One of the problems that could arise concerns the reason the individual obtained the information: It needs to be a legitimate reason and relate to the organization's legislative mandate.
Second, the information collected must be protected. It must not be disclosed without cause and any disclosure of the information generally needs to be related to the initial reason it was collected.
When information is provided, not everyone in government needs to know it. If information is shared for purposes other than its intended purpose or if it isn't adequately protected, that's where privacy breaches can occur.