When dealing with client data, organizations and businesses must be very careful about managing the information their clients willingly give up to receive goods and services, especially regarding medical care and social services. Thankfully, some legislative measures are in place to protect people’s healthcare information from malign actors, fraudsters and or neglectful providers, most notably the Healthcare Portability and Accountability Act, more commonly known as HIPAA.
HIPAA was passed in 1996, and technology has advanced significantly since then. As technology, including A.I., has progressed, data collection has become more commonplace and essential than ever. This has allowed for easier access to many products and expanded means of building a firm’s customer base. However, the downside is that increased reliance on digital data has created more opportunities for things to go wrong. Today, we’ll explore those risks and discuss some upcoming federal legislation to curb them.
It’s a Jungle Out There
In the for-profit tech sector, especially when discussing social media and e-commerce, the collection of personal data is commonplace. Many user agreements people sign upon registering for, say, Facebook, explicitly allow for the supply of voluntarily submitted personal information like names, birthdays, and addresses and the collection of data generated using the platform. This can include everything from search histories to visited pages, familial ties, and buying histories.
To make money, these platforms will sell their users’ data to third parties, who then use it to send the users targeted ads based on their behavior. Naturally, not everyone pores over every user agreement across their screen. As a result, many users agree to collect and sell their data without realizing it.
What’s more, once a person’s data is out in the marketplace, so to speak, it’s more vulnerable to hackers and other bad actors who might use their data to commit financial fraud, send them unwanted content (i.e., spam) or track their movements without their knowledge. Thus, the practice of large-scale data collection will inevitably entail risks of breaches, including the unwanted publication of phone information, financial documents, and even political profiles.
The American Data Privacy and Protection Act
The American Data Privacy and Protection Act, or H.R. 8152, is a recent bill introduced in the U.S. House of Representatives and aimed at addressing some of the risks associated with data collection and trading.
The bill “establishes requirements for how companies, including nonprofits and common carriers, handle personal data, which includes information that identifies or is reasonably linkable to an individual.”
The summary of the bill continues:
The bill establishes consumer data protections, including the right to access, correct, and delete personal data. In addition, prior to engaging in targeted advertising, the bill requires companies to provide individuals with a means to opt-out of such advertising. The bill also provides additional protections with respect to the personal data of individuals under the age of 17. Finally, it further prohibits companies from using personal data to discriminate based on specified protected characteristics.
By mandating that every company, whether for-profit or nonprofit, follows a set of guidelines, the hope is that people’s data will be protected from criminals. The bill passed into committee on December 30, 2022, but neither House nor the Senate voted on it.
Be sure to stay updated with all of our data news and tips, and if you’re interested in learning how A.I. can help your organization, contact C3S today to schedule a free consultation.