Recently, during the 2025 NFL Draft, Shedeur Sanders found himself at the center of an unexpected privacy breach – his private telephone number was exposed as part of a so-called “prank.” While it might have been brushed off by some as harmless, incidents like this underscore a much deeper issue: the mishandling of Personally Identifiable Information (PII).

For IT contractors, who are trusted daily with sensitive client and customer data, the Shedeur Sanders situation is a vivid reminder: exposing private information – even unintentionally – can cause real harm.

What Is PII?

PII refers to any information that can be used to identify an individual, either on its own or combined with other data. Examples include:

• Full name
• Home address
• Email address
• Private telephone number
• Social Security number
• Passport or driver’s license number
• IP addresses (in some cases)
• Financial account information

In many jurisdictions (under laws like GDPR, CCPA, and others), even one misplaced piece of PII can have major legal consequences.

Why IT Contractors Must Care About PII

As an IT contractor, you are often given access to systems, databases, and information that clients consider sensitive and protected. Mishandling PII – whether through a prank, a careless mistake, or a security flaw – can lead to:

• Legal trouble: Hefty fines or lawsuits
• Loss of trust: Clients rely on contractors to act responsibly
• Contract violations: Breaches can result in immediate termination
• Career damage: Word travels fast in the contracting community

The Shedeur Sanders situation highlights something IT contractors must always remember: Just because you can access personal information doesn’t mean you should share or expose it.

Common Situations Where IT Contractors Handle PII

• Working on applications that store customer information
• Accessing CRM or HR systems
• Managing backups that include personal data
• Reviewing log files that might inadvertently capture user details
• Assisting with cybersecurity investigations

Sometimes PII shows up where you least expect it – so vigilance is key.

Best Practices for Protecting PII as an IT Contractor

Here are steps every contractor should take seriously:

1. Understand What Counts as PII

Know the definition of PII in every project you touch. When in doubt, treat data cautiously.

2. Minimize Data Exposure

Only view or use the minimum amount of PII necessary to complete your task. Don’t copy, screenshot, or forward private data unless specifically required – and approved.

3. Secure Your Tools

Use encryption, strong passwords, two-factor authentication, and a secure VPN. Never work with client data on an unsecured device or public Wi-Fi.

4. Follow Policies Religiously

Most clients have written security and data privacy policies. If they don’t, advocate for them – and always act with caution.

5. Report Breaches or Near-Misses Immediately

If you accidentally expose or suspect exposure of PII, report it to your client immediately. Fast action can minimize the damage.

Your Reputation Is Your Brand

In the IT contracting world, your professional reputation is everything. Being known as someone who respects and protects sensitive data – including the PII you might stumble across – can make you an invaluable asset to any team.

And remember, privacy “pranks” aren’t harmless. They reveal how easily trust can be broken – and why taking PII seriously is non-negotiable.

Enjoyed this article?

Follow me on Twitter | YouTube | Instagram | LinkedIn for more insights on IT contracting, IT recruiting, and career growth.

Subscribe to my blog to stay updated with the latest tips, strategies, and real-world advice for IT professionals!