Interesting People mailing list archives
Re MASSIVE ethical failure and privacy violation by Dropbox
From: "DAVID FARBER" <dfarber () me com>
Date: Thu, 26 Jul 2018 02:21:15 +0900
Begin forwarded message:
From: Peter Swire <peter () peterswire net> Date: July 26, 2018 at 12:59:56 AM GMT+9 To: "dave () farber net" <dave () farber net> Cc: ip <ip () listbox com> Subject: Re: [IP] MASSIVE ethical failure and privacy violation by Dropbox Dave: The facts reported in Wired do not appear to support the conclusion of MASSiVE ethical failure. According to the article: 1. The data was de-identified before it went to the researchers. 2. Quasi-identifiers were put into ranges, rather than being reported with individual values. 3. The researchers who received the de-identified data signed a confidentiality agreement. U.S. law from the FTC and HHS, has supported the lawfulness of doing research on de-identified data when both technical and administrative controls of this sort are in place. Specifically, HIPAA does not require or expect individual consent or IRB approval when the data had been properly de-identified. An overall judgment of the sufficiency of the technical and administrative controls would require more detail than Wired reports. Based on the reporting, however, it is not clear in what respect Dropbox varied from common good practice, even if the data were sensitive health data covered by HIPAA. Peter Peter Swire Ph: 240-994-4142 www.peterswire.net Sent from phone: apologies for brevity and typos.On Jul 24, 2018, at 9:04 PM, Dave Farber <farber () gmail com> wrote: Begin forwarded message:From: Lauren Weinstein <lauren () vortex com> Date: July 25, 2018 at 9:38:08 AM GMT+9 To: nnsquad () nnsquad org Subject: [ NNSquad ] MASSIVE ethical failure and privacy violation by Dropbox MASSIVE ethical failure and privacy violation by Dropbox https://www.wired.com/story/dropbox-sharing-data-study-ethics/ But it still appears this research was conducted without the express consent of the thousands of customers whose information Dropbox and the researchers accessed (the HBR article originally suggested that 400,000 users' data was analyzed, while Dropbox says that the study dealt with data from 16,000 customers). Late Tuesday HBR added a second editors' note indicating that the researchers started with information on 400,000 "unique users" but pared the data set down to 16,000 after incorporating data from Web of Science. HBR editors also updated the article to indicate that it wasn't 1,000 universities that were included, but rather 1,000 separate departments. Informed consent, one of the cornerstones of academic research, is one of the things that got Facebook in so much trouble back in 2014 ... - - - --Lauren--This message was sent to the list address and trashed, but can be found online.
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915 Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-a538de84&post_id=20180725132125:269B00A8-902F-11E8-8298-BCE6D7E91697 Powered by Listbox: https://www.listbox.com
Current thread:
- Re MASSIVE ethical failure and privacy violation by Dropbox DAVID FARBER (Jul 25)