follow this approach: Recognize the potential for such access
and make it ineffective if it happens. The way in which to do that is to make the info itself ineffective through encryption. With information privately encrypted by the person and accessible solely to these with the personal key related to the info encryption