Privacy/protection of service users information

[Aspergers_Aspie]

In the autism charity office where I attend when there is no staff in the office, they lock the office door. But I am wondering, I had an one-to-one appointment with a support worker and he was making notes using his notepad, if that support worker doesn't live alone will my information be safe and secure?

 

[Tired]

I recently attended a lecture as a game designer in the company I work for. At this lecture they were telling us about how we must protect info about our gamer users. How we must all use passwords for our pcs, to protect sensitive information we have on it about our users (their date, age, gender, country, etc, all the info companies collect about you, when you accept their GDPR). But of course no one is doing that here, so literally anyone can enter the building, slip to someone's pc and check/download what is there. The only protection we have are cameras in the building. But if it will stop outsiders, it won't stop workers, who often access pcs of one another to send some items by LAN, mails etc.
So I hope that info about you won't be accessed easy, but that isn't always the case. Sometimes we have to just accept that there isn't many privacy left for any of us, it's more about how we feel about it.

 

[FoxLovinPat]

I recently attended a lecture as a game designer in the company I work for. At this lecture they were telling us about how we must protect info about our gamer users. How we must all use passwords for our pcs, to protect sensitive information we have on it about our users (their date, age, gender, country, etc, all the info companies collect about you, when you accept their GDPR). But of course no one is doing that here, so literally anyone can enter the building, slip to someone's pc and check/download what is there. The only protection we have are cameras in the building. But if it will stop outsiders, it won't stop workers, who often access pcs of one another to send some items by LAN, mails etc.
So I hope that info about you won't be accessed easy, but that isn't always the case. Sometimes we have to just accept that there isn't many privacy left for any of us, it's more about how we feel about it.

Wait what? That's ridiculous and totally unsafe.
And here I thought that it was just standard practice at any company to have passwords to access computers, or at the very least a password to access the more sensitive info on a computer that's typically not locked.

If you don't want to have complex passwords that your employees have to remember you could just do a simple one that's easy to remember too, even if it'd be easier to guess it's better than having no password at all.

Where I work, which is a retail position btw, we have both of the above examples.. we have a simple, easy to remember password for just accessing the computers, and then we all have our own individual 4 digit passwords to get access to the more sensitive info, which includes the info our various customers provide us and also inner company information.
Actually now that I think of it there's additional passwords on top of that, like we have passwords to access the application we use for shipping product out, we have passwords to access emails (I don't have access to that as that's more for management), and probably a few other passwords for other things too.
Heck we have a separate password to access the portable tablets too.

Sure it can be a pain to have to keep track of all those passwords, but one gets the hang of it eventually.

 

[Mary Terry]

In the autism charity office where I attend when there is no staff in the office, they lock the office door. But I am wondering, I had an one-to-one appointment with a support worker and he was making notes using his notepad, if that support worker doesn't live alone will my information be safe and secure?

Ask him pointblank about the degree of and type of cyber security employed by the charity. You're entitled to know that, and the charity is obligated to provide security and to inform you of what it does to protect you.

 

[Tired]

Wait what? That's ridiculous and totally unsafe.
And here I thought that it was just standard practice at any company to have passwords to access computers, or at the very least a password to access the more sensitive info on a computer that's typically not locked.

If you don't want to have complex passwords that your employees have to remember you could just do a simple one that's easy to remember too, even if it'd be easier to guess it's better than having no password at all.

Where I work, which is a retail position btw, we have both of the above examples.. we have a simple, easy to remember password for just accessing the computers, and then we all have our own individual 4 digit passwords to get access to the more sensitive info, which includes the info our various customers provide us and also inner company information.
Actually now that I think of it there's additional passwords on top of that, like we have passwords to access the application we use for shipping product out, we have passwords to access emails (I don't have access to that as that's more for management), and probably a few other passwords for other things too.
Heck we have a separate password to access the portable tablets too.

Sure it can be a pain to have to keep track of all those passwords, but one gets the hang of it eventually.

I guess you don't live in Serbia haha

 

[Judge]

In the autism charity office where I attend when there is no staff in the office, they lock the office door. But I am wondering, I had an one-to-one appointment with a support worker and he was making notes using his notepad, if that support worker doesn't live alone will my information be safe and secure?

In this day and age, virtually any expectation your data is "safe and secure" is tragically an unreasonable one.

Forget considerations of the lowest-to-none when it comes to cybersecurity. Think of how many technologically sophisticated institutions get hacked not every day, but every so many seconds.

