my smart phone does what with my blood pressure data ??? anita fineberg, ll.b. cipp/c barrister...
TRANSCRIPT
MY SMART PHONE DOES WHAT WITH MY BLOOD PRESSURE DATA ???
Anita Fineberg, LL.B. CIPP/CBarrister & Solicitor
President, Anita Fineberg & Associates Inc.Privacy by Design Ambassador
eHealth 2013: Accelerating ChangeMay 29, 2013
CONCEPTS
Consumer concernsThe mobile ecosystemData collected by mobile appsApp “privacy gaps”The vicious cycleRecommendationsConclusionsContact information
CONSUMER CONCERNS
The three-quarters of Canadians who use mobile devices are increasingly likely to use privacy protection measures.
The majority of these people are likely to use a password to lock it (56%) and to adjust settings of the device or apps to limit the amount of personal information they share with others (53%).
This reflects significant increases in the use of such measures since 2011.
CONSUMER CONCERNS
The majority of mobile users (55%) have decided not to install, or have uninstalled, an app because of the amount of personal information they would have to provide.
A smaller proportion (38%) have turned off the location tracking feature on their mobile device because they were concerned about others accessing that information..
Source: Survey of Canadians on Privacy-Related Issues, Phoenix Strategic Perspectives, Conducted for the Office of the Privacy Commissioner of Canada, January, 2013
CONSUMER CONCERNS
Source: U.S. Consumer Privacy Attitudes and Business Implications: TRUSTe®, July 2012
CONSUMER CONCERNS
Consumers are particularly concerned about their confidential health information falling into the hands of employers or others
Source: Blue Chip Patient Recruitment, Leveraging Mobile Health Technology for Patient Recruitment: 2012 [cited 2012 October], Cited in Deloitte: mHealth in an mWorld How Mobile Technology is Transforming Health Care – Deloitte 2012
THE MOBILE ECOSYSTEM
DATA COLLECTED CAN INCLUDE
• Contacts• Photo Library• Videos• Camera/Video Sensor• Microphone• Text Messages
• Dialer• Calendar Items• Location• Reminders• Social Integration Features
Source: A Brief Overview of the Mobile App Ecosystem: FPF (Future of Privacy Forum)/World Privacy Forum, September 2012
User entered info
“PRIVACY GAP” IMPACT ON CONSUMERS
Lack of a privacy policy No information on what information the app collects, uses, discloses, to whom and for what purposes and for how long
Failure to seek express consent for the collection of PHI (initially and when the purpose of the use and/or disclosure changes)
Sensitive information may be collected, used and/or disclosed for purposes unexpected by the consumer
Inability to change default settings No choice with respect to the use of their information; i.e. no ability to “opt-out”
APP “PRIVACY GAPS”
APP “PRIVACY GAPS”
“PRIVACY GAP” IMPACT ON CONSUMERS
Failure to inform consumer if app accesses local resources (e.g. device address book, contacts, camera, photos), for what purposes and obtain consent prior to access
Unaware that other PI/PHI may be collected and used, other than that required for the operation of the app
No contact information so that a user may have their privacy questions and/or concerns addressed
Uncertainty related to whether the app is collecting, using and/or disclosing their information in a manner consistent with their understanding and/or expectations
THE VICIOUS CYCLE
Increasing consumer concerns related to the
use of mobile and other health technologies
Reluctance to use mobile health apps
and/or subsequent de-installation
Lack of integration into other systems holding
consumer PHI
Failure to be paid for and/or prescribed
Missed opportunities
RECOMMENDATIONS
DevelopersUnderstand the environment in which the app will
be used, by whom and the type of information required for its operation
Obtain privacy advice before development beginsAssess “proof of concept” against legal
requirements, best practices and user expectationsBuild in privacy controls from the beginningEnsure the app functions as stated in its privacy
policyBOTTOM LINE
WHAT PHI IS BEING COLLECTED, USED AND DISCLOSED, BY WHOM AND FOR WHAT PURPOSES?
RECOMMENDATIONS
Consumers Research mobile apps before installing them – credibility
from development agreements; BlackBerry’s privacy notices service
Just because you pay for it doesn’t mean it is more privacy protective
Look for app “permissions” and opt-out features to verify that the app will collect PHI for purposes and perform only functions of which you are aware and approve
Watch out for collection of location data Encrypt your phone data if storing PHI on the device Understand the risks you are introducing to your mobile
device
CONCLUSIONS
Consumer concerns over privacy affect both their initial downloading and continued use of health apps
Potential benefits of mHealth for both consumers and the health system more generally may be squandered if concerns are not addressed
Both the developer community and consumers have a role to play in creation of a trusted mHealth ecosystem
CONTACT INFORMATION
ANITA FINEBERG, LL.B., CIPP/CBARRISTER & SOLICITORPRESIDENTANITA FINEBERG & ASSOCIATES INC.
416.762.4583 (B)416.565.5007 (C)[email protected]://www.linkedin.com/in/anitafineberg