Do You Own Your Personal Data? | HIPAA Training
Who Actually Owns "Your Personal Data?
Unfortunately, there is no simple answer to the question of who owns your personal data. The answer can be impacted by what specific type of personal data we are talking about, as well as the ever-changing landscape related to data privacy and security in the U.S. This uncertain footing is understandably causing widespread concern among Americans. However, at this juncture, there is little that can be done on a personal level other than understanding what legal protections you have or don't have in terms of data protection, as well as what you can do to protect your data.
What Is Data Ownership?
Data ownership refers to what person or entity has entitlement to data. Depending on the data in question, this could involve the entitlement to access, share, alter, store, or utilize data to various degrees. With the relatively loose, patchwork regulations currently in place regarding data ownership and security, corporations often have shared ownership of your personal data, with little legal liability in the event of data loss or breach.
Why the Commodification of Data May Demand Different Rules
However, many think that the entire concept of treating personal data as property in the same sense as we do physical objects is a faulty premise from the start. It fails to consider the far-reaching implications that arise from the need and convenience of data sharing in combination with human rights regarding autonomy and privacy. By deeming data "property that can be owned, private citizens may be taken advantage of by companies that can highly incentivize them to share that data. Viewed from this perspective, personal data should not be commodified any more than any other aspect of your personal life should be. Determining how data is categorized in a legal sense and subsequent regulation is incredibly pressing, considering the mounting value of data, as well the unprecedented access that various entities have to our personal data. Personal data in the modern day has lucrative applications ranging from marketing to the development of artificial intelligence. As such, entities that have a vested interest in these industries are highly incentivized to mine data, and to lobby for their right to continue to do so legally. For example, while tech giants Google and Facebook publicly express support for a federal privacy law, they are expected to oppose any regulatory methods that would limit their data collection efforts or their ability to sell that data to third parties.
What Personal Information Is Available?
While some personal information, such as your Social Security number, is stored by public authorities for good reason, more of your personal information than you realize is likely easily accessible online. Much of this information is made available through background check websites that are beholden to few regulations, as well as voluntary disclosure on your part when signing up for use of a platform.
What Data Can Be Legally Shared?
Despite the aforementioned loose regulations, not all data can be shared legally. Certain information, such as medical records, are protected by stricter regulations, like HIPAA (the Health Insurance Portability and Accountability Act). However, even data that is illegal to share can be obtained, sold, and spread by external, malicious groups; and, in such an event, there are often few, viable legal avenues to hold the breached entity accountable for their failure to protect the data. Therefore, it is important to be on the defensive when it comes to protecting your personal information.
What Protects Personal Data?
While laws and regulations regarding data privacy are sparse in many ways, there are some clear legal protections. As it stands, there are no generalized data privacy laws on the federal level in the United States. However, some laws apply to specific types of data. In the context of healthcare, HIPAA governs both patients and medical providers concerning personal information, including identification details as well as medical records. However, not all industries or data-heavy sectors have similarly robust or detailed regulations.
How to Protect Your Personal Data
Although there is a lack of comprehensive regulation regarding data privacy in the United States, there are many steps you can take on an individual level to protect your personal information.
Know Your Rights
To better understand your rights regarding privacy protection, you can take the following steps:
- Research state- and county-level laws and regulations such as the California Consumer Privacy Act when applicable;
- Be aware of common regulation violations and steps you can take to avoid them;
- Research industry-specific rules and regulations such as HIPAA when applicable;
- Read user agreements and privacy policies thoroughly;
- Ask questions about privacy and security policies whenever you share personal information with a business or organization;
- Stay up-to-date on the legal landscape regarding data privacy and security.
Limit Access to Your Information
Although keeping up with legal minutiae can feel daunting, you can also protect your information by simply limiting how often and in what manner you share your personal information. You can do this by taking the following steps:
- Limit the websites and companies that you share your information with.
- Limit how much information you share when you need to.
- Do not allow unnecessary permissions to mobile apps.
- Be careful of what you post publicly.
Follow Cybersecurity Best Practices
To avoid theft of your information, you should always follow basic cybersecurity best practices, including:
- Using password protection;
- Encrypting your data;
- Securing your Wi-Fi;
- Updating your software regularly;
- Being wary of scams;
- Utilizing virus protection;
- Keeping an eye on your devices;
- Backing up your data.
While personal efforts to protect your personal data will not solve the sticky issue of data ownership, they can help you keep your data secure while this issue is still up in the air.