And it's totally out of control, with government and law enforcement far behind the curve.

 

[FoxLovinPat]

In this day and age, virtually any expectation your data is "safe and secure" is tragically an unreasonable one.

Forget considerations of the lowest-to-none when it comes to cybersecurity. Think of how many technologically sophisticated institutions get hacked not every day, but every so many seconds.

That's very true unfortunately.
Not to mention all the ad companies harvesting your data for their targeted ad campaigns, and companies willing giving your data to said companies.

I'm pretty sure that I stump the targeted advertisement algorithms seeing as the ads I get aren't all that targeted towards me and tend to be way off, as they try and sell me things I have no interest in.
Though even if they were more targeted towards me, it wouldn't work because I'm not an impulse buyer, I only buy what I need for the most part.

 

[Peter Morrison]

Thinking that anyone could read my medical files gives me some anxiety. It isn't the information that I fear would be inappropriate, but the simple fact of feeling as if your house had been broken into and the thief can't be caught. It makes you feel very vulnerable. Very personal information is sought by cyber crooks and marketing directors everywhere in the world. I believe that Siri listens to all of my conversations. Ads and apps seem to spring to life on my phone - each related to the topic of conversation. I'm trying not to make myself paranoid, but marketing gurus want every detail of your life. They will never stop, neither will the cyber crooks. We still have to rely on the responsibility of those professionals who are trying to help us.

 

[Au Naturel]

In the autism charity office where I attend when there is no staff in the office, they lock the office door. But I am wondering, I had an one-to-one appointment with a support worker and he was making notes using his notepad, if that support worker doesn't live alone will my information be safe and secure?

I don't know about your location but in the States that would be covered by HIPPA regulations.

Summary of the HIPAA Privacy Rule

Summary of the HIPAA Privacy Rule

www.hhs.gov

Was it his personal notepad or was it one that belongs to the organization?

 

[Hypnalis]

Speaking as an IT guy with a good understanding of how information is protected in practice, I can confirm that assuming it's ever handled probably is very unwise.

This isn't because it's impossible. It's because hardly anyone tries to do it properly.

There are so ne laws. If you're in the US you should do as Au Natural suggests above, and look at HIPAA.
It's healthcare only, but for us that's one of the most important.

The EU has something too. Start at GDPR, but look for Healthcare-specific laws.

But those laws, while they give individuals some leverage, are rarely followed effectively, especially by smaller organizations. For example I've never worked in a company where they were serious about blocking their own IT staff's access to sensitive information.

It's not easy to steal money (companies protect that quite well), but personal information is another matter.
And as others have mentioned, there's a large, legal, partly hidden infrastructure for correlating, buying, and selling personal information.

What can you do? Frankly, not much. As usual, people raised these questions at the correct time, and were ignored.
Yet another "Pandora's Box" was opened.
Why? Your Government does not want you to have true privacy, and doesn't care what it costs to block that.

The endgame? Just watch China - they're 10 years ahead, and will probably stay there for a while.

Meanwhile, don't share secrets or weaknesses with your healthcare providers. Lie about anything that needs to be protected.
Don't want to? Your choice of course. But make it an informed choice. You cannot recall information that's been stolen and sold on.

 

[Outdated]

Privacy protection has been a hot topic in Australia for a few years now. We've had laws and policies in place for quite a long time but getting companies to comply is a different matter. I think that will change soon.

We've had major network breaches in a large private health insurer and a large phone and internet service provider, both of them found guilty and fined for failing to comply with legal requirements designed to protect information. In both cases the fines were of less than $2million.

That has been deemed entirely inadequate, for companies of that size $2million is pocket change. We're now looking at introducing a sliding scale of fines, the more a company is worth the more it will have to pay, and that scale is going to be high enough to cause companies real financial stress.

The era of corporate protectionism is ending, we think it's going to take a few companies being sent to the wall before any real change starts to happen. Repeat offenders should receive penalties high enough to put them out of business, thereby preventing further repeats.

 

[WhitewaterWoman]

I don't know about your location but in the States that would be covered by HIPPA regulations.

Summary of the HIPAA Privacy Rule

Summary of the HIPAA Privacy Rule

www.hhs.gov

Was it his personal notepad or was it one that belongs to the organization?

In my state, many health services are privatized and most do not comply with Hipaa. For one thing, they don’t understand the law. For another it is too bleeping expensive for a small company to comply with. And finally, too many people are just careless with the information.

