If you are an organisation that collects information about people, whether directly or indirectly, then you should have a Privacy Policy in place to let people know how you will use and store their information.
The British medical Journal once asked, satirically, what doctors could do if faced with a problem for which there were no controlled trials and no good evidence.
