Thanks for checking out the last FORRward perspective for 2019. We’ll be back in 2020 with more fresh ideas and thoughtful commentary. Wishing everyone a wonderful holiday!

Healthcare CIOs Are Pushing US Congress To Block Patient Data Sharing Across Mobile Apps

The College of Healthcare Information Management Executives (CHIME), representing more than 3,200 CIOs and other senior healthcare IT leaders, warned a proposed interoperability rule does not provide sufficient safeguards to prevent patients’ sensitive data from being misused by consumer apps. The pushback was focused on “Cures 2.0,” a second iteration of the 21st Century Cures Act which CHIME said fails to comply with the Health Insurance Portability and Accountability Act (HIPAA). One of CHIME’s key points is that smartphone apps that collect data on patients’ visits to doctors’ offices and cancer specialists by recording their location and payment info give away that data, which is then “aggregated and sold to third-party data brokers, making (a patient’s) extremely sensitive illness known to faceless companies and people.” As such, CHIME and other healthcare IT orgs are calling for legislators to address healthcare data privacy concerns and keep healthcare mobile apps relevant and empowering for patients.

Your Safety Is For Sale

In our 2020 cybersecurity predictions report, we projected that the anti-surveillance economy would grow by 15%. At the time, we didn’t know that a story about location data would publish almost immediately after our publication, but our suspicions were right on track. The surveillance economythe dark side of the data economy — is now an enterprise risk. Specifically, The New York Times piece shares how a data set allowed it to obtain the location data of specific individuals. Anti-surveillance tools are usually first adopted by privacy and security-savvy end users. For example, many users run pop-up blockers or add-ons that prevent scripts from running on webpages. However, many of these tools are not supported by IT or security despite being run on corporate devices. The bottom-up adoption approach will not work for enterprises in the surveillance economy. In much the same way that companies now offer their employees identity protection as a benefit, or discounted subscriptions to enterprise productivity software, they will need to offer the same to help protect online anonymity and prevent technology-enabled surveillance on their employees.

Location, Schlocation — Who Really Cares If Your Physical Life Is Revealed To All?

I do. Call me crazy, but when every weather app, social app, banking app, and app app tracks where I am, then sells that data (for chump change, by the way) to data aggregators like LiveRamp and Unacast, I — and everybody else I’m with — is exposed to creepy advertisers, ne’er-do-wells, and bad guys. The New York Times likely tracked the president from an exposed database by following a likely Secret Service agent on their rounds. As the keeper of sanity in your company, why should you care? 1) Because GDPR, CCPA, and all new privacy regulations will expose your company to litigation and embarrassment — and maybe have you fired for negligence; 2) Tracking employees or customers without their permission is just plain smarmy; and 3) Would you want to be tracked that way? It’s time to put this hellfire back in the bottle and bury it under a desert mountain to protect us all. Instead, take a responsible path and put guardrails and guidelines on your use of location data. Push the mapping industry to do the same.

Amazon Bars Sellers From Using FedEx Ground For Prime Shipments

Amid the holiday shipping rush, last weekend Amazon informed its third-party sellers that they are no longer allowed to use FedEx’s Ground delivery service for Prime shipments. In its email announcement, Amazon noted that the reason is a decline in the delivery network’s performance and that it won’t lift the ban until performance improves. The immediate impact: The majority of third-party units on Amazon are fulfilled through Fulfillment by Amazon (FBA), but the remaining will be forced to select FedEx Express or other carriers to complete the remainder of their shipments. Considering the timing, this could prove to be difficult and costly for sellers. The longer-term impact: This decision will not only hurt sellers and anger FedEx, but it could also be damaging to Amazon. Why? The FTC is already doubling down on the tech titans (with antitrust probes into Facebook and Google). In this case specifically, the FTC’s Prompt Delivery Rule (dating to 2001) could come into play. This rule stipulates that if you make a promise to a customer about delivery, you must proactively let them know if the package will be delayed. If you delay twice, you need to proactively refund the customer. In an interview for Barron’s, FedEx noted that Amazon’s decision may compromise the ability for sellers to meet customer expectations and demands. Many eCommerce companies likely haven’t considered what could be a potentially massive liability, mainly because few seem to know about the FTC’s Prompt Delivery Rule and it’s not enforced. Events like this beg the question: Is it time that laws around fast delivery promises are actually enforced?