Data Brokers Help Spam Chemo Patient With Cremation Services Because That’s How Things Work Now
from the you-look-like-you're-in-the-market-for-a-coffin dept
Every few weeks for the last fifteen years there’s been a massive scandal involving some company, telecom, data broker, or app maker over-collecting your detailed personal location data, failing to secure it, then selling access to that information to any nitwit with a nickel. And despite the added risks this creates in the post-Roe era, we’ve still done little to pass a real privacy law or rein in reckless data brokers.
The latest case in point: 404 Media tells the story of one Connecticut woman who suddenly began getting mail advertisements for cremation services soon after she completed chemotherapy. According to a CT AG report, a data broker somehow inferred that the woman was facing a life-threatening illness, and subsequently decided to add her to a spam list for cremation services to cash in on the knowledge:
“After the woman filed a complaint under the state’s new data privacy law, the attorney general’s office investigated why this happened, and found that a “data broker identified the individual for the marketing list” for the cremation services company. “This matter has brought to light the close interplay between data brokers and data analytics firms in the digital marketing landscape.”
We’ve long noted how data brokers collect vast troves of location, browsing, medical, mental health, and behavioral data from apps, telecoms, smart TVs, and dozens of other devices and services, then use that data to build detailed consumer interest profiles. Companies claim this is ok because the data is “anonymized,” though studies have repeatedly found there’s nothing truly anonymous about the process.
That rampant over-collection and lazy protection of this data has resulted in no shortage of abuse by companies, stalkers, prisons, police, people pretending to be police, and everybody in between.
In this case there was something vaguely resembling accountability only because Connecticut has a state privacy law that the woman filed a complaint under. But even then, the term “accountability” is being generous; the CT AG isn’t revealing the names of the companies, and all the 404 Media report states is that the AG “issued a cure notice” to the cremation services company and is investigating the data broker.
But for every Connecticut, there’s five states that have no meaningful privacy protections for the internet era. And we still have no coherent federal internet-era privacy law. We don’t have these things not because it’s hard to do, but because corrupt state and federal politicians have decided, repeatedly, that making money off of data collection is more important than market health, public safety, or basic human decency.
Filed Under: consumers, data brokers, location data, privacy, security, spam
Comments on “Data Brokers Help Spam Chemo Patient With Cremation Services Because That’s How Things Work Now”
IANAL, but this might actually fall under federal law as well as state due to the sensitive nature of Healthcare and HIPPA disclosures. A potential avenue for a second suit when this one gets dismissed.
May it be the impetus to get actual regulations passed about protecting my data privacy.
#anonforareason
Re:
As long as the data brokers didn’t get access to any medical records, I doubt there’s a HIPAA case there, unfortunately.
Would’ve served the data brokers right, though.
Re: Re:
Someone, somewhere, misbehaved with those medical records. Only so many steps in the chain, starting with the health care provider.
Re: Re: Re:
Not necessarily… some app is tracking the phone location.. oh look… this person is going to a medical office that specializes in cancer treatment. Location data then shows person going from medical office to a local pharmacy. they must be getting treated for something… next stop appears to be a house… that must be where they live… easy enough to figure out who lives there.
As the article states… anonymized date is not that anonymous.
Re: Re: Re:2
You raise a good point. Is the knowledge of the act of you seeking treatment personally for a medical condition personal medical information…
What a convoluted crapshow this companies will protect their users privacy because “reasons” policy the government has caused.
Re: Re: Re:3
It obviously is; but, like insider trading, only certain entities are obliged to protect it. If I sit near you on a bus and overhear a conversation about chemo, or see you get off at the clinic, well, I’m not a coverned entity under HIPAA. Similarly if a friend or family member blabs.
Of course, most people have some sense of discretion when it comes to such matters. People will stop talking to them if they become known as a gossip, whereas no corporation’s really faced serious repurcussions for selling data. People, for example, don’t switch back to cash or to another credit card company when they find their credit card provider’s been betraying them. “Normalization of deviance” is what we call that.
Re: Re: Re:
That’s not a given. As demonstrated by John Oliver in his episode on this subject, data brokers can figure out a LOT of things about you based on your internet habits and location data.
Rewatching the segment, there’s a clip from a news story where they show data that they bought of people with certain illnesses, including cancer.
Re: Re: Re:
You’re wrong. Even if she just used a credit card for her co-pay at the chemo office, that could trigger this data exchange, no medical records involved.
You’re imagining that data exchanges like this are somehow deeply targeted based on truly personal info; they’re not. Hell, this could have been triggered just by location data showing she was in the chemo office.
Re: Re: Re:
HIPAA is pretty specific and doesn’t cover what many people think it does (or what hospitals like to claim it does, when they don’t like someone or a camera or news reporting).
Re: Re:
A person’s diagnosis is known only to their doctor and those to whom they choose to disclose, so what part of this isn’t a HIPAA violation?
But remember, it’s social media that’s the huge threat to privacy and is at the very top of the list of industries that need to be reigned in with regulation…
Re:
Maybe if data brokers were seen to be a threat to children as well, the politicians would pretend to do something about them.
The ad: You might have gone bald but there’s no reason you can’t have that SMOKIN HOT BOD you’ve always wanted
I doubt much will change because it might keep the other hands of the government from sneaking around & slurping up a whole bunch of data that we imagine they need a warrant for.
It’s anonymized, but targeted. Makes perfect sense shut up.
But it is still hard to do.
We get cemetery info for my mother all the time. So what?
If you don’t want it, put it in the recycling bin.
i get all sorts of crap in the mail I simply recycle. Why is it such a big deal.