Gadgets are getting closer to the body. Five facts that information security experts want to warn you about
Recently, we get a lot of news about wearable gadgets used in the field of health and fitness. Apple recently announced the release of the Health app, as well as the “Health Kit” cloud platform. In this regard, Nike has provided its Fuelband bracelet with a special connector for analyzing physical activity. According to the general opinion, fitness trackers are experiencing a decline, while the market of wearable gadgets in general - remember Google Glass or iWatch - is at its peak.
How are you protecting personal information? In fact, there are a lot of changes in this area, and the Federal Trade Commission (FTC) is watching this!
Recently, they held an event “Generated and user-managed health data” and all the speakers, that is, members of the FTC commission, engineers, lawyers, information security experts agreed that wearable gadgets have great potential, but since health are of great importance, they need serious protection.
')
I formulated their opinion in the form of 5 main points that experts on the protection of confidential data would like to convey to you - about the health data, the data generated by your wearable gadgets, the protection of your personal security and why it is so difficult to create a single law, who would protect everyone.
1. TRANSPARENCY AND CONFIDENCE
If manufacturers of wearable health and fitness gadgets have policies that are dubious in terms of protecting personal information and do not ask users for consent to the distribution of data, this can reduce the attractiveness of such services for many people, especially for those who are seriously concerned about inviolability. personal information. Why download your health data if there is no guarantee that it will not fall into the wrong hands?
Some experts suggest short, well-defined rules on how to ensure the security and protection of your data - something like tags on products.
2. WHERE YOUR HEALTH DATA ABOUT CAN BE
Latanya Sweeney, chief technologist of the FTC and professor of management and technology at Harvard University, tried to document and map a data distribution between patients, hospitals, insurance companies, etc. She found out that it’s actually difficult to track where this data will go, and it’s almost impossible to predict where it will end up.
Inspired by the example of Sweeney, I checked if my medical information could go beyond the medical system. They can! The FTC's recent report on the business of trading information (see Appendix B) proves that brokers collect some sensitive patient data.
3. BARDAK WITH MEDICAL DATA
Information about your visit to the hospital, according to state law, should be sent to those who are authorized to receive such data.
What, for example, do different states in the USA do with the data of their citizens? It turns out that 33 states are selling or openly distributing medical data. Of these 33 states, only 3 comply with the HIPAA (Health Insurance Liability and Reporting Act).
4. DON'T FORGET ABOUT GEOLOCATION
One of the very important problems mentioned at the FTC event was geolocation. A variety of health and fitness applications and devices collect data on your jogging routes or stays in training halls. Some applications may even predict where you will go and where you will be at a certain time, or predict when you will be at home.
5. FREE CHEESE ONLY MINISTRY
In exchange for free health and fitness apps, you share VERY MUCH data. Many free applications collect data about you. But medical records are not at all the same as a list of your favorite movies.
Some users trust the manufacturers of their applications and devices, say, Nike, but they do not realize that by using their product, they agree to sell and resale their health data to third parties that may not be so reliable.
Jared Ho, a lawyer at the FTC’s Mobile Technologies Division, tested 12 health and fitness applications and found that his data was sent to the developer’s website, as well as to 76 outside organizations — mostly advertising and research firms. .
Here is what he found out:
1. 18 out of 76 organizations collected device identifiers, such as device IDs.
2. 14 out of 76 collected personal information about the user: username, login and email address.
3. 22 out of 76 organizations received information about consumers, in particular, about their exercise, nutrition and diet, medical symptoms, zip code and location.
No one can predict how the wearable gadget market will evolve, but the emerging business practices and technologies will affect the legislation on customers' personal information, so this topic remains very relevant. Problems and concerns, such as who can and who should have access to personal health data, or who has potential access to it, will no doubt continue to be hotly discussed.
How are you protecting personal information? In fact, there are a lot of changes in this area, and the Federal Trade Commission (FTC) is watching this!
Recently, they held an event “Generated and user-managed health data” and all the speakers, that is, members of the FTC commission, engineers, lawyers, information security experts agreed that wearable gadgets have great potential, but since health are of great importance, they need serious protection.
')
I formulated their opinion in the form of 5 main points that experts on the protection of confidential data would like to convey to you - about the health data, the data generated by your wearable gadgets, the protection of your personal security and why it is so difficult to create a single law, who would protect everyone.
1. TRANSPARENCY AND CONFIDENCE
If manufacturers of wearable health and fitness gadgets have policies that are dubious in terms of protecting personal information and do not ask users for consent to the distribution of data, this can reduce the attractiveness of such services for many people, especially for those who are seriously concerned about inviolability. personal information. Why download your health data if there is no guarantee that it will not fall into the wrong hands?
Some experts suggest short, well-defined rules on how to ensure the security and protection of your data - something like tags on products.
2. WHERE YOUR HEALTH DATA ABOUT CAN BE
Latanya Sweeney, chief technologist of the FTC and professor of management and technology at Harvard University, tried to document and map a data distribution between patients, hospitals, insurance companies, etc. She found out that it’s actually difficult to track where this data will go, and it’s almost impossible to predict where it will end up.
Inspired by the example of Sweeney, I checked if my medical information could go beyond the medical system. They can! The FTC's recent report on the business of trading information (see Appendix B) proves that brokers collect some sensitive patient data.
3. BARDAK WITH MEDICAL DATA
Information about your visit to the hospital, according to state law, should be sent to those who are authorized to receive such data.
What, for example, do different states in the USA do with the data of their citizens? It turns out that 33 states are selling or openly distributing medical data. Of these 33 states, only 3 comply with the HIPAA (Health Insurance Liability and Reporting Act).
4. DON'T FORGET ABOUT GEOLOCATION
One of the very important problems mentioned at the FTC event was geolocation. A variety of health and fitness applications and devices collect data on your jogging routes or stays in training halls. Some applications may even predict where you will go and where you will be at a certain time, or predict when you will be at home.
5. FREE CHEESE ONLY MINISTRY
In exchange for free health and fitness apps, you share VERY MUCH data. Many free applications collect data about you. But medical records are not at all the same as a list of your favorite movies.
Some users trust the manufacturers of their applications and devices, say, Nike, but they do not realize that by using their product, they agree to sell and resale their health data to third parties that may not be so reliable.
Jared Ho, a lawyer at the FTC’s Mobile Technologies Division, tested 12 health and fitness applications and found that his data was sent to the developer’s website, as well as to 76 outside organizations — mostly advertising and research firms. .
Here is what he found out:
1. 18 out of 76 organizations collected device identifiers, such as device IDs.
2. 14 out of 76 collected personal information about the user: username, login and email address.
3. 22 out of 76 organizations received information about consumers, in particular, about their exercise, nutrition and diet, medical symptoms, zip code and location.
No one can predict how the wearable gadget market will evolve, but the emerging business practices and technologies will affect the legislation on customers' personal information, so this topic remains very relevant. Problems and concerns, such as who can and who should have access to personal health data, or who has potential access to it, will no doubt continue to be hotly discussed.
Source: https://habr.com/ru/post/260513/
All Articles