Saturday, January 26, 2019

Local.
Critical Care, Pulmonary & Sleep Associates in Colorado has notified 23,377 patients of a privacy incident. Their on-site notice offers a useful reminder that while bad actors may be seeking to engage in financial theft or fraud, when files with ePHI are connected to employee email accounts, patients and HHS may wind up needing to be notified. And so once again, I ask: why was there so much ePHI connected to employees’ email accounts? How often does the entity require its employees to transfer data out of their email accounts and into more secure storage? And should/could the ePHI be encrypted while it is sitting in an employee’s email account? Or am I asking the wrong questions? In any event, here is their notification:
On November 23, 2018, CCPSA discovered that an unauthorized individual or entity gained access to an employee’s CCPSA email account and used the email address to send phishing emails to individuals in the employee’s electronic contacts seeking fraudulent financial payments.
… CCPSA’s forensic investigation concluded on December 14, 2018 and determined that there was unauthorized access to certain CCPSA accounts between August 14 and November 23, 2018. Importantly, CCPSA’s electronic medical records platform was NOT compromised or accessed by the hacker.




Perspective.
Flood of Complaints to EU Countries Since Data Law Adopted
"Citizens have become more conscious of the importance of data protection and of their rights," First Vice President Frans Timmermans and other commission officials said.
"And they are now exercising these rights, as national Data Protection Authorities see in their daily work. They have by now received more than 95,000 complaints from citizens," the joint statement added.
The officials, however, pointed out that Brussels was still waiting for five member countries to adapt the GDPR to their national legislation.
The five are Bulgaria, the Czech Republic, Portugal, Slovenia and Greece, a European source told AFP on condition of anonymity.
The GDPR is enforced by national data protection agencies.
The EU has billed the GDPR as the biggest shake-up of data privacy regulations since the birth of the web, saying it sets new standards in the wake of the Facebook data harvesting scandal.
The law establishes the key principle that individuals must explicitly grant permission for their data to be used and gives consumers the "right to know" who is processing their information and what it will be used for.
People will be able to block the processing of their data for commercial reasons and even have data deleted under the "right to be forgotten".




How GDPR-esque. (Have I just invented a word?) We even see companies opting out of the market.
Illinois Supreme Court rules against Six Flags in lawsuit over fingerprint scans. Here's why Facebook and Google care.
The Illinois Supreme Court on Friday upheld consumers’ right to sue companies for collecting data like fingerprint or iris scans without telling them how it will be used — a ruling that could have widespread implications for tech giants like Facebook and Google.
The unanimous ruling came in a lawsuit filed against Six Flags Entertainment Corp. by the family of a teenager whose fingerprint data was collected in 2014 when he bought a season pass to Great America, the company’s Gurnee amusement park. The lawsuit alleged violation of the 2008 Illinois Biometric Information Privacy Act, which has gained attention as biometric data are increasingly used for tasks such as tagging photos on social media and clocking in at work.
The law requires companies collecting information such as facial, fingerprint and iris scans to obtain prior consent from consumers or employees, detailing how they’ll use the data and how long the records will be kept. It also allows private citizens to sue, while other states let only the attorney general bring a lawsuit.
… Defendants in those cases, including Facebook, have argued that individuals shouldn’t have the right to sue if no real damage occurred after they handed over their biometric information. But the state Supreme Court ruled that violation of the law is damage enough.
… Nest, a maker of smart thermostats and doorbells, sells a doorbell with a camera that can recognize visitors by their faces. However, Nest, owned by Google parent Alphabet, does not offer that feature in Illinois because of the biometrics law.


(Related) How would a customer know this system did not use facial recognition?
Now Your Groceries See You, Too
Walgreens is piloting a new line of “smart coolers”—fridges equipped with cameras that scan shoppers’ faces and make inferences on their age and gender. On January 14, the company announced its first trial at a store in Chicago in January, and plans to equip stores in New York and San Francisco with the tech.
Demographic information is key to retail shopping. Retailers want to know what people are buying, segmenting shoppers by gender, age, and income (to name a few characteristics) and then targeting them precisely.
… Crucially, the “Cooler Screens” system does not use facial recognition. Shoppers aren’t identified when the fridge cameras scan their face. Instead, the cameras analyze faces to make inferences about shoppers’ age and gender. First, the camera takes their picture, [Does it ever delete it? Bob] which an AI system will measure and analyze, say, the width of someone’s eyes, the distance between their lips and nose, and other micro measurements. From there, the system can estimate if the person who opened the door is, say, a woman in her early 20s or a male in his late 50s. It’s analysis, not recognition.




Perspective.
We analyzed 16,625 papers to figure out where AI is headed next
… The sudden rise and fall of different techniques has characterized AI research for a long time, he says. Every decade has seen a heated competition between different ideas. Then, once in a while, a switch flips, and everyone in the community converges on a specific one.
At MIT Technology Review, we wanted to visualize these fits and starts. So we turned to one of the largest open-source databases of scientific papers, known as the arXiv (pronounced “archive”). We downloaded the abstracts of all 16,625 papers available in the “artificial intelligence” section through November 18, 2018, and tracked the words mentioned through the years to see how the field has evolved.
Through our analysis, we found three major trends: a shift toward machine learning during the late 1990s and early 2000s, a rise in the popularity of neural networks beginning in the early 2010s, and growth in reinforcement learning in the past few years.




Something to run by my students.
We’re Hiring Technology Writers




Dilbert. This is true AI.


No comments: