Biomedical research ethics has historically rested on cases of egregious harm and disrespect to subjects through direct experimentation on bodies. However, with the emergence of sophisticated health data and specimen analysis, a new type of research ethics case study has emerged to highlight the limitations of applying current research and privacy regulations to the study of Big Data. In this paper I challenge common myths about data protection and argue three points researchers must keep in mind: (1) De-identification does not always secure privacy in the manner intended, (2) Successful identification does not suffice to address all ethical concerns, and (3) any party that creates new health records should not presume that traditional regulatory restrictions have fully accounted for their own part in this vanguard of evolving responsibilities. To this last point, I argue that any researcher, including those operating in the largely unregulated domains of public data and citizen science, should seek ethics consultation to help them respect persons, avoid harms, and proceed justly beyond the legal minimums.