A Hospital Leaked My Family’s Data. So I Taught It About Data Privacy.

How to identify, address and prevent data breaches — and why you shouldn’t handwrite medical information.

Currently job searching? Give yourself an edge by developing a personal project using my free 5-page project ideation guide.

The quickest way to tick off a data engineer, after pushing an unannounced change to an API, is to mess with our personal data. Though, frankly, the carelessness with which data is mishandled at many institutions should shock and upset even those with the most basic technical knowledge. The delta between understanding what happened vs. what should happen in data breach scenarios is why stories like Sephora getting fined $1.2 million or Google’s $400 million penalty barely moves the needle with the average consumer, client or patient.

Unfortunately for orgs with lax data policies, occasionally the victim of negligence is informed enough to 1) know what occurred and 2) know what to do about it.

In this case, it was the mishandling of my family member’s information by a medical institution in the southeast U.S. and a boiler-plate, “we didn’t mean to” response that set me off. Months later, it inspired me to pen this cautionary tale; though instead of advising “this may happen to you” I have to warn, with the continued inattention to data governance, “this will most likely happen to you.”