As the novel coronavirus pushes governments and businesses to extraordinary protection measures, seemingly overnight, a new victim may be emerging: privacy.
Such a concern may seem superfluous amid a pandemic that has claimed tens of thousands of U.S. lives, sickened more than half a million, and turned a booming economy on its head. But ignoring reasonable limits — and the potential ramifications — could sacrifice privacy rights in a way some say poses many risks.
Smartphones, health privacy protections, and online meetings are three key areas to watch. Even if certain privacy rules are loosened now, that doesn’t mean they’re gone; as we’ve said before, awareness of your rights helps you protect them. If you think your rights have been violated, we offer free consultations. In more than 25 years litigating fraud and employment cases, the lawyers at Keller Grover have recovered hundreds of millions of dollars for clients and class members.
That Vulnerable Privacy, Your Internet Use
As businesses have scrambled to establish virtual offices, they’ve leaned heavily on videoconferencing tools such as Zoom. The service reportedly catapulted from 10 million users in December to 200 million in March.
But even as its growth surges, Zoom has fielded criticism for sharing personal information from videoconferences with third parties such as Facebook (Zoom now says this sharing has stopped, though prior versions of the app may still share the data). A class-action lawsuit in California, based on the state’s Consumer Privacy Act, accuses Zoom of not notifying users about the information use and of not having sufficient security measures. Another putative class-action suit in California targets Facebook and LinkedIn for using personal information from Zoom to improve revenues — including allegedly recording and “eavesdropping” on private conversations to harvest valuable data. An investor lawsuit adds to the list of legal woes Zoom suddenly faces.
Hackers haven’t been far behind in targeting Zoom.
For example, Milwaukee election commissioners met via Zoom on April 12 to discuss delayed absentee ballots — a key issue in a state that went ahead with its primary election amid a pandemic. But hackers took over the meeting, posting pornography and offensive language. The hackers reportedly did so to demonstrate the vulnerability of Zoom meetings. Similar accounts of “Zoombombing” have been widely reported.
The Chicago Tribune offers tips from the FBI, Zoom and other experts to prevent your next Zoom meeting from being hacked:
- Keep meetings private by requiring a meeting password; the “Waiting Room” feature lets hosts control participants.
- Avoid sharing Zoom invites on social media, opting instead to email meeting passwords directly.
- A random meeting ID, as opposed to a personal meeting ID, is safer because it can’t be shared multiple times.
- Lock a Zoom session by clicking “Participants,” then “Lock Meeting.” Then no one else can join.
- Using the screensharing setting, “Only Host,” means the host controls the screen and can mute participants.
- To remove a participant, hover over the name in the Participants menu and click the “Remove” option.
- Keep Zoom updated to get the latest security measures.
That Given Privacy, Your Medical Information
Health information privacy typically is held sacred. But the government has said that, during the pandemic, it will waive certain sanctions and penalties related to HIPAA health privacy requirements. Violations it won’t penalize include:
- Requirements to get a patient’s approval to talk with family members or others involved with the patient’s care.
- The requirement to honor a request to opt out of a facility directory.
- The requirement to give privacy practices notices.
- The patient’s right to ask for privacy restrictions.
- The patient’s right to ask for confidential communications.
The government also reminded that patients’ health information may be shared as necessary to treat patients or to guard public health, among other things.
These regulations took effect March 15. The policies have evolved and expanded as the crisis has intensified.
Since then, the government has added that it won’t impose penalties related to good-faith telehealth efforts or for disclosing health information related to the COVID-19 public health emergency. And late last week, the government announced that it would not impose penalties for violations of the HIPAA Rules tied to good-faith participation in COVID-19 testing sites.
That Ubiquitous Appendage, the Smartphone
Seeking 21st century tools to battle coronavirus, government officials have talked with representatives of major tech companies — Facebook pops up again here, along with companies like Apple, Amazon, and Google — about the potential of using smartphone data to track people’s movements and thus trace out the spread of the virus responsible for COVID-19. It’s efficient, thorough and accessible. In the dim present, with many Americans unsettled, fearful, and desperate to escape quarantine, we may eagerly welcome such solutions.
But in our zest for a return to some semblance of normal life, it’s important to ask questions. Where is the line? How can we guarantee that such data would remain anonymous? What tools would ensure that government tracking stuck to anonymous location data, and didn’t drift into photos, browser history, apps, contacts or calls? And, perhaps most crucially, what would happen with these practices once the pandemic subsides — would they stop, or does this become a slippery slope?
This issue, like many others, still is unfolding. Keep watching, and reach out to us if you need an advocate.
Related: