In yet another turn of rolling back regulations, the Trump Administration has repealed certain FCC regulations that make it so now, rather than asking for a customer’s permission before doing so, it’s will now be legal for your ISP (Internet Service Provider) to take whatever data they get from providing you service, and sell it for advertising and marketing uses to the highest bidder should they so choose.
In the words of Ars Technica, without these specific FCC rules in place, “ISPs can analyze their customers’ Web browsing history in order to deliver personalized advertisements without seeking their prior consent. This doesn’t have to involve the sale of browsing data: ISPs who operate their own advertising networks (such as Comcast, AT&T, and Verizon) would be able to sell targeted ads without sharing their customers’ browsing history with third parties.” Granted, this is bad enough, but par for the course for many consumers in this high-tech age where saying something out loud in front of your camera can elicit an advertisement on Facebook for it the very next day. However, Ars Technica goes on to say, that in the new world without these FCC rules, “ISPs without their own ad networks could also contract with third parties and share browsing data with them. The FCC rules would have required ISPs to gain customers’ opt-in consent before using or sharing their browsing data for any purpose. ISPs have pledged to let customers opt out of personalized advertising but oppose the opt-in requirement.” So the threat comes from not just your ISP being able to advertise to you specifically within their companies using their own advertising, but being able to sell that data to third-parties that could do who knows what with it. More than just sites being able to look at your visits to them, and using that data to advertise to you, ISPs will have free rein over anywhere you go, and using anything you do as a potential chance to sell.
Now, let’s be clear: this doesn’t mean the sky is falling. These push and pull activities between ISPs and consumers have been happening for some time, and the right to privacy is always finding new ways to be tested. However, with little to no protections implemented, in the healthcare space you’ll suddenly see the chances for ISPs to do some damage, especially if what they’re selling involves sensitive health information. The branch of industry we exist in means we deal in sensitive data and information. However, with the loss of the protections that keep that data from being used without our permission, this is a serious time to look into, consider, and implement stronger security for your servers, sites, and more.
Luckily, the reality of these repeals don’t go into effect until the end of 2017, and there is still time to reverse them, though it’s doubtful the Trump Administration will consider such an action. What that means is that there is still plenty of time to get ahead of what this could potentially mean for your sensitive health information. Make sure your website has the highest and most up to date encryption; make sure you’ve switched over to HTTPS rather than HTTP, which will stymy how much data an ISP can get. Try to be aware of what information you’re searching for, storing, and how and where that’s occurring.
Like I said, there is still time, and this is not the sky falling, but it is something to be concerned about, and not something to be taken lightly. Make sure you’re secure moving forward, and keep an eye out for any more repeals that could put you or your patients at risk.