By Matt Fisher, General Counsel, Carium
Twitter: @matt_r_fisher
Twitter: @cariumcares
Host of Healthcare de Jure – #HCdeJure
Privacy is an important topic of discussion, consideration, deliberation, or any other word that can be used to say it is front and center. The focus on privacy has been growing as technology expands and creates more data. Privacy is so important though because there needs to be an understanding of what should happen with data.
Some Definitions
Before discussing what should happen with privacy, how is it defined?
The dictionary definition of privacy from Merriam-Webster includes (i) the quality or state of being apart from company or observation or (ii) secrecy. The baseline from the definitions is that privacy is about keeping something out of general view and being able to keep something apart.
Under HIPAA, the Privacy Rule addresses how protected health information can be used and disclosed. Privacy, therefore, is defined more as what can be done with information, which crafts a definition through exclusion. Privacy under HIPAA is not a clear cut definition then, but about a lot of interconnected rights, obligations, and more. The focus on permissive, conditional, or prohibited uses and disclosures then leads to some confusion and a lot of misunderstandings.
Other recent (or now not necessarily so recent) laws and regulations addressing privacy, including the EU General Data Protection Regulation and the California Conusmer Privacy Act, also focus on how to protect data and granting individual rights. Again, there is not necessarily a bright line definition as would be found in a dictionary.
The variance of definitions and lack of specificity underscores how hard it can be to define privacy. Attempting to define privacy by what can be done with data arguably tries to do it through exclusion. It is not a bad approach because it could put bounds around privacy, but then it can change unexpectedly.
“When I was a Kid…”
As suggested, the rise of technology throughout every aspect of life is a big reason why privacy is such a hot discussion. As a parent, I really wanted to stay away from saying “when I was a kid” to my own children, but the stark differences are hard to ignore. Remember the time when there was no readily available internet, television even with cable did not have what seemed like a limitless option of channels, and advanced technology looked like a single game handheld video game (don’t even try to think about the graphics).
As time went on, home computers began more common, though remember that early ones could not handle saving on the hard drive. There are a few memories of that happening by accident, the computer crashing, and then spending time figuring out how to remove the saved file to let the computer work again. The next big development was then the internet. The first steps to the internet rested upon no one trying to use the phone line for anything else, the beeps, squeaks, and scratches, and then the waiting for pages to load.
The Pace of the Internet
The rapid development of internet connections from dial up to DSL cables to WiFi and now cellular has also come with increased speeds and ability to distribute information. Taking advantage of those developments, technology also grew along with the ability to create, store, share, and retain data. Being able to easily find a photo for example from 10 years ago because it was taken on a smartphone, saved to cloud based storage, and then “permanently” available is much different from shooting on film, sending the film in to be printed, and then hopefully saving the printed photo and/or the negatives. Further, once something is on the internet, it is for most practical purposes impossible to remove that piece of information. Too many cataloging features exist, which doesn’t even get into the ability of anyone who finds a piece of information to save it themselves or redistribute it.
Beyond not being able to control data, there are also ever more tools for creating it. When I was growing up, the coolest wearable might have been a Casio calculator watch or at some point a watch where maybe Pac-Man could be played. Now, wearable technology generates a significant amount of sensitive information about the individuals who wear the device. An Apple Watch can track heart rhythms, exercise routines, sleep patterns (still not sure on that one with the battery life), and so much more. But who gets to see that data and who will keep all of it?
Another big factor in the spread of information and erosion of privacy is the creation and ubiquity of social media. Before the voluntary posting of every day activities and insights was made easily possible, it was much easier to keep personal details out of the public view. Now, platforms try to default users into broadcasting their information to everyone, but impacts are not necessarily fully appreciated. It is certainly much different from the days when the only way to share information was in person, a phone call, or a handwritten letter. Other means did exist, but still nothing where with the click of a button would the information instantly be available to most anyone with an internet connection.
The explosive growth of technology and the ability to share information has easily outpaced prior notions of privacy, data control, or even understandings of what should be done. It also feels as though the basic premises of what technology can do are still changing multiple times a year, if not on a monthly or faster basis. It all creates a situation where uncertainty reigns.
Evolving Definition of Privacy
After the seemingly unfettered growth of technology and the spread of the information created by the technology, a backlash seems to be starting. Some of the recent laws briefly referenced already (think CCPA and GDPR) are trying to swing control back to individuals. However, the controls are not applicable to every situation or every company. Taking CCPA as an example, it doe snot not automatically apply to every company. Certain thresholds must be met, which means a new startup that could arguably have fewer protections in place at the beginning may be able to do more with data early on when it does not need to comply.
An understanding of the problematic relationship between technology and privacy is starting to grow and go through its own refinement. However, the understanding is very much in its early stages and still trying to get footing as to where it will go. One thing that has become apparent though is the need to re-establish some boundaries and not make every piece of information about an individual findable. That means not taking advantage of individuals using different forms of technology and giving individuals more rights or protections. Swinging the privacy pendulum back to individuals a bit does not have to mean going too far to a different extreme. A balancing point should be possible and would be preferable.
Uncertain Future
Despite some optimism that privacy will improve, getting to a better place will take time. While waiting for that time and the discussions to occur, individuals should take stock of what can be done and what actions each person wants to take. It is not necessary to share all information. A starting point is looking at the settings of every tool used, not always picking a device that connects to the internet, and just overall being more thoughtful about the issue. Hopefully, a good dialogue about privacy in the current world can occur that allows for a real back and forth about a whole host of positives and negatives. Rushing into a change that does not try to be broader in scope of predictive will be more likely to result in more issues later.
This article was originally published on The Pulse blog and is republished here with permission.