I know all this because I was a small company trying to follow hipaa and getting barriers thrown up by other providers all the time. Hipaa requires me to have proof that any company I legitimately send protected information to, also protects information. I could not get this out of anyone.

For example, by statute I have to send service authorizations to provider companies. In order to comply with that statute, I had to violate hipaa because that provider would not send me the proof of hipaa compliance.

In the end, I had to spend thousands on hipaa insurance.

 

[Outdated]

For example, by statute I have to send service authorizations to provider companies. In order to comply with that statute, I had to violate hipaa because that provider would not send me the proof of hipaa compliance.

That's exactly the type of issue we're trying to work out how to deal with now, the only real way I can see of fixing the problem is be enforcing compliance across the board. I think a sliding scale of fines will be much better for small businesses too who's occasional infractions are less likely to have such a big impact on society as a whole.

 

[Judge]

The era of corporate protectionism is ending, we think it's going to take a few companies being sent to the wall before any real change starts to happen. Repeat offenders should receive penalties high enough to put them out of business, thereby preventing further repeats.

If you follow the likes of the European Union's court system, you'll find that such entities as "repeat offenders" are actually what their economists would refer to as a "revenue stream".

"Too big to fail" entities which will likely survive any and all punitive measures against them, yet providing huge amounts of revenue where taxpayers are not so likely to make up the difference.

Where the EU doesn't actually attempt to put any of them out of business, and where the penalties while quite high, continue to be paid and factored into their balance sheets.

- Ensuring those further "repeats".

Meanwhile those same entities appear to get away with murder in the US in comparison. Though presently some of us are glib about Adobe being prosecuted at the moment. But they're just another case of "too big to fail" as well.

FTC Takes Action Against Adobe and Executives for Hiding Fees, Preventing Consumers from Easily Cancelling Software Subscriptions

The Federal Trade Commission is taking action against software maker Adobe and two of its executives, Maninder Sawhney and David Wadhwani, for deceiving consumers by hiding the early terminati

www.ftc.gov

 

[Outdated]

If you follow the likes of the European Union's court system, you'll find that such entities as "repeat offenders" are actually what their economists would refer to as a "revenue stream".

That has happened a lot in the past but the people are starting to get fed up with it in all sorts of areas. We have encouraged strong competition in all areas for more than 30 years now and we no longer have any entities that are really too big to fail, their loss will cause a bit of pain but not total devastation.

And I just noticed a new bill being proposed in the South Australian parliament, if passed it will ban all political parties from accepting donations and all politicians will also have to make their personal investment portfolios viewable to the public.

If we keep going like this then maybe in another 50 years we'll have something approaching a democracy.

 

[Judge]

We have encouraged strong competition in all areas for more than 30 years now and we no longer have any entities that are really too big to fail, their loss will cause a bit of pain but not total devastation.

Unless of course it is China waiting in the wings to fill such a marketplace vacuum. Which might not be so greedy compared to all those American multinational corporations so quick to enhance their shareholder equity.

Would be amusing to see the US government intervene on behalf of Australia in that sense...lol.

Stranger things have happened before....

 

[Outdated]

Unless of course it is China waiting in the wings to fill such a marketplace vacuum. Which might not be so greedy compared to all those American multinational corporations so quick to enhance their shareholder equity.

Oh they're greedy alright, we've just had to introduce a few restrictions in to our foreign investment policies because they were a little bit too slack. Chinese investors were using the Australian housing market as a monster money laundering scheme and that has been partly blamed for the growing homelessness problems here too.

 

[Judge]

Oh they're greedy alright, we've just had to introduce a few restrictions in to our foreign investment policies because they were a little bit too slack. Chinese investors were using the Australian housing market as a monster money laundering scheme and that has been partly blamed for the growing homelessness problems here too.

LOL...yeah, their private sector has quite a spin on it in that sense. Not just a thriving white economy, but a very black economy like Russia as well.

Puts a real spin on allegedly "legitimate" business undertakings.

 

[Outdated]

Not just a thriving white economy, but a very black economy like Russia as well.

And governments that are happy to sign on criminal gangs as subcontractors. Big kick up and stink here about that at the moment, we hacked the hackers that keep attacking Aussie businesses. Yes it's criminal gangs, but they are in the employ of the Chinese government. Same deal in Russia.

China got a bit snippy when we released our findings at the NATO summit.