With smartphones in the hands of virtually anyone in the U.S. who wants one, they’re part of the background of our lives, quiet, surprisingly powerful assistants that bring much of the modern world into our hands.
But as a new investigation by The New York Times reminds us, they also generate a staggering amount of data on their users’ habits, some of which theoretically could be used to identify patients, dig up private personal information and track their comings and goings. This is bad news for the healthcare industry given that consumers aren’t so sure we’re doing a good job protecting their privacy as it is.
Smartphones generate a stream of location pings that identify where consumers are as long as the phone is still on and service is active. This data is then pulled together by private location data companies, whose methods for collecting such information include partnering with developers of popular apps to insert their tracking software.
The investigation found that consumers aren’t always aware of the fact that such data is being collected. In some cases, location data companies get consumers’ consent using a single pop-up screen, and sometimes the consent screens didn’t state that the data would be shared with third parties.
Nonetheless, it’s common for such vendors to sell and trade such data with a range of other entities, including advertising companies, financial institutions and real estate investment firms. When users tie the data to a mobile advertising ID, which often happens, they can merge the location data with other data on our habits, preferences and travels, the Times researchers found.
To conduct its research into the nature of location data, the Times collected more than 50 billion location pings generated by more than 12 million cellphones covering major U.S cities like New York, Washington, San Francisco, Los Angeles and Seattle. Each ping includes the precise location of a given smartphone over a period of months in 2016 and 2017.
In its raw state, the data is anonymized, including no names, phone numbers or email addresses, but this doesn’t offer much protection to users. In fact, in many cases Times researchers were able to blow past that obstacle relatively easily by examining specific users’ home and work locations, then cross-referencing them with public records and social media info.
It almost can’t be overstated what kind of privacy threat location tracking could pose for patients. Few of us would tolerate having our healthcare-related movements tracked, even if they’re relatively mundane. And what if we’re visiting or bringing family or friends to more sensitive locations, such as a psychiatric hospital or AIDS clinic? The potential for harm is nearly infinite.
If you weren’t aware of this threat, you may well want to give the Times piece a close reading. If nothing else, it should give you pause, and encourage you to see what kind of data the apps used by your staff, patients, vendors and partners are gathering. This is not the type of vulnerability you want to discover after the damage has already been done.