So I cannot help but take a cue from all the mimes and stories going around about the toilet conditions in Sochie at the Winter Olympics. Talk about a lack of privacy...
I don't know if the pictures and/or stories are real, but they sure are fun. And like most online authors, I plan to make the most of it, perpetuate the myth, and basically exploit the heck out of it. oo rah.
Let's compare the supposedly lack of privacy of Sochi Olympic toilets to the sanitary conditions of some countries. Sochi has toilets. Some countries do not. Are we as a leading world power spoiled? We have indoor plumbing, filtered water, sophisticated waste management, and private commodes almost everywhere. Is there some reason why Olympians cannot tolerate something less than the best? Is there some reason why our Olympians cannot see what it feels like to live on the other side? We have antibiotics, right? Is privacy required to take a poop? As a nurse, we often had to deal with a patient's inability to urinate on command - hesitation. It's prevalent in pre-employment physicals and drug screens as well. Some people simply cannot perform with an audience.
So let's transfer some of these same considerations over to privacy. In the U.S., we are horrified of being asked to use the restroom in front of someone, but we don't consider personal information to be private. Bowel movements, yes. Date of birth, no. So that's our scale of privacy need. We don't flinch at sharing a lot of information or categories of information. We expect that companies who possess our information in certain contexts to be using that information to gain a business or competitive edge or to use it in some way that is advantageous to them. Thus, when there is a breach, fewer than 10% of people contact the company or take them up on mitigation offers (anecdotally and my own experience dealing with breaches - seriously was closer to 3-5%).
Yet, in the E.U., people have other expectations. They expect privacy. They expect their information will only be used for the purpose it is collected and nothing else. Nothing else. And once the purpose is achieved, the information should be deleted. Deleted. So they are horrified at U.S. citizens' and businesses' cavalier attitudes towards privacy.
This would be a different world if we were as horrified at our information being gathered, shared, used, and kept as we are having to poop side-by-side with someone else. Take that and flush it.
Showing posts with label surveillance. Show all posts
Showing posts with label surveillance. Show all posts
Friday, February 7, 2014
Sunday, February 2, 2014
When can Employers share your Information?
My daughter, Dazlin, asked this question on privacy..."Under what circumstances can or should my employer share my information?"
What a brilliant inquiry.
And I have no brilliant, quick responses, yet I am forcing her to wait for the answer on here even though I am currently comfortably ensconced in her apartment, sitting across from her.
First, for me, the easy answer is about medical information. Any information in the medical context, whether as part of disability accommodation, employment prescreening, genetic information, employer medical coverage, or workers' compensation must be kept confidential. This means, generally, in HR, there are two files for each employee or a bifurcated file where the health information is kept separated from discipline, hiring and firing, pay, etc.
Can they ever share it? Of course they can. They can share it with people and entities who have a need to know, such as benefit managers, health care professionals who are treating you, risk management, and so forth. But in general, the information should not be shared anywhere without a legitimate reason. Most of the protection here is federal - EEOC (disability, genetic information), OSHA (injuries on the job) - but there is also state law that applies (workers' comp, HR law, data breach law).
I am not going into a terrible amount of detail here if for no other reason than it is a blog and not a legal treatise. Some factors also depend on whether your employer is a public or private entity and/or what job you hold. But if anyone is curious, write me and let me know that you have questions. I'll see what I can do.
Now, for the sharing...in almost all laws, there are exceptions and privacy law is no exception to that. In general, the exceptions are around subpoenas, law enforcement, public health, emergencies, and business operations that require disclosures. Business operations could include mergers, account houses, and other entities that are contracted to perform some duty on your employer's behalf, like mailing 1099s. To do so, the other entity has your information. Do you also remember all the stories about how many subpoenas and requests for information are being served on internet service providers? If information is part of an investigation, your employer will likely give it up.
