Privacy in an Emergency

From MgmtWiki
Revision as of 11:56, 30 March 2020 by Tom (talk | contribs) (References)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Full Title or Meme

While some Privacy must be surrendered in an emergency, a little forethought will limit the exposure that results.


  • Emergency can be categorized in two for the purposes of this wiki page.
  1. Every day emergency where life or property can be dealt with one case at a time.
  2. National, or lager emergency, where life or property is under immediate and unexpected assault.


Specific Use Cases

  • The UK government approached the mobile phone and tech firms with large social graphs.[1] What could possibly go wrong?
  • South Korea’s (and other's) government is using cellphone data to create live maps of COVID-19-infected people. In Israel, the controversial NSO Group is reportedly working on an app for monitoring the virus’ spread.[2]
  • The coronavirus pandemic is creating a lucrative market for facial recognition manufacturers. But privacy issues need to be top of mind, tech experts warn.[3]
  • An Israeli technology company, which has gained notoriety for the spyware it sells, has developed a new product it says has the ability to track the spread of the coronavirus. NSO Group Ltd.’s product analyzes huge volumes of data to map people’s movements to identify who they’ve come in contact with, which can then be used to stop the spread of infection, according to a person familiar with the matter[4]
  • Telehealth is just one example of how privacy controls get deferred during emergencies. In some cases these relaxations never get returned to pre-emergency conditions. The following example is from the US HHS. "Under this Notice, covered health care providers may use popular applications that allow for video chats, including Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, or Skype, to provide telehealth without risk that OCR might seek to impose a penalty for noncompliance with the HIPAA Rules related to the good faith provision of telehealth during the COVID-19 nationwide public health emergency. Providers are encouraged to notify patients that these third-party applications potentially introduce privacy risks, and providers should enable all available encryption and privacy modes when using such applications. " [5]
  • Often regulations on privacy get in the way. For months, Seattleites had been volunteering swabs of their nasal cavity as part of a one-of-a-kind study to track the spread of flu throughout the city. The same type of sample is what’s needed to test for COVID-19. Since the study began late last year, nearly 2,500 samples had been collected. Now researchers are involved in a controversy following a New York Times story that makes the claim that samples were tested for COVID-19 against federal and state guidelines. Legally they were not licensed to perform COVID-19 tests, but they were able to notify users of changes. Seattle Flu decided to tell the participants what they found, whether that was legal or not. They could not report the results to public health officials[6] as they had not thought to ask the user's consent for an epidemic.


  • Given the seriousness of the pandemic, we should use personal data to help us track coronavirus infections and alert people who are at risk. But it would be a grave mistake to throw all of our data at the problem without considering the potential long-term privacy risks. Ideally, people’s location and health information would be shared with a trusted third party for these purposes on an opt-in basis. For the most part, Google maps and the cell phone companies don’t need our permission to analyze our location data, but an opt-in program or app would help reassure people that their privacy preferences were being respected. Most important, every effort should be made to respect the privacy and anonymity of infected individuals. If my location data shows I have been in close contact with someone infected, I don’t need to know that person’s age or gender or where I came into contact with him or her — I just need to know that I have an increased risk of infection unlike the solution deployed in South Korea that exposed too much personal information.[7]


  1. Shona Ghosh, Privacy activists fear the UK might spy on its own citizens to tackle COVID-19. Here's what we know. Business Insider (2020-03-26) Privacy activists fear the UK might spy on its own citizens to tackle COVID-19. Here's what we know.
  2. 11 countries are now using people's phones to track the coronavirus pandemic, and it heralds a massive increase in surveillance Business Insider (2020-03-26)
  3. Lindsey O'Donnel Covid-19 Spurs Facial Recognition Tracking, Privacy Fears (2020-03-20) ThreatPost
  4. Gwen Ackerman and Yaacov BenmelehIsraeli Spyware Firm Wants to Track Data to Stop Coronavirus Spreading Bloomberg (2020-03-17)
  5. HHS Office of Civil Rights, Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency (2020-02-20)
  6. Matt Markovich, Seattle Flu Study researchers defy federal, state guidelines to 'save lives Komo News (2020-03-11)
  7. Josephine Wolff, How to (Carefully) Use Tech to Contain the Coronavirus

Other Material