As employees of the Society, we all share in the important responsibility to ensure that our constituent, employee, and all other collected personal information is secure, so that it can't be used in ways that would cause harm or violate any laws or any of our privacy policies and practices. In this day and age, we know that there is great importance in maintaining the security of the information with which people entrust us – and in keeping our own information private and protected.
- The Health Insurance Portability and Accountability Act of 1996 (better known as HIPAA), which covers access to and the protection of individuals' private health information
- State privacy laws, which require the Society to protect and secure sensitive personal information, including health and financial information, and to notify constituents and/or regulators in the event of a breach.
- The Payment Card Association (PCI), which requires us to follow rules to protect credit card-related information.
The Society's internal policies and procedures are designed to address these and other rules. Also, our Privacy Statement, available on cancer.org, provides specific promises about whom information is collected and stored.
And yet, privacy issues aren't only important in our work lives. Below, our Information Technology and Legal departments offer five important tips we all should follow to protect our own privacy. These tips are a follow up to Data Privacy Day, which aimed to raise awareness of data privacy rights and practices. Take a look!
Tip #1 Read the privacy statement. Privacy statements are used anywhere that data about you are likely to be collected. If you have been to a doctor in the past 10 years, chances are that you had to sign a statement about how the doctor will manage all of the sensitive information collected about you. HIPAA requires the doctor to appropriately secure your protected health information or "PHI."
Similarly, personally identifiable information ("PII") is protected under state and federal laws. When visiting any site that collects personal information, you will see a link to the site's privacy statement – usually at the bottom of the site's page. It is important that you read the privacy statement as it will tell you exactly how the company will collect and treat your information so that you can make an informed decision as to whether you trust them with your information. At the Society, we have lots of restrictions around who can access and use this information; our Privacy Statement is available on cancer.org at the bottom of the page.
Tip #2 Own your online presence. Set the privacy and security settings on web services and devices to your comfort level for information sharing. It's okay to limit how and with whom you share information. Most social media platforms have security and privacy controls which allow you to limit access to any sensitive information you might wish to upload to and through them. Take a look at Facebook's privacy settings as well as LinkedIn's privacy settings, and read this article that covers many different platforms. Remember that what you post can last a lifetime, so be careful about what private information you post on social media. If you do choose to post a picture of your last lab results on Instagram, make sure that set your privacy controls so that not just anybody can read your social security number.
Tip #3 You share even when you don't share. Every time you search online for the best restaurant deal, share good news or bad with your Facebook friends, or tweet to your followers, your "audience" is bigger than you know. That's because your every online move leaves cyber footprints that are rapidly becoming fodder for research without you ever realizing it. Using social media for academic research is accelerating and raising ethical concerns along the way, as vast amounts of information collected by private companies — including Google, Microsoft, Facebook, and Twitter — are giving new insight into all aspects of everyday life. All is not lost, though. A University of Texas-Austin social psychologist says that these big companies are concerned about issues around privacy, and are reluctant to divulge your personal information. Yet that doesn't stop them from selling to advertisers the keywords you use to search so that they can target ads to you.
Tip #4 Keep a clean machine. Here at the Society, our IT department manages a patching schedule for the computer that you use to work. These patches help keep your computer and the software that runs on it up-to-date with the latest features and security updates. What does patching have to do with privacy? Hackers and other "researchers" spend days on end, trying to find weaknesses (or vulnerabilities) in commercial software. Sometimes, these weaknesses will allow a bad actor to sneak into your computer and steal your information and any information that is available on your computer (or phone). These patches are not designed specifically for the Society. Your home computer needs to be patched routinely, too. So does your smartphone. And your internet router. Soon, you will need to patch your refrigerator and microwave, your home lighting, and your daughter's Barbie dolls. For those who own a vehicle with Uconnect, you also have to patch your car. For vehicles and other internet-connected devices, bad guys have been known to take over control of a car while it is moving, stop an insulin pump in a living patient, and turn a Barbie doll into a listening device. Keeping your systems patched is a good way to protect your security and privacy.
Tip # 5 Ransomware, phishing, and other ways your privacy is at risk. Even when you think you are being careful, bad things can still happen. Someone could break in and steal your identity, transfer all of the money from your retirement account, or confiscate all of your files for payment. These things are all preventable if you follow a few simple rules:
- Learn how to tell a fake email from a valid email.
- Don't click on links or attachments in email that you do not expect. Ransomware is one of the more recent attacks, and it relies on the user executing its bad code for it. You do this when you open the attachment that it wants you to open, or by downloading files you don't think that you are downloading when you click malicious links.
- Even if it sounds reasonable, like a message from the UPS about a package, or a request from your boss for some sensitive information, don't believe and act on the request.
- And, no, there is no son/uncle/nephew of the recently deceased uncle/grandfather/business partner who needs your help in transferring loads of currency from Nigeria before the government/church/other family members get their grubby hands on it!
Take all these tips into consideration, and if you'd like to read more about privacy, the following resources are available: