Next privacy threats: Health, Smartgrid data

When we think about online privacy, most people link their biggest concerns to Internet advertising, especially behaviorally targeted ads.

But two nascent Internet applications--healthcare and smart-grid technologies--could create even bigger threats to our private information, panelists told the Federal Trade Commission today during its privacy workshop.

Doctors offices and hospitals have been told to scrap paper records and start using digital formats to store patient information. But there are not yet standards or guidelines for how that data will be kept safe and secure from marketing companies that collect such tidbits about us to send us ads about, say, a new treatment, drug or facility.

Companies like Intelius, Acxiom and Experian specialize in collecting pieces of information about us from a variety of sources: public records, surveys we've filled out, our LinkedIn profiles. They told the FTC today that any medical information protected under HIPPA laws would not be shared or sold to third parties. They also said information they collect from patients is kept in very general categories--such as diabetes, allergies, etc.--"because the purpose is to get them marketing information about products and services they may or may not have been aware of," said Rick Erwin, president of Experian Marketing Services. (A few of these companies testified on their tactics before subcommittees of the House Energy & Commerce Committee last month.)

However, information patients give up voluntarily--on a pharmaceutical survey, for example--is up for grabs. Pam Dixon, executive director of World Privacy Forum, said such surveys should make it very clear to patients that their information will be used for marketing purposes. And they should be able to revoke their consent for the use of their data at any point.

"I think that unless a consumer is given the delineation of the boxes that they'll be put in and sold in, I don't know that that's a sufficient concept," she said.

Health information won't be the only type of sensitive data as technologies advance. Smart-grid systems will allow us to talk to our appliances and air-conditioners via the Internet so we can control them remotely. In theory, this is supposed to reduce our energy use.

But that also leaves a trail of data about our patterns of electricity use. The grid will be able to learn our schedules, when we cook meals, how high we turn our thermostats in the winter.

Marketers "have grand plans for that data," Dixon said. "Smart-grid is very new. We need standards. The bottom line is that's not self-reported data. That's just a consumer who is just trying to get electricity."

Update (6:02 p.m.): David Vladeck, director of the FTC's Consumer Protection Bureau, weighed in at the end of the day with a few remarks. He said that while companies like Google and Yahoo are taking positive steps to disclose their data-collection processes to consumers (see previous posts), not enough consumers are clicking through to these sites to take advantage of those controls.

Vladeck also said he is concerned about the companies like the ones mentioned above.

"The broker industry is largely unknown and invisible to the consumers," he said. "There's a lot of diversity in the types of information, uses of information and even the rules that apply to how such information and, in some cases, highly sensitive information is managed. This is an issue that may warrant our attention."