Remember to conduct yourself internally assuming you will have a public audience. Because someday you might.
Was recently discussing a legal retention requirement in company chat. Made sure to be completely forthright and formal about responsibilities. Can’t play with that stuff.
@SwiftOnSecurity I used to do content management for a medical insurer, mostly for a site that published their medical policies. I regularly received notifications from the Legal Division that "policies about such-and-such" could not be removed. Sometimes that included policies that dated to *before the policies were published online*.
Definitely do not play with that stuff in the medical field! HIPAA in the US has big, sharp, teeth!