• @MangoKangaroo@beehaw.org
    link
    fedilink
    29
    edit-2
    6 months ago

    I’m curious whether the increasingly invasive telemetry of modern Windows will have legal implications surrounding patient privacy here in the US. I work IT in the healthcare field, and one of our key missions is HIPAA compliance. What, then, will be the impact if Microsoft starts storing more and more in-depth data offsite? Will keyboard entries into our EHR be tracked and stored in Microsoft’s servers? Will we subsequently be held liable if a breach at Microsoft causes this information to leak, or if Microsoft just straight-up starts selling it to advertisers? Windows is our one-and-only option for endpoint devices, so it’s not like we can just switch.

    I genuinely don’t have the answers to these questions right now, but it may start to become a serious conversation for our department in the future if things continue at the trajectory they’re going at. Or, maybe I’m just old and paranoid and everything will be okie dokie.

    • @SapientLasagna@lemmy.ca
      link
      fedilink
      56 months ago

      Like most of Microsoft’s more odious features, this one can be turned off through GPO/Intune policy across an organization. As such, the liability will mostly fall on the organization to make sure it’s off. The privacy and security impacts will be felt by individuals and small businesses.

      They claim that the data is only stored locally, so far. We’ll see, I guess.

      • @MangoKangaroo@beehaw.org
        link
        fedilink
        26 months ago

        Sadly a lot of the privacy switches are exclusive to enterprise and education users, but our endpoints are running Pro (we have our previous supervisor to thank for that). I guess I’ll hope this is one of the ones we can just toggle off without any fuss.