04:29 PM
Connect Directly

Practicing Web 2.0: Proceed With Caution

Thanks to its legal team, Horizon Blue Cross Blue Shield of New Jersey recently placed itself in the middle of a swirl of controversy about social networking Web sites and the privacy issues they create.

Thanks to its legal team, Horizon Blue Cross Blue Shield of New Jersey recently placed itself in the middle of a swirl of controversy about social networking Web sites and the privacy issues they create.

From Sarah Perez on ReadWriteWeb:

When Dawn and Bart Beye's 15-year-old daughter began showing signs of an eating disorder, they immediately took action. The Beyes enrolled the girl in a treatment program they thought was covered by insurance. Three weeks later, their insurance provider, Horizon Blue Cross Blue Shield of New Jersey, informed the couple they would no longer pay for the child's treatment. Horizon claimed the disorder is not biologically-based, but emotionally-based, and therefore, not their responsibility to cover. The Beyes sued. And in what could have been a dangerous precedent-setting lawsuit, Horizon subpoenaed the daughter's online writings from MySpace and Facebook to prove it.

Due to pending state legislation that could render the entire argument moot, Horizon recently moved to dismiss this particular case.

Certainly, cases like this do nothing to help the insurance industry's public reputation. (After all, it's difficult to side with a company seeking to deny coverage to a young girl with an eating disorder by invading her MySpace account). Yet, the lesson to be learned here isn't about public relations, it's about privacy.

As Perez points out, the carrier's actions provide further evidence that what an individual says online is not private. We should all be cognizant of that fact.

Many, however, are not. Take, for instance, this recent New York Times article, "How Sticky Is Membership On Facebook? Just Try Breaking Free."

from the NYTimes:

While the Web site offers users the option to deactivate their accounts, Facebook servers keep copies of the information in those accounts indefinitely. Indeed, many users who have contacted Facebook to request that their accounts be deleted have not succeeded in erasing their records from the network.

"It's like the Hotel California," said Nipon Das, 34, a director at a biotechnology consulting firm in Manhattan, who tried unsuccessfully to delete his account this fall. "You can check out any time you like, but you can never leave."

There's a couple things to take away from this.

1.) A 34-year-old biotech consultant isn't exactly a good representative of Facebook's user group. And that becomes abundantly clear when he starts making references to Eagles songs.

2.) This entire article is about how people are concerned that they can't fully erase personal data that they willingly volunteered to a public web site.

This, to me, seems ridiculous. Facebook users are 100 percent responsible for how much or how little personal data they share. Anyone who is even half-paying attention should realize that once something is posted to the Web, it can be exceedingly difficult to take it back.

As insurers increasingly embark on Web 2.0 projects, they should be careful in how they enroll people and what information they allow individuals to share.

As fickle as customers can be in reality, they're even more fickle in virtual reality. What an individual shares publicly online is, of course, not private. For some reason though, individuals tend to ignore this until what they share can be used against them. Then, they blame the nearest corporate entity for disregarding their privacy.

Regardless of what insurers' user agreements says (and Facebook's explicitly mentions that it will save the information in deactivated accounts), if customers feel like they've lost control of their own personal information, they won't be pointing at themselves.

They'll place the blame squarely on the shoulders of their insurer. So, if you're a carrier with a new Web 2.0 presence, proceed with caution.Thanks to its legal team, Horizon Blue Cross Blue Shield of New Jersey recently placed itself in the middle of a swirl of controversy about social networking Web sites and the privacy issues they create.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This is a secure windows pc.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.