The recent Cambridge Analytica and Facebook data scandal represents another in a long line of debacles by major companies charged with protecting the personal data of its users. The Equifax hack of 2017 is still fresh in the minds of some citizens, and though it’s not exactly the same situation, there are still striking similarities between what happened with Cambridge Analytica and the misuse of Facebook data, and Equifax’s shameful lack of security protections.
The theme here is that big, faceless organizations have a lot of power and control over the data that average citizens take for granted — data that, sometimes, people don’t even realize they’ve given up. Not only that, but, in the case of Equifax’s data breach, some of this compromised information is “lifetime data,” things like Social Security numbers and patient health information that can’t simply be changed or replaced like a password can be.
So, who pays when data is mishandled by giant global organizations?
The user. You. Me. Basically everybody but these gargantuan entities.
This needs to change.
A Double-Edged Sword
Big data isn’t necessarily a bad thing on its own, nor is it really a new concept.
In their article, “How Data and Decisions Work Together,” the experts at GWU mention the government has collected data on patent, population, and weather since 1790. They also touch on the fact that businesses and healthcare facilities that collect big data can personalize their approaches to patients and customers, and in effect, make decisions that are both good for business as well as good for preservation of human life.
Unfortunately, big data is a double-edged sword, and the healthcare industry is a perfect example of this. Doctors are able to use data to provide more accurate diagnoses and save lives, and there’s even a set of federal standards to protect patient data called the Health Insurance Portability and Accountability Act (HIPAA).
Multiple sources confirm that “several HIPAA violations are common among health organizations, such as failing to store private health care information properly, failing to obtain written consent from patients and sharing photos of patients on social media.”
This is somewhat frightening news, considering that the healthcare industry has become the most targeted industry of all, even beyond financial service providers. Duquesne University’s online resources state that “EHR security breaches range from simple flaws in network security to determined, focused attacks maliciously orchestrated by expert hackers. In May 2017, a simple authentication flaw in Molina Healthcare’s network exposed up to 4.8 million patient records,” they write. “The exposed data included names, addresses, birth dates, diagnoses, and other medical information about individual patients…”
Here’s the catch: HIPAA fines are steep and well enforced. Some reports have even come out showing that harsher penalties for HIPAA violations have been in the works. However, is this type of enforcement being shown to social media companies and credit bureaus?
What ever happened as a consequence of the Equifax hack or the latest Facebook fiasco?
A Surprising Lack of Justice So Far …
For anybody that doesn’t remember, the hacking of Equifax’s consumer and financial data put at risk the personal information of up to 143 million Americans. In his article published via The New York Times, Peter J. Henning writes that, naturally, many will wonder the legal consequences the company and its executives might face.
“The answer, for those who remember the government’s response to the financial crisis,” he writes, “will be as familiar as it is unwelcome: not much. That seems outrageous when so many individuals may see their identities stolen because of a company’s failure to ensure the safety of its primary product. But Equifax operates in a sphere with minimal government regulation, and its conduct is unlikely to trigger a criminal prosecution of the company or any of its executives.”
As for Cambridge Analytica and Facebook, the former still has seen no charges against their firm, even though Brazil prosecutors have opened an investigation into their activities. The latter also has yet to face consequences, with David Lumb from Engadget reporting that Facebook CEO Mark Zuckerberg “confirmed that no employee was fired in the wake of the scandal because, in his words, it’s his fault: ‘At the end of the day this is my responsibility,’ he said.”
Even the #deletefacebook movement and the abundance of bad press against Facebook hasn’t seemed to have made much of a dent in the social media giant’s bottom line. So how do we keep something like this from happening again? How can we ensure that more companies don’t abuse the inherent power that comes with ownership of so much data?
It All Comes Down to You
The frustrating thing is that all of this comes down to you, the user. The unfortunate reality is that the people charged with protecting our data and personal information — they’re not doing it. To top it off, the people that should be ensuring just penalties befall those that shirk data protections — they’re not doing their jobs either.
This situation is complicated by the fact that many are confused by how these technologies work. However, that shouldn’t be an excuse anymore. Every citizen is faced with user agreements and other technological mumbo jumbo that the law says they must know and follow … why should it be any different for politicians? Why shouldn’t politicians and data-abusers face more consequences and be held to a higher standard of knowledge?
I could sit here and say that we need more regulation, or that our leaders need to punish those responsible for playing us all like fools, but those things won’t happen. The bad news is, nothing is changing — not until the little guy finally stands up and says “I’ve had enough of this.”
There are those fighting the good fight, and I applaud them. Perhaps it is they who will usher us toward a new era with responsible leadership. Until they, look inward. Realize that this issue affects every single one of us. Decide where you stand on the issue.
At least that’ll be a start. Where we go from there?
Nobody knows.