In this age of digitization, cyber mindfulness has become increasingly important. More and more people fall victim to convenience clicking, accepting terms and conditions on websites simply because the consumer demands to have the service delivered to them instantaneously. We as a society have become accustomed to this sort of behavior in areas like online shopping for example we can order any given product online and it will arrive the next day. Internet users make over 2 trillion Google searches per year, or approximately 63,000 every second. Although we have the power at our fingertips to access near-endless amounts of data and information, we should simultaneously consider the sacrifice (in terms of data) we make to conveniently access these.
As beneficial as this may be, it comes at a price. With every website you visit, every product you purchase, we as consumers are sacrificing our data. Many of us do this without a second thought, yet our personal data is an invaluable resource. While we are empowered to access the information, we are not empowered to hinder our information from being accessed and used without knowing the true extent to which it will be used. To contextualize this, Facebook creates vasts amounts of data on its users to create a detailed profile, which is then used to target things like advertising. However, this issue of data privacy and convenience clicking goes beyond social media and the online space.
A recent report exposed that this concept of convenience clicking reaches beyond the internet. Many DNA testing and analysis service that sells direct-to-consumer home DNA-testing kits as 23andMe and Ancestry.com have in fact been found to be collecting genetic, health, and behavioral data. While these services are sold under the premise of uncovering the consumers’ ancestry and exploring potential predispositions to specific health conditions, it has been uncovered that a portion of revenue for companies like 23andMe is derived from selling this data to third party companies. It has also been discovered that 23andMe also uses this genetic data to run studies of their own. Although the customer agrees to these terms upon purchase, the issue is that most consumers are not empowered to read through and understand the fine print, be it a lack of time or a barrier in the language. Since the Facebook scandal involving the sale of data to Cambridge Analytica, 23andMe has seen a slowdown in sales of its genetic testing kits. It is speculated that this is the result of two aspects. First, 23andMe has historically not been fully transparent with its customers in regards to their data-sharing practices, and second, the simple fact that the company may put customer’s genetic data at risk.
The lack of transparency was first uncovered when 23andMe announced a partnership with a pharmaceutical company. While the option is provided at the outset of purchase to consent or withdraw from “23andMe Research”, it lacked a comprehensive explanation of what this entails. Consenting would allow the company to use the de-identified data for so-called scientific research, as well as “external research partners and in scientific publications”. While many consumers are willing to contribute their data to assist in progressing scientific discoveries, a greater hesitation exists when this involves providing the data to a for-profit company. The lack of transparency in the data sharing policies increases the uncertainty for consumers and poses the risk that their data could be shared with whichever company 23andMe chooses to partner with.
Although the uncertainty in data sharing policy can already put consumers’ data at risk, the security measures increase the risk. Although measures are in place, the possibility of a breach can not be eliminated. A similar DNA testing service, MyHeritage, was the target of an attack in 2018, exposing data from over 92 million users. According to a Harvard Business School report, this could result in the potential selling of genetic information to “health insurance companies to use to evaluate patient eligibility or individual insurance premiums”.
So, how can we as consumers be cyber-mindful? Researchers at the University of Dayton, Ohio, constructed a model to guide cyber mindfulness. This model consists of three components: Awareness, Agency, and Action. The awareness step is the ability to identify cyber threats through a process of continuous learning to build an understanding of how to address these threats. Agency is defined as an attitude for recognizing one’s personal ability to defend against shared risk. And finally, action summarizes behavioral habits that align with this understanding. Essentially, cyber mindfulness intends to build awareness and shape attitudes that are translated into effective and measurable actions that make a difference in protecting information assets. To be cyber mindful does not mean that you need to become a cybersecurity expert, but rather to be aware of the potential threats that could take advantage of your data, and understand how to avoid them.
One researcher at the University of Virginia found that mindfulness training is 38 percent more effective in preventing hacks than traditional anti-phishing training. While these are techniques used in preventing hacks, the general idea can be equally implemented in other areas of internet activity and should be even more seriously considered when the content relates to your health data privacy.