[arin-ppml] Policy Proposal: Customer Confidentiality
Tom Vest
tvest at pch.net
Wed Jun 10 11:01:50 EDT 2009
On Jun 10, 2009, at 10:12 AM, Milton L Mueller wrote:
>> -----Original Message-----
>> From: arin-ppml-bounces at arin.net [mailto:arin-ppml-
>> bounces at arin.net] On
>> Public actions have public accountability. If you don't want your
>> picture
>> taken going in to a strip club then don't go to a strip club.
>>
>
> This doctrine bears no relationship to actual law regarding privacy
> and freedom of association. Sorry, guys, but there's more at stake
> here than your convenience as network admins, and even as network
> admins there are appropriate limits to place on indiscriminate
> public access to sensitive information, especially when
> contractually agreed between provider and customer. When you get
> elected as a legislator, Kevin, then you and 250 other elected reps
> can change that under due process if you wish; until then, don't try
> to make law via ARIN.
>
> --MM
Neither does "actual law" impose a strict, uniform interpretation on
how information collected and maintained for *authorization and
accountability purposes* can and cannot be used in all situations. An
arguably relevant, if US-centric, illustration:
"HIPAA requires healthcare providers to obtain patients' authorization
before disclosing their information to third parties for marketing
purposes. However, healthcare providers do not need authorization to
disclose information for marketing their own health-related services.
HIPAA also allows disclosure of health-related information for a
variety of social purposes such as public health activities, suspicion
of abuse or neglect, health oversight activities, and for law
enforcement purposes, along with a court order, subpoena, or
"administrative request." HIPAA does not include a requirement to
provide notice toconsumers in the event of a data breach. Finally,
lawsuits to enforce HIPAA requirements can only be brought by the
secretary of the Department of Health and Human Services and not by
individuals."*
So, in some contexts at least, one man's "indiscriminate public
access" may be another man's access/disclosure to fulfill a
"legitimate social purpose."
If that doesn't suit you, you can always take your own advice and try
to author some new "actual laws" that more closely fit your own views.
TV
*George H. Pike, "HIPAA Gets New Privacy Rules" (Information Today,
April 1, 2009), p. 13.
An online version is available at:
http://goliath.ecnext.com/coms2/gi_0199-10387318/HIPAA-gets-new-privacy-rules.html
More information about the ARIN-PPML
mailing list