GAO wants updated consumer privacy framework
The Government Accountability Office, in a new report, has called on Congress to consider strengthening the consumer privacy framework to take changes in technology into account, as well as the market for consumer information.
"The current statutory framework for consumer privacy does not fully address new technologies--such as the tracking of online behavior or mobile devices--and the vastly increased marketplace for personal information, including the proliferation of information sharing among third parties," the report states.
"... no federal statute provides consumers the right to learn what information is held about them and who holds it," the report continues. "In many circumstances, consumers also do not have the legal right to control the collection or sharing with third parties of sensitive personal information [such as their shopping habits and health interests] for marketing purposes."
It suggests more comprehensive legislation instead of the current piecemeal approach, but in a way that protects privacy without inhibiting commerce and innovation.
Consumer privacy been an ongoing concern for patient privacy rights advocates. Kate Crawford, a visiting professor at the MIT Center for Civic Media and a principal researcher at Microsoft Research, has been advocating a framework to help people understand their legal rights. She says health information is especially vulnerable to the kinds of subtle discrimination that can result from big data analysis. Search terms for disease symptoms, online purchases of medical supplies and even the RFID tags on drug packages can tell a lot about a person's health.
Several states are reviewing how information from public health agencies is used when it is sold to data miners after a Bloomberg journalist revealed how patients could be reidentified with just a few pieces of information.
The Citizens' Council for Health Freedom has warned about information being collected by government entities as part of their pubic health initiatives--often without patients giving their consent.
To learn more:
- find the report (.pdf)
Does health data aggregation lead to bias?
As HIPAA concerns persist, vendors ready themselves
Consumer group: States collecting health data without consent
States review health database sales policies