As an IT, you have access to personal data. You should always get customer permission before copying or changing it.
Client confidentiality is the principle that an institution or individual should not reveal information about their clients to a third party without the consent of the client or a clear legal reason. This concept, sometimes referred to as social systems of confidentiality, is outlined in numerous laws throughout many countries.The access to a client's data as provided by the institution in question is usually limited to law enforcement agencies and requires some legal procedures to be accomplished prior to such action (e.g.: court order issued, etc.). This applies to bank account information or medical record. In some cases the data is by definition inaccessible to third parties and should never be revealed; this can include confidential information gathered by attorneys, psychiatrists, psychologists, or priests. One well known result that can seem hard to reconcile is that of a priest hearing a murder confession, but being unable to reveal details to the authorities. However, had it not been for the assumed confidentiality, it is unlikely that the information would have been shared in the first place, and to breach this trust would then discourage others from confiding with priests in the future. So, even if justice was served in that particular case (assuming the confession led to a correct conviction), it would result in fewer people taking part in what is generally considered a beneficial process. This could also be said of a patient sharing information with a psychiatrist, or a client seeking legal advice from a lawyer.