Other people's families are fascinating.
And from a business perspective, the media industry's obsession with the dalliances of government officials or movie stars is understandable -- those kinds of soap operas drive readership. And access to readers is, after all, the product media companies sell to advertisers.
But what about, say, prescription medicines. Can a media company sell ads against someone's pharmacy history?
Only if their leaders want to flirt with a 10 year prison sentence.
Because that's the penalty for using health information for commercial gain in the United States. Any information related to an individual's personal health is off limits, protected by a 1996 federal law known as the Health Information Protection and Accountability Act (affectionately, "HIPAA").
HIPAA says you, and only you, control how your health information is used. You can demand the records your doctors keep, and they are obligated to deliver them in their entirety. You can even demand that they destroy those records, and they must comply. And if they share the data without your explicit permission, you can file suit with Congress at your back.
But the best part of HIPAA is that it makes your privacy a right, not a privilege -- in order for you to be protected by HIPAA, you just have to exist. Neither doctors nor hospitals can induce you to sign cleverly crafted policy to bypass HIPAA. That's how privacy should work, it's a right for you to control, not a cat and mouse game with the business community.
How does advertising mix with HIPAA? It doesn't. Advertisers are explicitly disallowed from storing, using or exploiting information covered by HIPAA. How do advertisers and social media companies feel about HIPAA? They hate it. The less they know about you, the less you're worth to them.
So let me ask you a few more sensitive questions.
Is the location of your child off limits to an advertiser? What about the photographs of you in front of your fertility clinic? What about the private conversation you're having with your sisters about how to manage your Dad's dementia? Do you control that information?
None of that information is protected by HIPAA.
Which, for all practical purposes, renders some of your most private information up for sale to the highest bidder -- courtesy of social media companies and their incomprehensible privacy policies.
As you can tell, I'm a big fan of HIPAA. I just wonder why it's so narrowly constructed. I like knowing that my personal information is mine, and the folks who manage that information live in fear of the criminal penalties that await them for misappropriating it. I like being protected by the law.
I just wonder why information about my family, our locations, conversations, purchases or the intimate details of our life outside a hospital is any less protected. It's my information, after all. I want to know who's requesting access to it, and want to be in control of whether they get it. I may not care that you know where I shop. Then again, I may.
If a man were standing outside your home, photographing your family and following your kids, would you call the police? Surely. What if that man were a datacenter gathering the same data, and selling it to whom they pleased? Who do you call? Other than the social media companies themselves, there are no police on the web -- and the foxes are guarding the henhouse.
It's time we take responsibility for all our data, and reject the proliferation of complicated privacy waivers designed to maximize the harvestable value of our personal information.
It's time we extend HIPAA style protection to any and all personal information -- and recognize that our families are just as personal as our health, and the risk of disclosing their information can be just as injurious.
Unless I give you explicit permission to gather, package, distribute or use my or my family's information, you are forbidden to do so.
If you support this idea, this is one thing I'd love you to be public about.