Pretexting - an old school, but effective, trick
The Washington Post published an article about how the HP Board of Directors used an outside agency to obtain phone records of board members and journalists. This is a fine example of how social engineering is still one of the most effective and dangerous methods of breaking someone's security.
Everyone needs to learn the rules on who can access their data and how that access is protected. This means knowing the ways to verify the identity of the person in front of them or on the other end of the phone or computer line. Erring to the side of not giving out the information is usually much better for job security and safety. When in doubt, call in a supervisor or other person of authority and let the escalation handle it.
I certainly don't want to lose my job or, worse, go to jail, because I made a lazy security mistake.
Be careful with your data and more careful with someone else's data.