Privacy in a Post-Raw World: What Businesses of All Kinds Should Consider | Dinar Supra

After the US Supreme Court’s decision in Dobbs vs Women’s Health Jackson veto Raw vs. Wadecompanies and organizations that process personal data – including those outside the health or reproductive sphere – play an important role in protecting those who seek reproductive health care.

Why data privacy is the most important in the publication-Ro United State

in anticipation of DobbsSome countries have passed or revived laws that significantly restrict and prohibit access to abortion and reproductive health care. These laws have motivated law enforcement to scrutinize pregnant women and those around them, undermining individuals’ rights to privacy as well as threatening their health and safety. From enabling private citizens to impose (and even take advantage of) abortion restrictions to broad bans on attempts to seek reproductive health care, including restrictions on out-of-state travel to obtain abortion services or drugs, and threats to criminalize anyone who supports or facilitates access to abortion, The intent of these state laws is clear: to identify and punish those who seek abortion care and to intimidate anyone who might consider seeking an abortion.

Avoid misuse of data to identify people seeking or facilitating abortion

Laws attempting to thwart access to abortion allow law enforcement and anti-abortion actors to weaponize the digital personal data that companies collect about employees and consumers — including location information and web browsing history — to prove that someone sought or assisted in the provision of abortion care in violation of those laws. Businesses and organizations, including those outside the health or reproductive sphere, that are concerned with protecting individual privacy and their constituents’ access to reproductive care, can address these issues by considering the following questions:

1. Data collection. What personal data does the company collect? about whom? What can this data reveal about individuals’ reproductive health care decisions and access to abortions?

Health data has a clear link to reproductive issues, but geolocation information, browsing or search history, travel and reimbursement records, and commercial or purchasing records can also reveal efforts to obtain pregnancy or abortion care. Employment records, such as leave or travel compensation (particularly when employers provide financial support for abortion-related travel) can be targets for anti-abortion subpoenas or even orders for emails and other communications. Even personal data that is not normally considered “sensitive” or that is collected for health-related purposes can nonetheless reveal highly sensitive insights into an individual’s reproductive decisions.

2. Data minimization and retention. How much personal data do we collect and for how long do we keep personal data that may reveal information about decisions about health and access to reproductive health care?

Companies can ensure data privacy – and the protection of their employees and consumers – by collecting only personal data they need to achieve their stated goals and retaining personal data only for as long as necessary to fulfill the purposes for which it was originally collected. These basic data privacy practices will prevent those who seek to interfere with access to reproductive care from obtaining that data.

3. Data inferences. What is a business conclusion based on the personal data it collects? What could another person conclude if they had access to this personal data, or were able to combine it with other information?

As indicated in our discussion of data collection above, on the face of it, personal data may not reveal information about pregnancy or miscarriage, but such conclusions can be drawn when multiple data items are combined. And while we might not consider some purchases to be revealing, the Federal Trade Commission (FTC) has noted that data aggregators and brokers often create consumer profiles and draw inferences about them based on places they’ve visited, categorizing health conditions and highlighting consumer status on their website. It’s the Pregnant Parent.

4. Data sharing. Who does the company share personal data with? How will these recipients use the personal data? Will data recipients disclose data to data brokers or will they disclose it? Do we disclose it to data brokers? What is the access of internal actors to the personal data of others? What checks are in place to prevent an internal “bad actor” from compromising the privacy or security of personal data? What processes are in place to prevent “bad third parties” – including business vendors – from compromising data privacy or security?

Contractual restrictions on the recipient’s use of that data may help protect privacy, but it may ultimately be difficult to control where or how personal data ends up being used. Limiting disclosure of personal data, particularly that which discloses or could disclose pregnancy or reproductive care, can help protect privacy. Likewise, internal access controls, audits and monitoring are important data security practices, as are precautions to protect data from hackers and censorship to ensure that vendors, such as cloud storage providers, do not make data vulnerable to unauthorized access.

5. Business offers. How can our products and services be used to reduce access to abortion and health care services? What policies or procedures can we put in place to prevent these uses of our Offers?

Anti-abortion organizations and activists may seek to use technical products and services to target and/or prevent those who have access to health and abortion-related care. For example, Crisis Centers for Pregnancy, which often present as health care centers but maintain anti-abortion agendas, use targeted advertising to identify and target individuals seeking reproductive care. One marketing company sought to combine targeted advertising services and geolocation technology, using location information to identify people who had crossed a digital “fence” to a clinic providing abortion services. The marketing company, Copley Advertising, LLC, marketed this service as enabling anti-abortion groups to deliver anti-abortion messages directly to individuals in clinics via standard targeted advertising technology. (Copley’s presentation led to a settlement with the Massachusetts Attorney General in which he asserted that Copley would not use geolocation technology in or near Massachusetts health care facilities to infer the health status, medical condition, or medical treatment of any individual.) Update terms of service and customer agreements, and internal policies, may limit unintended uses of the company’s technology, products, and services to target abortion care.

as enforcement of the post-Ro Abortion laws begin, and companies and organizations that collect, use and store personal data can expect to receive requests for information related to reproductive care, abortion, and pregnancy. They may also have to provide this type of information through the use of subpoenas, warrants, and other legal processes. (Government entities may also request records and content of communications from service providers under an “emergency” exception that permits production without formal legal process in situations involving the risk of death or serious bodily injury to any person. Under the “fetal character” of some states laws, use of This exception is to create an emergency request for data to prevent abortion.) Some of these requests or requests for information may not disclose efforts to identify those who may be considering, have performed, or assisted in an abortion.

Prepare now by developing and maintaining a robust privacy program that includes best practices and an action plan for responding to requests or data requests that can help employees, consumers, and other stakeholders feel more confident and secure in their personal reproductive decisions.

[View source.]

#Privacy #PostRaw #World #Businesses #Kinds #Dinar #Supra

Leave a Comment

Your email address will not be published.