|
|
|
|
|
|
by chockablock
4230 days ago
|
|
|
HIPAA's not a great example for you to use, since it does in fact limit access to protected information by employees (under a 'minimum necessary' standard) [0]. You can even serve time in federal prison for a violation without disclosing anything [1]. >People who want to control all their data are hoping for a fantasy world where observations and inferences by third parties are magically made impossible. I think you are setting up a straw man here. What I suspect the average user expects is for their sensitive personal data to be dealt with in a professional and respectful way, with protections against abuse by rogue employees. There are plenty of companies who deal with private data and understand this well. Potatolicious had a comment on another Uber thread detailing the hoops an Amazon employee has to go through to get access private customer data [2]. Scrubbing these posts suggests that Uber realizes that they have a real problem, at least at the PR level. I wouldn't be surprised if they are also getting more serious about controls on internal access to ride data. [0] http://www.hhs.gov/ocr/privacy/hipaa/understanding/covereden... [1]
http://dailybruin.com/2010/05/05/former-ucla-medical-center-... [2]
https://news.ycombinator.com/item?id=8624945 |
|
|