Re: Health Records, ok to a degree
> not some bank to assess my credit abilities because I may be too sick to pay for something
The legislators seem quite asleep at the wheel on this point. They believe that they've sorted this out with $BIGFINE$. This does not address the actual threat model.
A sufficiently big fine may have been an effective in 1983, but that assumes that they can
(1) catch them in the act, and
(2) prove that they were aware of the data misuse.
In case you are scratching your head about 2, let me outline some possibilities.
The data may be stolen in bulk via direct hack, or maybe like the publication quoted in the article, it gets accidently published (irony meter going off the scale). We have seen other government departments misconfigure their websites, resulting in the accidental leak sensitive data on asylum seekers.
Or perhaps an insider may manage to exfiltrate the data Snowdon style. It would be a courageous decision to believe that it couldn't happen.
Next step is that this data is purchased by a data aggregation company not based here. We are talking about companies paid to aggregate disparate data sources for AI training sets. That data is purchased by other aggregators, rolled together and sold on to yet others until it arrives in a company who specialises in using AI/Big data to provide risk assessment as a service to retail insurers. The retailers are at arm's length to the shadier side of the data collection. Even the risk assessment as a service don't realise that their AI training data is polluted by data obtained by questionable means. Definitely a case of don't ask don't tell.
Your AMPs of the world won't be pulling out your discussion notes from your counselor or your MRI from a decade ago. They'll just get a number out that'll be your risk band where all this is factored in. This will affect your ability to get insurance products. Computer says no. Computer says add exclusion. Computer says big loading for that inclusion.
And before anyone points out how you can investigate supply chains, remember it was only recently that Andrew Forrest discovered slavery in his supply chain. He claimed to be horrified and to have sorted it out immediately. I personally believe him. Supply chains are hard to assert. Even harder when you develop an AI that is trained to pick the datasets dynamically based on continuous "how well did it predict last week". They literally won't know why they've rejected you. Any authority charged with policing that the companies haven't misused the health data has zero chance of detecting it.