• by Ray Schultz , Columnist, March 13, 2020

The right to be forgotten is one of the core principles of GDPR and CCPA. But 23% of companies ignored requests, made by users of Mine, a service that helps people opt out of having their data retained.

On a more positive note, 40% responded and 37% completed such requests, Mine reports.

These findings are part of a broader study that also informs consumers that 83% of their personal data is being held by firms they probably don’t know. And the study pitches Mine’s offering.

Those folks seem unaware that 350 brands have their data. And they implicitly trust certain brands — namely, Microsoft, YouTube, Netflix, PayPal, and Spotify. 

Not that they’re sanguine about it — 90% of consumers were shocked when they learned that their digital footprint is twice the size they expected. And 92% are uncomfortable about the sheer number of companies that have data stored on them.

Of course, attitudes may have changed slightly since the research was conducted late last year.

This study was released on Thursday, a day when the country was reeling from news about the coronavirus and its impact. Testing and treating patients may complicate privacy compliance.

The National Law Review has published an extensive piece reminding healthcare providers that despite the emergency, they still must observe GDPR and other laws. 

That means ensuring that only appropriate personnel have access to data, and that workforce members know the difference. 

Also, extra protections should be put in place — i.e., “VIP” or “break the glass” status for records. And providers should routinely review audit logs to spot inappropriate access.

In addition, while healthcare entities may release aggregate information to the media, HIPAA requires that they exclude all personally identifiable information, including:

- Names

- All geographic subdivisions smaller than a State

- All elements of dates (except year)

- Fax numbers 

- Electronic mail addresses

- Social security numbers 

- Medical record numbers

Meanwhile, Modern Healthcare states that hospitals are walking a fine line between disclosure and privacy in the broader sense.

“While some are actively communicating and being transparent, others are declining to publicly disclose if one o their patients has COVID-19 to minimize liability,” it writes.

But back to Mine. The company says it surveyed 1,700 consumers in the UK and US.

Many prefer to be forgotten — that is, they’d like to have firms erase their data and forget that they exist. They especially choose to start with brands in the technology, shopping and travel sectors.  

There may be reason for them to be wary of tech companies — they are the least responsive to right-to-be-forgotten demands. In fact, they have completed only 5% of data erasure requests received to date.

The fastest firms to comply are Zoom, Uniqlo, Pocket, ManpowerGroup, and Trainline.

An average of 2,834 companies have data on The top 5% of Mine users--those with the largest digital footprints.  

At the same time, 86% of consumers think that releasing information has impaired their right to privacy or free choice. But 88% believe that sharing data is the cost for using the internet.