Blog
← Back to Blog
July 04, 2018 general

Independence Day 2018: Your Digital Rights and How to Exercise Them

Digital rights and privacy concept Fireworks and freedom celebration

Happy Fourth of July! This year, independence has a digital dimension. Between GDPR, the Cambridge Analytica scandal, and growing awareness of how much data companies collect about us, 2018 is the year data rights went mainstream.

As both business owners and individuals, understanding your digital rights matters. Here's what they are and how to exercise them.

Your Rights as an Individual

Right to Know

You have the right to know what data companies collect about you. Under GDPR (if you interact with EU companies) and increasingly under US state laws, companies must tell you what they collect, why they collect it, and who they share it with.

How to exercise it: Request your data from major services. Google (takeout.google.com), Facebook (Settings > Your Facebook Information > Download Your Information), Apple, Amazon, and most major services offer data download tools. What you find may surprise you.

Right to Delete

You can request that companies delete your data. Under GDPR, this is a formal right. In the US, it varies by state, but California's upcoming CCPA will establish a deletion right for California residents.

How to exercise it: Close accounts you no longer use. Use services like JustDeleteMe (justdeleteme.xyz) to find the deletion process for specific services. It's rarely easy, which tells you something about how much companies value your data.

Right to Opt Out

You can limit data collection through privacy settings, ad tracking controls, and browser configurations.

How to exercise it:

  • Review privacy settings on every social media account
  • Use a privacy-focused browser (Firefox with tracking protection) or browser extensions (uBlock Origin, Privacy Badger)
  • Opt out of data broker sites (a tedious but worthwhile process)
  • Use a VPN to limit ISP tracking

Your Obligations as a Business

As a practice owner, you're on both sides of this equation. You have rights over your personal data, and you have obligations regarding your patients' data.

HIPAA Right of Access

Patients can request their records. You must provide them within 30 days. We covered this in detail in January. If your process isn't compliant, fix it now.

Data Minimization

Both HIPAA and emerging privacy regulations emphasize collecting only what's necessary. Review what data you collect from patients beyond clinical necessity. Do you really need their Social Security number? Their employer? Every field on your intake form should have a justification.

Transparent Data Practices

Your Notice of Privacy Practices should be clear, readable, and accurate. When was the last time you updated it? Does it reflect your current data practices, including cloud services, patient portals, and third-party integrations?

The Independence Day Challenge

This week, do one thing to improve your digital privacy:

  • Download your data from one major service and see what they have
  • Close one account you no longer use
  • Enable one privacy setting you've been ignoring
  • Review your practice's data collection and remove one unnecessary field

Digital independence isn't given. It's exercised. Happy Fourth.