[hnbad]

HIPAA aside, this is PII under the GDPR and fits the definition of "health information" which (like political affiliations, religion, etc) is given special protections under the GDPR. Typical social media profiles are actually a minefield.

Then again, a ton of practices described in the article are probably blatant violations of the GDPR like scraping LinkedIn to track the titles and job changes of champions. I guess a PII request under the GDPR would include data stored in Salesforce, which would make the result fairly awkward depending on what information sales people decide to keep in there.

Given that I've seen companies having to explain to sales people that they can't just repurpose dodgy e-mail lists for direct sales outreach without having any records suggesting the victi-... err... "prospects" consented to that use, I wouldn't be surprised if most sales teams are violating the GDPR left and right on a daily basis.