Recent history shows an increasing number of privacy breaches, usually attributed to a lack of diligence when handling personal data. Little awareness for privacy concerns is asserted as the pivotal negative effect on diligence. Challenging this conventional wisdom, this study shows that physicians are fully aware of the privacy issues. Their lack of diligence mainly results from a trade-off between the prospected consequences resulting from a privacy breach and the impediments diligent data handling has on the actual workflow of the physicians. Based on the grounded theory method, we chose hospitals as research field since patient data is commonly perceived as especially sensitive. We add to the body of knowledge by emphasizing the role of actors processing personal data in contrast to existing research that focuses on the behavior of affected actors, such as consumers. In sum, we provide a new perspective on the factors leading to privacy breaches.