Every day, Americans in need reach out for social care services. These can include help with food, transportation, legal issues, clothing, housing, childcare and help paying for utilities. New technology networks are making it easier than ever before to access free and reduced-cost services. Unfortunately, before help can be given, recipients are often forced to navigate dizzying disclosure agreements about what can be done with the data housed in those networks. These agreements are rarely explained in language that is easy to understand. People in need want help, not paperwork. Rather than wade through pages of technical and legal jargon, it’s easier to just click “agree” and get connected.
But that can lead to potentially dangerous results.
Why? Because there is no single, comprehensive law related to data protection and privacy in the U.S. Instead, there are several disparate federal and state laws and regulations that provide a patchwork of some protection, with plenty of gaping cracks in-between.
One major gap is that none of those laws offer Americans protection for their social care data. Increasingly, social care navigators connect people to services using something called a closed-loop referral system (CLRS). When an individual in need is connected to an organization in such a system, they are asked for permission to share their personal data with other social care providers to make sure the individual gets the right help, and quickly.
But because of the proliferation of data, and the lack of uniform protection, nothing guarantees that personal data will stay inside a CLRS.
This means that the personal information that individuals hand over to get the help they need can be seen and accessed by countless others. Personal data, especially at scale, has value. Companies know this and harvest and sell individuals’ social care data for profit.
This is wrong and it must stop. It takes advantage of people at their most vulnerable times. How much personal data is at risk? If an individual asks for social care help, here is some of the data that is typically collected: their address, income, insurance information, whether they are a veteran or cancer survivor, their utility bills, their substance use history, their marriage and home ownership status, and whether they are receiving food assistance.
Where protections do exist, they are confusing. For example, if an individual receives a referral to a food pantry from a hospital, their data is protected. But if an individual seeks their own referral to a food pantry from an online service, their data is not protected.
Unprotected social care data can lead to discrimination and social stigmatization for an individual in need or, worse yet, create a clearly marked trail for someone who wishes to do them harm, such as an estranged spouse or abuser.
Less dangerous but just as insidious, unprotected social care data is a valuable commodity for data brokers.
A 2023 study by Joanne Kim at the Duke University Sanford School of Public Policy surveyed data brokers and found some disturbing results.
Eleven out of the 37 data brokers that were contacted were willing and able to sell the mental health data and healthcare records of individuals.
Ten of the data brokers advertised highly sensitive mental health data on individuals, including those with depression, insomnia and anxiety. The data also included ethnicity, age, gender, ZIP Code, religion, children in the home, marital status, net worth, credit score, date of birth and single-parent status.
One data broker even offered to sell names and addresses of individuals, including those with obsessive-compulsive disorder, personality disorders, and strokes, and included their race and ethnicity.
It’s bad practice, but good business: brokers can charge data licensing fees as high as $100,000.
This practice must end.
It’s time for a federal law that prevents organizations operating within a CLRS from selling or licensing individually identifiable social care information, full stop. Under such a law, they would be restricted to using this data solely for its intended purpose, barring any unauthorized exploitation for secondary purposes. These measures ensure that individuals retain control over their personal information and are not subject to undue surveillance or profiteering.
The need for federal regulation in protecting social care data is undeniable. As technology advances and data collection becomes more pervasive, proactive measures are essential to safeguard individual privacy. By enacting such legislation, we can ensure that personal information remains confidential, empowering individuals to seek the support they need without fear of privacy breaches or exploitation. People will get the help they need, privacy will be protected, and lives may even be saved.
Erine Gray is the Founder and CEO of Findhelp.
Read Full Article »