[nickff]

Those facts (STD test result and banking history) are protected by laws and private agreements which restrict your counter-parties; my understanding is that if some third party somehow learns those facts, they can do basically whatever they want with them (aside from blackmail).

[bosie]

are you saying that if i happen to stumble onto a data leak of those private facts, i can use them to create a non-blackmailing (non-profit?) business?

[warkdarrior]

IANAL, but if you "stumble" onto data that is legally published, then you are free to use it in your business. It is on you to check that you are obtaining the data in a legal manner.

[johnisgood]

What if it was not intended to be legally published, but you still got access to it because they could not protect it well?

Someone I know actually got access to some stuff this way before; got access to a gold mine that was supposed to be private but someone misconfigured the webserver.

[chrismcb]

In the US, once a secret is out, it is no longer a secret. The person who originally disseminated the secret might be punished, but subsequent use wouldn't be. Facts aren't protected by copyright, they are typically just secrets. Your medical history is secret, and protected by law that would punish the person releasing them. But once released there isn't much you can do about it.

[colejohnson66]

Using a somewhat relevant real world analogy: if I go into a house that should’ve been locked (but wasn’t), and I know I don’t have a right to be there, I can’t argue what I did was legal. It’s the same thing with computers: you can’t use[a] data you don’t have a right to use.

[a]: legally use

[triceratops]

What if you see an open door with gold coins inside? Same answer.

The most you can do is inform the owner that their data isn't protected. And even that, unfairly IMO, is legally dicey.

[bosie]

if by legally published you mean that the publisher got a legally binding agreement with the patients to publish those 'facts', sure.

but the parent was not putting constraints on how i obtain it ('somehow learns those facts'). if the publisher makes a mistake and i hit the URL and the data is automatically downloaded, i didn't do anything wrong. doubt i can then just use that information though?

[remus]

The law varies a lot around the world, but in the UK at least you need a lawful basis for collecting, storing and processing information like that (in the GDPR lingo, special category data). Unless you had very explicit permission from the individual I think you'd be hard pressed to demonstrate you had a lawful basis for collecting the information, as it would almost certainly not have been purposefully made available.

[nickff]

IANAL, but you can definitely gossip, and I think you can generally create a business based on selling the data (though you may be subject to some state laws).