Friday, February 19, 2010

Privacy and Regulation

Jennifer Stoddart, the Privacy Commissioner of Canada, recently gave a must-read speech on "The Future of Privacy Regulation" at the 11th Annual Privacy and Security Conference.

Very well stated is the daunting task that is facing regulators worldwide:

Of the many challenges we face, none is more dramatic than the impact of technology.
First and foremost, there is the sheer scope of the Internet, and the myriad ways in which we can now interact, shop, learn, and pretty much live online.
There’s also the staggering growth of computer capacity, which allows massive amounts of personal information to be collected, manipulated and shared.
Much of the content swirling through this Web 2.0 world is also generated by individuals, which poses new challenges for regulators.
From a privacy perspective, one consequence of these developments is that personal information can live on in cyberspace, pretty much in perpetuity. And so a typical data breach may no longer affect just a handful of people, but potentially hundreds of thousands of them.
Another consequence is that our lives have become open books. Even if we don’t advertise our whereabouts on Google Latitude, surveillance cameras and GPS-enabled cellphones are able to capture our movements.
Even if we don’t broadcast our latest purchases on, our online browsing habits are being quietly monitored and mined for their value to merchants and marketers.
And concepts of consumer knowledge – never mind consent – are become increasingly strained.

Of particular interest in the medical field is the simple assertion "[...] a typical data breach may no longer affect just a handful of people, but potentially hundreds of thousands of them."

If the risk of a data breach in a large centralized system is measured in hundreds of thousands, if not millions of confidential records, then one must ask, is the risk worth it?

One can not compare the lost of your famous "secret chicken recipe" due to a privacy breach on Facebook, to the damage associated with the lost of your most confidential information, which is currently known only by yourself and your healthcare provider.

When your medical records are located in the local office of a health professional, the risk of a data breach is similar whether a practitioner manages your records on paper or within the confines of a secure EMR platform.

However, it is clear now that any time a massive store of interesting data is centralized into a single location, is is much like painting concentric circles in bright red paint on the side of your web address. 

The risk to your specific privacy and, as a healthcare provider, the privacy of your patients is greatly affected by where your information is stored.

1 comment:

faparker said...

Revenue Canada uses a central server; so do the Canadian Banks-I don't think any of them have been compromised. If there is a will, there a way of decent security. I just don't think most governments are sufficiently competent.