband, Mark, was a tragedy that brought the danger faced by political officials and judges even more into the public eye. After the FBI reported that the suspect in the killing had notebooks referencing data broker sites where he apparently found her home address, one thing became clear: exposed personal information is a direct risk for anyone in the public sector. 

This vulnerability extends to judges, high-profile federal workers, law enforcement, and election workers. With primary elections planned for May of this year in the U.S., tensions will only grow, bringing with them a surge of threats against those in the public eye.

Some states are already moving to address these risks through legislation. For example, Daniel’s Law in New Jersey allows covered persons to opt out of having their data shared on government, state, or county-owned websites. However, until such protections become the standard across all 50 states, the onus to ensure workers are protected—and that personal information is removed from the web proactively—falls to the organizations themselves. Make sure you’re aware of any existing tools in your state to reduce risks and improve data privacy across your organization.

2. Healthcare

Hospital workers and private insurance workers alike face a unique barrage of threats this year. The 2024 killing of UnitedHealthcare CEO Brian Thompson and subsequent arrest of Luigi Mangione exposed a disturbing number of individuals who justified violence out of dissatisfaction with the healthcare system. This event served as a massive physical-security-meets-PII case study. 

In the immediate aftermath, social media users published hit lists containing the personal information and salaries of other health insurance executives. The tragedy and its aftermath triggered a direct, real-world shift in how the industry handles public-facing data with several major insurers, including UnitedHealth, CVS, and Elevance Health, scrubbing executive photos, headshots, and detailed professional biographies from their corporate websites to reduce the digital footprint available to potential attackers.

Any personal information shared online can amplify those attacks. Instead of only facing threats at work as many healthcare workers already do, now employees may find themselves the victim of threatening phone calls or letters sent to personal phone numbers and home addresses. Suspicious packages, unwanted deliveries, and doxxing are all additional methods of harassment in which the physical and online boundaries can become more and more blurred. 

To protect workers, start by educating on good social media habits. In general, individuals who are worried about online risk should be cautious of sharing political opinions online. They may want to set social media profiles to private and get their home addresses blurred on Google street view if possible. The less malicious actors have to work with, the lower the risk. Conversely, the more personal data is out there for the world to find, the greater the risk that someone will act on that data. And that means someone could get seriously hurt. 

3. Journalists and media

In 2023, three quarters of women journalists in the UK reported having experienced online harassment and threats that made many of them fear for their safety. With so much inflammatory commentary about the media being shared today across the U.S., it’s likely that the number here is even higher. Political polarization and demonization of the press is commonplace. 

No journalists should have to fear for their lives when they publish an article. DeleteMe is actively working with journalists and others in the media to reduce the risk of threats finding them at home. 

4. Activist groups and non-profits

Activist groups and non-profits are prone to receiving personal attacks, particularly because their workers tend to be active on social media and in the public eye. And by their nature, they may be controversial, potentially alienating or angering one political group or another. 

Regardless of political affiliation, workers shouldn’t have to worry about the safety of their families because of their jobs. While activists may not want to shut down social media profiles or disappear completely from the public eye, sometimes it’s enough to opt out of the most common data brokers so it takes 30 minutes to find their information instead of five. The vast majority of attacks will stop there, because the attacker can always move on to an easier target. 

4. Critical infrastructure

Critical infrastructure employees are the ones who keep the country running, and that’s why they can also become victims of online threats that escalate into the physical world. 

Employees who operate utilities, telecommunications networks, or financial institutions may face harassment, intimidation, or personal threats, all in an attempt to disrupt daily life and work. Exposed home addresses and family details increase risk, while prioritizing data privacy is part of both reducing those risks and ensuring that critical infrastructure remains resilient and prepared against any threat. 

Final thoughts

As Data Privacy Week comes to a close for 2026, one message should carry forward into the rest of the year: Data privacy helps protect employees and public sector officials alike, maintain operational stability across industries, and make sure threats that start online stay online. Businesses that focus on data privacy as a component of both cybersecurity and physical security will be far better prepared for a threat landscape that increasingly blends both worlds.

Learn more: 

• Worried about employee risks this year? DeleteMe’s partners can now use our Risk Scan feature to identify the most at-risk employees and executives. 
• See how DeleteMe has helped protect journalists and other at-risk groups in the past
• Read our tips that can help reduce the risk of cyber threats aimed at your employees