Other than medical information, employers are required to keep certain information secure - like your date of birth and social security number. In countries other than the U.S., who have data protection laws, certain information is considered sensitive information. Sensitive information includes ethnicity, political views, member of professional organizations, etc. Now here in the U.S., race, age, gender is also considered confidential, but mainly because an employer can be sued for discrimination if negative decisions are based on race, gender, being over 40, disabled - things that make you a member of a protected class. Also, credit reports and background checks must be performed and retained securely. In fact, after the financial troubles of 2008, several states placed background check laws in place - mainly either the employer could not ask certain questions in an application or could not do a background check before meeting the person.
Many states have laws protecting certain information, although Massachusetts with 17 CMR 201 is the strongest. In Massachusetts, if you have information on their residents, to include name (either first name/initial with last name) plus some other elements (SSN, driver license number, or financial account number), then you are required to have a security program in place and provide certain data protections.
Mainly states have data breach notification laws, meaning that if your data is breached somehow, your employer must let you know (these are general law not employment laws, but apply to entities that collect certain information). Thus, if your employer wants to be excluded in most of these states from notification provisions, then they need to encrypt and take precautions with your information. Not all states recognize encryption as an exception, but most do - and of course, this only applies to electronic information.
Speaking of electronic information: analyzing whether employers can access your electronic communications such as email, texts, and social media is a full blog on its own. Morality consideration is another - think of teachers fired for posting naked party pictures on their own facebook or sports figures who get into scandals and lose endorsements. And last, lifestyle (which includes morality) is also a very deep discussion of law.
So this is part of her answer. In reality, not all employers follow the laws - and certainly not all employees of your employer will follow the law. Training and awareness are huge for data protection and training is not generally a high budget item for many employers, especially towards protecting their employees' data.
So my advice point coming out of this is to be careful of your own information in the workplace. It is not necessarily a good idea to friend people on social media that you work with - you just may have information disclosed to your employer that you wish was not - and if a negative action is taken towards you based on this information, then you likely will have a very hard time proving it.
What a brilliant inquiry.
And I have no brilliant, quick responses, yet I am forcing her to wait for the answer on here even though I am currently comfortably ensconced in her apartment, sitting across from her.
First, for me, the easy answer is about medical information. Any information in the medical context, whether as part of disability accommodation, employment prescreening, genetic information, employer medical coverage, or workers' compensation must be kept confidential. This means, generally, in HR, there are two files for each employee or a bifurcated file where the health information is kept separated from discipline, hiring and firing, pay, etc.
Can they ever share it? Of course they can. They can share it with people and entities who have a need to know, such as benefit managers, health care professionals who are treating you, risk management, and so forth. But in general, the information should not be shared anywhere without a legitimate reason. Most of the protection here is federal - EEOC (disability, genetic information), OSHA (injuries on the job) - but there is also state law that applies (workers' comp, HR law, data breach law).
I am not going into a terrible amount of detail here if for no other reason than it is a blog and not a legal treatise. Some factors also depend on whether your employer is a public or private entity and/or what job you hold. But if anyone is curious, write me and let me know that you have questions. I'll see what I can do.
Now, for the sharing...in almost all laws, there are exceptions and privacy law is no exception to that. In general, the exceptions are around subpoenas, law enforcement, public health, emergencies, and business operations that require disclosures. Business operations could include mergers, account houses, and other entities that are contracted to perform some duty on your employer's behalf, like mailing 1099s. To do so, the other entity has your information. Do you also remember all the stories about how many subpoenas and requests for information are being served on internet service providers? If information is part of an investigation, your employer will likely give it up.
Other than medical information, employers are required to keep certain information secure - like your date of birth and social security number. In countries other than the U.S., who have data protection laws, certain information is considered sensitive information. Sensitive information includes ethnicity, political views, member of professional organizations, etc. Now here in the U.S., race, age, gender is also considered confidential, but mainly because an employer can be sued for discrimination if negative decisions are based on race, gender, being over 40, disabled - things that make you a member of a protected class. Also, credit reports and background checks must be performed and retained securely. In fact, after the financial troubles of 2008, several states placed background check laws in place - mainly either the employer could not ask certain questions in an application or could not do a background check before meeting the person.
