Gadgets are getting closer to the body. Five facts that information security experts want to warn you about

Original author: Cindy Ng
Recently, we have been receiving a lot of news about wearable gadgets used in the field of health and fitness. Apple recently announced the release of the Health app, as well as the Health Kit cloud platform. In this regard, Nike provided a special connector for its Fuelband for physical activity analysis. According to the general opinion, fitness trackers are in decline, while the market for wearable gadgets in general - remember Google Glass or iWatch - is at its peak.

image

What about the protection of personal information? In fact, there are many changes in this area, and the Federal Trade Commission (FTK) is following this!

Recently, they held an event called “Generated and User-Driven Health Data” and all the speakers, that is, members of the FTC commission, engineers, lawyers, information security experts, agreed that wearable gadgets have great potential, but since the status data health are of great importance, they need serious protection.

I formulated their opinion in the form of 5 main points that confidential data protection experts would like to convey to you - about health data, data generated by your wearable gadgets, about protecting your personal safety and why it is so difficult to create a single law, which would protect everyone and everyone.

1. TRANSPARENCY AND TRUST

If manufacturers of wearable gadgets in the field of health and fitness pursue policies that are dubious in terms of protecting personal information and do not ask users to consent to the distribution of data, this may reduce the attractiveness of such services for many people, especially for those who are seriously concerned about the integrity personal information. Why upload data about your state of health if there is no guarantee that they will not fall into the wrong hands?

Some experts offer short, clearly defined rules on how to ensure the security and protection of your data - something like labels on products.

image

2. WHERE YOUR HEALTH DATA MAY BE REVEALED

Latanya Sweeney, senior FTK technologist and professor of management and technology at Harvard University, tried to document and map data distribution between patients, hospitals, insurance companies, etc. She found that it’s actually difficult to track where this data will go, and it’s almost impossible to predict where it will end up.

Inspired by Sweeney's example, I checked to see if my health care information could go beyond the medical system. They can! A recent report by the FTC on the information trading business (see Appendix B) proves that brokers collect some sensitive patient data.

image

3. MEDICAL DETAIL

According to state law, information about your visit to the hospital should be sent to those authorized to receive such data.

What, for example, do different states in the USA do with their citizens? It turns out that 33 states sell or openly disseminate medical data. Of these 33 states, only 3 comply with HIPAA (Health Insurance Liability and Reporting Act).

4. DON'T FORGET ABOUT GEOLOCATION

One of the very important problems mentioned at the FTC event was geolocation. Many applications and devices for protecting health and fitness collect data on the routes of your jogging or stay in training rooms. Some applications may even predict where you will go and where you will be at certain times, or predict when you will be at home.

image

5. FREE CHEESE ONLY IN THE TRAPPOINT

In exchange for free health and fitness apps, you share VERY MUCH data. Many free apps collect data about you. But medical data is not the same as a list of your favorite films.

Some users trust the manufacturers of their applications and devices, say, Nike, but they do not realize that, using their product, they agree to sell and resell their health data to third parties, which may not be so reliable.

Jared Ho, an attorney at the FTK Mobile Technology Division, tested 12 health and fitness applications and found that his data was sent to the developer's website, as well as to 76 other third-party organizations, mostly advertising and analytic firms. .

Here's what he found out:

1. 18 out of 76 organizations collected device identifiers, for example, device IDs.
2. 14 out of 76 collected personal data about the user: username, login and email address.
3. 22 out of 76 organizations received information about consumers, in particular, about their exercises, nutrition and diet, medical symptoms, zip code and location.

image

No one can predict how the market for wearable gadgets will evolve, but emerging business practices and technologies will influence the legislation on personal information of clients, so this topic remains very relevant. Problems and concerns, such as who can and who should have access to personal health data, or who has potential access to them, will undoubtedly continue to be heatedly discussed.

Also popular now: