Social Media inadvertently revealing sensitive relationships and health status

Social media services are available everywhere these days. In many ways they help people communicate, keep in touch with loved ones and generally find out what is happening within communities and the world at large.

However there are also side effects to these services which must be understood and managed.

For example vulnerable people or sensitive relationships should remain private and confidential but in a recent article, Kashmir Hill writing for fusion.net (see references below), highlighted how one social media services used data and metadata about people to violate privacy and confidentiality. Hill recounted how Facebook suggested patients of a a psychiatrists be friends. This relationship should be confidential however Facebook afforded these patients to work out who else were patients of the psychologist in question and potentially able to determine their health concerns.

The concern is that this psychiatrist did not look up or befriend any of her patients on Facebook. Whilst Facebook is secretive about how they determine friend recommendations, the hypothesis is that Facebook used multiple sources of information including geolocation information, phone number, shared friends networks etc.

Metadata, like geolocation can, when combined with other information lead to privacy violations.

Users of social media services are not always given enough informed about what and when metadata is collected and combined and what it is or may be used for. Nor are they clearly informed about who this information is shared with.

But even if they had enough information to make an informed decision users are increasingly becoming overwhelmed with the complexity of information security and privacy controls required to protect themselves. Stanton and his colleagues at the National Institute for Standards and Technology (NIST) in the USA called this “Security Fatigue”.

To help redress the balance various industry bodies across the world are advocating and legislating for increased security and protection for individuals. In Europe the new General Data Protection Legislation has been enacted and in the USA NIST has published various standards including the Cybersecurity Framework for governments and various standards for privacy protection.

At the core is now a believe in giving individuals rights and choices and for organisations to embed "privacy by design" up front with any new product or service being created.

Be interested to hear your thoughts, views and experiences.

Reference:

Hill, K. (2016) Beware: Facebook’s friend recommendations could be exposing your secrets. Available at: http://fusion.net/story/339018/facebook-psychiatrist-privacy-problems/

Stanton, B., Theofanos, M.F., Prettyman, S.S. and Furman, S. (2016) ‘Security fatigue’, IT Professional, (5), pp. 26–32. doi: 10.1109/MITP.2016.84. More info available at: https://www.nist.gov/news-events/news/2016/10/security-fatigue-can-cause-computer-users-feel-hopeless-and-act-recklessly

Comments

Popular posts from this blog

Invading neighbours privacy

Outlook tip for Calendar Management

Editing emails... after sending them