Many states have laws protecting certain information, although Massachusetts with 17 CMR 201 is the strongest. In Massachusetts, if you have information on their residents, to include name (either first name/initial with last name) plus some other elements (SSN, driver license number, or financial account number), then you are required to have a security program in place and provide certain data protections.
Mainly states have data breach notification laws, meaning that if your data is breached somehow, your employer must let you know (these are general law not employment laws, but apply to entities that collect certain information). Thus, if your employer wants to be excluded in most of these states from notification provisions, then they need to encrypt and take precautions with your information. Not all states recognize encryption as an exception, but most do - and of course, this only applies to electronic information.
Speaking of electronic information: analyzing whether employers can access your electronic communications such as email, texts, and social media is a full blog on its own. Morality consideration is another - think of teachers fired for posting naked party pictures on their own facebook or sports figures who get into scandals and lose endorsements. And last, lifestyle (which includes morality) is also a very deep discussion of law.
So this is part of her answer. In reality, not all employers follow the laws - and certainly not all employees of your employer will follow the law. Training and awareness are huge for data protection and training is not generally a high budget item for many employers, especially towards protecting their employees' data.
So my advice point coming out of this is to be careful of your own information in the workplace. It is not necessarily a good idea to friend people on social media that you work with - you just may have information disclosed to your employer that you wish was not - and if a negative action is taken towards you based on this information, then you likely will have a very hard time proving it.
Wednesday, January 29, 2014
Why are we not Outraged?
Edward Snowden (of the now infamous and controversial U.S. National Security Agency rampant surveillance) has spoken out in his first television interview . He speaks frankly about the threats to his life due to his revelations, but more importantly why he did what he did. A friend of mine posted the link on facebook and I asked this same question there - why are we not more outraged? Why do TV or music celebrities get more comments from both fans and haters than does someone who opened the U.S. pandora's privacy box? It is scandalous!
It is scandalous what the NSA has done.
It is scandalous that we as a nation do not seem to care.
In fact, it appears and I allege that the only reason we are starting to hear from our political leaders about fixing the problem is because nations which actually provide privacy rights to their citizens are outraged. They are outraged. We are not.
The White House has spoken now. President Obama finally laid out a plan: consider reforming the PATRIOT Act; improve the public's confidence in governmental oversight; have the Intelligence Community make public information about their surveillance programs - including hiring a privacy officer (more on this later as one has now been appointed); and last, having a high-level group of experts review intelligence and communication technologies. Yours truly was not invited. durn.
What will it take for the people of this nation to actually pay attention to their own privacy and to the entities violating that privacy?? I am honestly perplexed, outraged on your behalf, and frankly, wishing there was a privacy cattle prod that someone with integrity could wield as rampantly as the government wields surveillance.
It is scandalous what the NSA has done.
It is scandalous that we as a nation do not seem to care.
In fact, it appears and I allege that the only reason we are starting to hear from our political leaders about fixing the problem is because nations which actually provide privacy rights to their citizens are outraged. They are outraged. We are not.
The White House has spoken now. President Obama finally laid out a plan: consider reforming the PATRIOT Act; improve the public's confidence in governmental oversight; have the Intelligence Community make public information about their surveillance programs - including hiring a privacy officer (more on this later as one has now been appointed); and last, having a high-level group of experts review intelligence and communication technologies. Yours truly was not invited. durn.
What will it take for the people of this nation to actually pay attention to their own privacy and to the entities violating that privacy?? I am honestly perplexed, outraged on your behalf, and frankly, wishing there was a privacy cattle prod that someone with integrity could wield as rampantly as the government wields surveillance.
Subscribe to:
Comments (Atom)