MY SMART PHONE DOES WHAT WITH MY BLOOD PRESSURE DATA ???

Anita Fineberg, LL.B. CIPP/CBarrister & Solicitor

President, Anita Fineberg & Associates Inc.Privacy by Design Ambassador

eHealth 2013: Accelerating ChangeMay 29, 2013

CONCEPTS

Consumer concernsThe mobile ecosystemData collected by mobile appsApp “privacy gaps”The vicious cycleRecommendationsConclusionsContact information

CONSUMER CONCERNS

The three-quarters of Canadians who use mobile devices are increasingly likely to use privacy protection measures.

The majority of these people are likely to use a password to lock it (56%) and to adjust settings of the device or apps to limit the amount of personal information they share with others (53%).

This reflects significant increases in the use of such measures since 2011.

CONSUMER CONCERNS

The majority of mobile users (55%) have decided not to install, or have uninstalled, an app because of the amount of personal information they would have to provide.

A smaller proportion (38%) have turned off the location tracking feature on their mobile device because they were concerned about others accessing that information..

Source: Survey of Canadians on Privacy-Related Issues, Phoenix Strategic Perspectives, Conducted for the Office of the Privacy Commissioner of Canada, January, 2013

CONSUMER CONCERNS

Source: U.S. Consumer Privacy Attitudes and Business Implications: TRUSTe®, July 2012

CONSUMER CONCERNS

Consumers are particularly concerned about their confidential health information falling into the hands of employers or others

Source: Blue Chip Patient Recruitment, Leveraging Mobile Health Technology for Patient Recruitment: 2012 [cited 2012 October], Cited in Deloitte: mHealth in an mWorld How Mobile Technology is Transforming Health Care – Deloitte 2012

THE MOBILE ECOSYSTEM

DATA COLLECTED CAN INCLUDE

• Contacts• Photo Library• Videos• Camera/Video Sensor• Microphone• Text Messages

• Dialer• Calendar Items• Location• Reminders• Social Integration Features

Source: A Brief Overview of the Mobile App Ecosystem: FPF (Future of Privacy Forum)/World Privacy Forum, September 2012

User entered info

“PRIVACY GAP” IMPACT ON CONSUMERS

Lack of a privacy policy No information on what information the app collects, uses, discloses, to whom and for what purposes and for how long

Failure to seek express consent for the collection of PHI (initially and when the purpose of the use and/or disclosure changes)

Sensitive information may be collected, used and/or disclosed for purposes unexpected by the consumer

Inability to change default settings No choice with respect to the use of their information; i.e. no ability to “opt-out”

APP “PRIVACY GAPS”

APP “PRIVACY GAPS”

“PRIVACY GAP” IMPACT ON CONSUMERS

Failure to inform consumer if app accesses local resources (e.g. device address book, contacts, camera, photos), for what purposes and obtain consent prior to access

Unaware that other PI/PHI may be collected and used, other than that required for the operation of the app

No contact information so that a user may have their privacy questions and/or concerns addressed

Uncertainty related to whether the app is collecting, using and/or disclosing their information in a manner consistent with their understanding and/or expectations

THE VICIOUS CYCLE

Increasing consumer concerns related to the

use of mobile and other health technologies

Reluctance to use mobile health apps

and/or subsequent de-installation

Lack of integration into other systems holding

consumer PHI

Failure to be paid for and/or prescribed

Missed opportunities

RECOMMENDATIONS

DevelopersUnderstand the environment in which the app will

be used, by whom and the type of information required for its operation

Obtain privacy advice before development beginsAssess “proof of concept” against legal

requirements, best practices and user expectationsBuild in privacy controls from the beginningEnsure the app functions as stated in its privacy

policyBOTTOM LINE

WHAT PHI IS BEING COLLECTED, USED AND DISCLOSED, BY WHOM AND FOR WHAT PURPOSES?

RECOMMENDATIONS

Consumers Research mobile apps before installing them – credibility

from development agreements; BlackBerry’s privacy notices service

Just because you pay for it doesn’t mean it is more privacy protective

Look for app “permissions” and opt-out features to verify that the app will collect PHI for purposes and perform only functions of which you are aware and approve

Watch out for collection of location data Encrypt your phone data if storing PHI on the device Understand the risks you are introducing to your mobile

device

CONCLUSIONS

Consumer concerns over privacy affect both their initial downloading and continued use of health apps

Potential benefits of mHealth for both consumers and the health system more generally may be squandered if concerns are not addressed

Both the developer community and consumers have a role to play in creation of a trusted mHealth ecosystem

CONTACT INFORMATION

ANITA FINEBERG, LL.B., CIPP/CBARRISTER & SOLICITORPRESIDENTANITA FINEBERG & ASSOCIATES INC.

416.762.4583 (B)416.565.5007 (C)afineberg@sympatico.cahttp://www.linkedin.com/in/anitafineberg