I read an Op Ed in the New York Times recently that served as a great reminder of why I founded Clearwater, and why we do what we do every day. In his article, author Frank Pasquale writes about the “dark market for personal data”, sharing how data miners, brokers and resellers have now “taken creepy classification to a whole new level” to further erode our privacy.
Pasquale highlights that these unregulated entities have created lists of personal data that should be kept personal.
There are lists out there of victims of sexual assault, of people with sexually transmitted diseases, of people who have Alzheimer’s, dementia and AIDS. And it goes on and on.
Individuals are added to these lists based on the harvesting of their personal information from various sources. And of course, none of this is regulated or done with the knowledge or permission of the individuals in question. And, these lists aren’t vetted or verified in any way, meaning the companies creating the lists really don’t care that much if they get it wrong here and there. They don’t have to be right all the time, just more times than they are wrong. Which means no sleep is lost when an individual is incorrectly labeled as having a condition or being accused of a crime.
Ultimately, the lists are purchased by marketers, by employers, by lending organizations and so on, offering immeasurable opportunity for us all to have our information used against us.
I say all that to say this. In today’s reality, privacy is a fleeting concept.
Individuals are watching helplessly as their personal data is being hacked at every turn. Data brokers. Cyber attacks. Nosey or disgruntled employees. In most cases, there’s really not much they can do, other than stop surfing the web, stop buying anything and never seeking medical care. Individuals are not properly equipped to defend their data, any more than a civilian would be ready to lead troops into battle. They need heroes.
That is why I come to work every day, and why I’m so passionate about supporting our customers. Sure, we all care about compliance and about managing risk. We care about corporate reputations, about dodging big financial penalties and about staying out of trouble with the government. But at the end of the day, the real reason we work hard to protect and secure data is a much more noble and critical cause.
If protected health information (PHI) isn’t cared for properly, patients are put at risk. Their privacy and their personal finances could be wrecked. The quality of their care could suffer. It’s literally a life or death proposition.
In short, it’s not about the data. It’s not about encrypted laptops or compliance checklists. It’s about people.
People who are trusting you to heal them, not create new wounds. People who are defenseless and need your protection.We’ve written a lot about the “real” cost of data breaches, but honestly we failed to remind you, and ourselves, that such lapses have ramifications far and beyond any negative business impacts that we have to absorb. The stakes are so much higher than that.
Trust me, I know it’s tough not to get caught up in the daily business of managing risk. We help hundreds of organizations tackle their privacy, security and compliance challenges, and we understand how easy it is to forget why we’re all here. It happens to me as well. In fact, I’m writing this just as much for myself as anyone. My plea for you is this. As you labor with critical decisions, lobby for additional budgets and wrestle with competing priorities, don’t lose sight of what’s really important.
Just remember that in the end, you are a hero. That every line of data in your possession represents a real person, someone who is depending on you to leverage that information to make them well, while keeping it out of harm’s way. That’s why we do what we do at Clearwater. My guess is that’s why you do what you do as well. Never forget that.
Register for one of Clearwater’s complimentary webinars on risk analysis and risk management basics and get to grips with these issues and more.
Latest posts by Bob Chaput (see all)
- HIPAA Risk Analysis: OCR-Quality Audits | Another opportunity to provide assurance to leadership - March 22, 2017
- HIPAA Risk Analysis Tip – OCR CAP Data: Learn Why 9 of 10 Organizations Fail - January 28, 2017
- The Importance of Improving Medical Device Security - November 14, 2016