What if you had in your records something really personal about a member that has nothing to do with the association directly?
An association is an affiliate member of a major online retailer, and receives a commission on orders generated from their link, along with a report.
Good news: more non-dues revenue income
Bad news: report shows a member ordered a "personal product" (use your imagination)
Many of us likely underestimate how much we're revealing about ourselves in ways we don't fully understand when we do a search, go to anyone's site, or place an order especially through a link from another site. Until I started a blog and added (free) analytics code, I really had no idea how much any site that I visit could learn about me.
Do you have a policy on what your association will do with reports that show ordering histories on products not directly sold by the association? Is it appropriate for the staff to redact information such as member names, names of books, or types of products ordered?