Tag Archives: privacy

How Much Privacy?

Eye peering through computer codeI read an article recently in the MIT Technology Review titled “Laws and Ethics Can’t Keep Pace with Technology”. It helped me to understand that laws naturally follow our actions and experiments and there can sometimes be a lag between the action and the law. As technology development cycles become shorter, I expect the lag to become greater as we wrestle with exactly what needs to be regulated and in what form. With that in mind, I started thinking about privacy and security. Specifically, what message are we sending to our lawmakers about privacy? Do our words match our actions? Are we asking for laws that we are not truly passionate about, at least in deed?

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 in response to a need to protect health information and the need to transport patient information securely from doctor to doctor. Within the HIPAA legislation, there is a privacy rule and a security rule. According to the U.S. Health and Human Services (HHS):

The Privacy Rule establishes national standards for the protection of certain health information. The Security Rule establishes a national set of security standards for protecting certain health information that is held or transferred in electronic form.

The Security Rule operationalizes the Privacy Rule and sets standards for maintaining and transporting patient information. This is a case where a privacy need was met but it did not come to fruition until there were some lapses of security surrounding patient information. It took a strong call to action before standards were formulated and established.

Current Privacy Debate

There are some serious lapses currently in how we handle customer or personally identifiable information (PII), such as credit card and social security numbers. I am thinking of TJX and the security lapse that lasted from mid-2005 to December 2006. It is estimated that 47.5 million customer records were stolen. More recently was the Target security breach, which left customer information vulnerable to theft. Target announced that they are moving to a more secure “chip and pin” card system, but this is of little consequence to those Target customers that have already been affected. The barn door is open and the cows are out. When breaches such as this happen, we are all outraged and there is a temporary furor, but then we go back to using the same card, downloading unsecure apps and shopping at unsecure websites. Are we really angry enough to ask for laws calling for stronger protection of our personal information? What if it inconveniences us? What if we could no longer find our best friend whose smart phone is constantly broadcasting their geolocation?

The Flip Side

I believe that there is a lot of complacency and apathy today in terms of privacy and security. There are a lot of apps that gather our personal information. They can and do so because we allow and enable them. While there is a growing number of people concerned about their privacy and security, flawed applications and flawed financial cards have become a way of doing business. It is becoming difficult to find alternate paths to work in a secure world. Although flawed applications and flawed financial cards have become a way of doing business, there are a growing number of people who are concerned about their privacy and security.

Thoughts

I don’t think that new laws are necessarily the best way to generate a sense of responsibility for our own security, but we need to stand up and vote with our feet and our pocketbooks to say, “I choose to keep my personal information private, and I will only deal with others that will do the same”. Let me know your thoughts.

About Kelly BrownAuthor Kelly Brown

Kelly Brown is an IT professional, adjunct faculty for the University of Oregon, and academic director of the UO Applied Information Management Master’s Degree Program. He writes about IT and business topics that keep him up at night.

The Dark Side of IT

There has been a lot in the news lately about spying and the associated technologies used to aid said spying. Because of a leak by a contractor, it has been revealed that the US National Security Agency (NSA) has used a number of different technologies, including e-mail and phone surveillance, to spy on enemies of the state as well as regular citizenry identified as potential terrorists.

Technologies

In a recent New York Times post, author Vikas Bajaj suggests that “consumers have traded convenience for privacy”. We have the technology already to track the Internet activity of an individual. This includes e-mail archives and digital phone records, including conversations. With the advent of digital consumer technology, storing 1’s and 0’s is easy and increasingly more affordable with efficient data storage. The tools around big data make it easier to sort and pinpoint a particular thread. It is easy to capture, easy to store, and easy to sort. As an Internet consumer, is there more that we should know about these tools to be informed of our privacy and dealings?

Responsibility

When it comes to digital surveillance, what is our responsibility as a consumer? What is our responsibility as an IT practitioner? As a consumer of all things digital, I think it is our responsibility to understand the extent of which our presence is being tracked and understand that our activity on the Internet is not as private as we think. Think before you share all of your deepest, darkest secrets on Facebook. The old adage applies—“never do anything you wouldn’t want your mom to read about in the morning paper.” As IT practitioners, we may be called upon to gather data or turn over records to comply with a subpoena or court order. It is our responsibility to understand to what extent our customers and employees are protected in terms of privacy. Do you understand your company’s privacy policies? Are your customers and their records protected to some extent?

Solutions

The first solution is mentioned above and that is: be a smart consumer. Understand your presence on the Internet. Understand which sites provide a basic level of security and understand how your information moves about the Internet. The second is to understand and employ encryption techniques. This is especially important when handling customer personally identifiable information or PII. Make sure that this data is encrypted within your systems and while traveling across the network. Keep your own personal information secure and encrypted as well. Also, as an IT professional and a citizen of the cloud, you need to understand some of the techniques for preserving data such as private networks and private cloud computing.

Thoughts

Be aware before you share. Of course, all of the technology in the world is not going to stop your information from being extracted via a court order and, hopefully, you are never in that situation. For us upstanding citizens, it is imperative that we know how we are protected and how private and confidential our conversations and data really are or are not.

Do you stop to think about your privacy? Let me know your thoughts.

 

Author Kelly BrownAbout Kelly Brown

Kelly Brown is an IT professional, adjunct faculty for the University of Oregon, and academic director of the UO Applied Information Management Master’s Degree Program. He writes about IT topics that keep him up at night.