Wednesday, February 4, 2015

What Abbott probably should say...

There has been a lot of background activity on my posts about the Libre data uploads. On one hand, I felt it was my duty to the patient and medical community to at least inform them of what was happening. On the other hand, I never wanted to create a big scandal that could impact the availability of what I feel is an essential technology for diabetics. For this reason, I decided not to go through my IT security contact list. Neither did I seek press coverage in the way IT security experts do when, for example, they stumble on "spying smart TVs". Now things seem to be out of my hands...

Abbott has not contacted me (and, if you guys read this, there really is no need, my life is busy enough). Patients, Doctors and other interested parties have. Some reported what Abbott representatives told them or told audiences. Some shared documents they had received...

From what I have seen, read or heard, the Abbott's responses have evolved somewhat, from pure denial that anything happened (objectively false), to admission that very small Q&A technical uploads happened now and then (false, unless you consider your glucose levels, treatment, exercise, etc... to be "technical"), to kind of vaguely admitting that some uploads could indeed occur but neither confirming nor denying their extent.

At all times, the fact that everything that happened was in compliance with such and such data privacy law was stressed. While I am not a lawyer, I feel that this is a bit unconvincing.

Assume I walk into the houses of all the diabetics I know and covertly take a copy of all the notes related to their diabetes treatment, their exercise notes, their insulin use patterns, etc... I believe this can be described as an unwanted data theft.  But also assume that, once I get back home, I take the utmost care in storing your data properly and protecting it.

Does that change the nature of the initial act? I don't think so.

If I rob a bank, store the money I robbed in a "better" bank and then pay my taxes on the interest I collect, does it mean I am not guilty of theft anymore?

I don't think so. But that is only my opinion.

Coincidentally, the Nuffield Bioethics commission published this week its report on the use of health data.What do they think? Here are some of the key points they develop.

"The UK Government should introduce robust penalties, including imprisonment, for the
deliberate misuse of data, whether or not it results in demonstrable harm to individuals."

"There should be complete audit trails of everyone who has been given access to the data,and the purposes to which they have been put. These should be made available to all individuals to whom the data relate or relevant authorities in a timely fashion on request."

Ouch, that hurts!

Do I believe anyone at Abbott should go in jail? No, I don't. I believe they all should be working hard, busy preparing the next generation of products that will make the life of diabetic patients easier.

But I do believe that Abbott should simply have said something like  

"Ooops, sorry, we were in such a rush to deliver a great product that we overlooked a few things. We'll fix that as soon as possible and release an update respecting your privacy and offering you a choice. Accept our apologies." 

 Yes, definitely.

They could even have claimed it was a "bug", just as LG did when its TVs were found to spy on their users. Techies would have smiled quietly and moved on...

No comments:

Post a Comment