Data Breach Vulnerability Not Just Due to Technology

About 21.5 Americans’ social security numbers and other sensitive personal information were compromised due to the hack of the U.S. Office of Personnel Management, according to an article posted today on cnn.com.

It seems data breaches have become so common that those unaffected are undocumented workers or Amish.

How did personally identifiable information become so vulnerable? The answer isn’t limited to the technology.

Social Security Administration (public domain) via Wikimedia Commons

Social Security Administration (public domain) via Wikimedia Commons

Our vulnerability is actually the result of a combination of historical, social and economic factors. To improve protection of personal information, it is important to consider how we got here.

A Little History

Before social security numbers were assigned to Americans, identity was simply a person’s name. After spending decades on genealogical research, I can attest to the fact that before the 1900 census, the government asked very little personal information about Americans.

When President Franklin Delano Roosevelt began the Social Security program as a response to the Great Depression, social security numbers were only to be used for the program. Old social security cards indicate that the numbers are “not for identification.” Just check out the Social Security card of Lee Harvey Oswald, who purportedly assassinated President John Fitzgerald Kennedy.

Over time, corporations got away with using social security numbers as identification for multiple purposes. It’s been necessary for obtaining credit or health insurance purposes since at least the mid 1980s. When I started college in 1986, my identity number was my social security number.

I suspect that cell phone numbers will also become a necessary form of identification that will evolve into being used on a “mandatory” basis just like social security cards.

A Generational Divide

Socially, the culture of the United States has changed from one of valuing personal privacy to one of perpetual sharing. “It ain’t none of your business,” was a very common retort when I was growing up.

____________
The vulnerability of Americans’ personal information 
is not just due to technology
getting ahead of us, 
but also to changing values of privacy.
___________

Millennials and younger are less likely to believe privacy is a big deal. This group most fully embraces social media and “sharing” – including Too Much Information (TMI) sharing that was once considered socially impolite. The ramifications of Facebook’s privacy policy might also surprise them. And honestly, I don’t think the younger generations care even though nobody really knows who is “listening.” 

For Americans to begin caring about personal privacy again, enough might have to suffer the consequences of losing (or even sharing) private information. For example, if you knew anyone who suffered through the Great Depression, you might have observed how that generation saved everything “just in case.” Because of the great suffering, Roosevelt got the support necessary to start social security.

But for now, Americans seem more engrossed in Caitlyn Jenner and gender identity issues rather than the ultimate identity issue: someone stealing yours and using it for criminal activity, extortion or even terrorism.

Some of this theft comes from information Americans willingly share on the Internet. Other important data, including financial and medical information, is being breached from the government and corporations. Combine that public information once stored on paper files and the opportunities for harm are endless.

We have already seen ISIS threaten individual military members and their families because Facebook can give a clue to their home and Google Maps will point the way there. Terrorists can certainly do the same to civilians as well.

As a Gen Exer, I was most influenced by the Baby Boomers. They were my younger professors who taught me women’s studies, gay politics and civil liberties. They all stressed that American freedom includes the universal right to privacy for all Americans.

Baby boomer President William Jefferson Clinton, along with Congress, thought protecting personally identifiable health information was a big deal. He was instrumental in passing through the Health Insurance Portability and Accountability Act (HIPAA). (Interestingly, workers’ compensation was excluded from the Act.)

For the majority of Americans, HIPAA is now just part of the pile of papers they need to sign at the doctor’s office. The law was enacted before the rise of Internet commerce and when Baby Boomers and older generations were the majority of the country. Complying with HIPAA only gets ting more difficult as paper medical records are being converted to electronic files.

Then Gen Exer President Barack Obama ushered in the Affordable Care Act, which throws medical privacy out the window. Now the federal government has access to your medical records because health insurers and medical providers are required to share them.

____________

For Americans to begin caring about personal privacy again,
enough might have to suffer the consequences
of losing (or even sharing) private information.
____________

Federal agencies are hardly safe custodians. Just ask the potential 9+ million past and present federal workers and our military whose data is now vulnerable to whoever hacked it.

Further, cyber incidents, including data breaches, are on the rise according to Verizon’s 2015 Data Breach Investigations Report.” Add to that 66 percent of accountable care organizations surveyed last year by the Ponemon Institute, who believe patient privacy risk has grown and do not have great faith in data security.

Conclusion

The vulnerability of Americans’ personal information is not only just due to technology getting ahead of us, but also to changing values of privacy. Looking back to history and considering past policy and social mores provides context for developing ways to promote privacy. I have a few ideas in mind and soon I will share them in a future blog.

4 thoughts on “Data Breach Vulnerability Not Just Due to Technology

  1. annmariecommunicatesinsurance says:

    Thanks Dan! I really want to raise awareness and encourage people to think about how much information they are sharing. Also, forgot to mention, do you remember that during the HIPAA regulatory process workers’ comp was excluded? Wonder if it still is….

    • Daniel Miller says:

      Agree, awareness and education is the key to just about everything.

      Workers Comp was excluded from HIPAA due to the fact that for a claimant to file a claim an insurer or self-insured employer has the right to see any “related” medical records. Claimants cannot have both ways.

      Despite that many MDs and “experts” in HIPAA typically did not know that and would not cooperate. My understanding was that claimants must agree to release of prior medical records in order to receive work comp benefits.

      dan

      Sent from my iPhone

      On Jul 10, 2015, at 4:16 PM, Annmarie Communicates Insurance wrote:

      annmariecommunicatesinsurance commented: “Thanks Dan! I really want to raise awareness and encourage people to think about how much information they are sharing. Also, forgot to mention, do you remember that during the HIPAA regulatory process workers’ comp was excluded? Wonder if it still is….”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s