Local.
Critical
Care, Pulmonary & Sleep Associates in Colorado
has notified 23,377 patients of a privacy incident. Their on-site
notice offers a useful reminder that while bad actors may be seeking
to engage in financial theft or fraud, when files with ePHI are
connected to employee email accounts, patients and HHS may wind up
needing to be notified. And so once again, I ask: why was there so
much ePHI connected to employees’ email accounts? How often does
the entity require its employees to transfer data out of their email
accounts and into more secure storage? And should/could the ePHI be
encrypted while it is sitting in an employee’s email account? Or
am I asking the wrong questions? In any event, here is their
notification:
On November 23, 2018, CCPSA discovered that an unauthorized individual or entity gained access to an employee’s CCPSA email account and used the email address to send phishing emails to individuals in the employee’s electronic contacts seeking fraudulent financial payments.
… CCPSA’s forensic investigation concluded on December 14, 2018 and determined that there was unauthorized access to certain CCPSA accounts between August 14 and November 23, 2018. Importantly, CCPSA’s electronic medical records platform was NOT compromised or accessed by the hacker.
Perspective.
Flood of
Complaints to EU Countries Since Data Law Adopted
… "Citizens
have become more conscious of the importance of data protection and
of their rights," First Vice President Frans Timmermans and
other commission officials said.
"And
they are now exercising these rights, as national Data Protection
Authorities see in their daily work. They have by now received more
than 95,000 complaints from citizens," the joint statement
added.
… The
officials, however, pointed out that Brussels was still waiting for
five member countries to adapt the GDPR to their national
legislation.
The
five are Bulgaria, the Czech Republic, Portugal, Slovenia and Greece,
a European source told AFP on condition of anonymity.
The
GDPR is enforced by national data protection agencies.
The
EU has billed the GDPR as the biggest shake-up of data privacy
regulations since the birth of the web, saying it sets new standards
in the wake of the Facebook data harvesting scandal.
The
law establishes the key principle that individuals must explicitly
grant permission for their data to be used and gives consumers the
"right to know" who is processing their information and
what it will be used for.
People
will be able to block the processing of their data for commercial
reasons and even have data deleted under the "right to be
forgotten".
How GDPR-esque. (Have I just invented a word?)
We even see companies opting out of the market.
Illinois
Supreme Court rules against Six Flags in lawsuit over fingerprint
scans. Here's why Facebook and Google care.
The Illinois Supreme
Court on Friday upheld consumers’ right to sue companies for
collecting data like fingerprint or iris scans without
telling them how it will be used — a ruling that
could have widespread implications for tech giants like Facebook
and Google.
The unanimous ruling came in a lawsuit filed
against Six Flags Entertainment Corp. by the family of a teenager
whose fingerprint data was collected in 2014 when he bought a season
pass to Great America, the company’s Gurnee amusement park. The
lawsuit alleged violation of the 2008 Illinois Biometric Information
Privacy Act, which has gained attention as biometric data are
increasingly used for tasks such as tagging photos on social media
and clocking in at work.
The law requires companies collecting information
such as facial, fingerprint and iris scans to obtain prior
consent from consumers or employees, detailing how they’ll use the
data and how long the records will be kept. It also
allows private citizens to sue, while other states let only the
attorney general bring a lawsuit.
… Defendants in those cases, including
Facebook, have argued that individuals shouldn’t have the right to
sue if no real damage occurred after they handed over their biometric
information. But the state Supreme Court ruled that violation
of the law is damage enough.
… Nest, a maker of
smart thermostats and doorbells, sells a doorbell with a camera that
can recognize visitors by their faces. However, Nest, owned by
Google parent Alphabet, does
not offer that feature in Illinois because of the biometrics law.
(Related) How would a
customer know this system did not use facial recognition?
Now Your
Groceries See You, Too
Walgreens is piloting a new line of “smart
coolers”—fridges equipped with cameras that scan shoppers’
faces and make
inferences on their age and gender. On January 14, the company
announced
its first trial at a store in Chicago in January, and plans to
equip stores in New York and San Francisco with the tech.
Demographic information is key to retail shopping.
Retailers want to know what people are buying, segmenting shoppers
by gender, age, and income (to name a few characteristics) and then
targeting them precisely.
… Crucially, the “Cooler Screens” system
does not use facial recognition. Shoppers aren’t identified when
the fridge cameras scan their face. Instead, the cameras analyze
faces to make inferences about shoppers’ age and gender. First,
the camera takes their
picture, [Does
it ever delete it? Bob] which an AI system will measure
and analyze, say, the width of someone’s eyes, the distance between
their lips and nose, and other micro measurements. From there, the
system can estimate if the person who opened the door is, say, a
woman in her early 20s or a male in his late 50s. It’s
analysis, not recognition.
Perspective.
We analyzed
16,625 papers to figure out where AI is headed next
… The sudden rise and fall of different
techniques has characterized AI research for a long time, he says.
Every decade has seen a heated competition between different ideas.
Then, once in a while, a switch flips, and everyone in the community
converges on a specific one.
At MIT Technology Review, we wanted to visualize
these fits and starts. So we turned to one of the largest
open-source databases of scientific papers, known as the arXiv
(pronounced “archive”). We downloaded the abstracts of all
16,625 papers available in the “artificial intelligence” section
through November 18, 2018, and tracked the words mentioned through
the years to see how the field has evolved.
Through our analysis, we found three major trends:
a shift toward machine learning during the late 1990s and early
2000s, a rise in the popularity of neural networks beginning in the
early 2010s, and growth in reinforcement
learning in the past few years.
Something to run by my students.
We’re
Hiring Technology Writers
Dilbert. This is true AI.
