I started losing my digital privacy in 1974, aged 11
- Reference: 1755071107
- News link: https://www.theregister.co.uk/2025/08/13/digital_privacy_senseless_data_preservation/
- Source link:
On my recent tour of the United States (making it through [1]immigration checks in record time, thanks to facial recognition), I caught that bug, the same one that brought the world to a halt half a decade ago. But I caught it early, so I knew that I could probably get some treatment.
That led to a quick trip to an 'Urgent Care' - the frontline medical center for most Americans. At the check-in counter, the check-in nurse asked to see some ID, so I handed over my Australian driver's license. The nurse looked at the license and typed some of the info on it into a computer, then they looked up at me and asked: "Are you the same Mark Pesce who lived at...?" and then proceeded to recite an address that I resided at more than half a century ago.
[2]
Dumbstruck, I said, "Yes...? And how did you know that? I haven't lived there in nearly 50 years. I've never been in here before - I've barely ever been in this town before. Where did that come from?"
[3]
[4]
"Oh," they replied. "We share our patient data records with Massachusetts General Hospital. It's probably from them?"
I remembered having a bit of minor surgery as an 11 year old, conducted at that facility. 51 years ago. That's the only time I'd ever been a patient at Massachusetts General Hospital.
[5]
Somehow that had never been forgotten.
We seem perfectly willing to accept that everything we do today leaves a permanent record. It appears that long before Eric Schmidt declared, " [6]Privacy is dead ," any of our pretensions to privacy had already joined the Choir Invisible.
The fine print of whatever forms my parents signed when admitting me to that hospital probably contained a clause that mentioned the hospital would be keeping my patient records on file. I don’t know if that meant my records inhabited massive stacks of filing cabinets housing neatly alphabetized patient records, before a later digitization project dredged them up.
[7]
There’s a slim chance my records were digital from the get-go because Massachusetts General Hospital prides itself as one of the leading medical research facilities in the world – it was the first facility to perform surgery under anesthesia. So perhaps it already kept electronic records when I visited all those decades ago.
[8]I just deleted my entire social media presence before visiting the US – and I'm a citizen
[9]If you want a picture of the future, imagine humans checking AI didn't make a mistake – forever
[10]AI's the end of the Shell as we know it and I feel fine … but insecure
[11]AI can't replace devs until it understands office politics
I don’t much care how my records made it into 2025. I am interested in why nobody ever decided to delete them.
I realize we all want our medical records instantly available to inform treatment in moments of great need. But half a century of somewhat senseless recordkeeping strains credulity. Most likely my record remained in that database simply because it's never been cleaned out - an operation that would take time and budget that would never be approved because, why would you ever delete patient data?
This has the feel of a situation we had no idea we were making for ourselves - countless sensible decisions culminating in a ridiculous outcome. Go forward another fifty years, when it's quite likely I, too, will have joined the Choir Invisible. Will my patient record still be in that database? What purpose would that serve? If my records as a child are in there, half a century later, it's easy to imagine this database holds records of many other people who have passed on and therefore shouldn't be in there at all. Privacy lost to laziness.
My experience suggests that organizations need to regularly review their data sets to ask "Should this data be held indefinitely?" If they do, maybe we can find a way to let the past go - safely - so that we can preserve a shred of privacy? ®
Get our [12]Tech Resources
[1] https://www.theregister.com/2025/07/21/column_social_media_entrapment/
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offbeat/legal&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aJxiNjSDfC_4SyVw9YR0MgAAAEU&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offbeat/legal&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aJxiNjSDfC_4SyVw9YR0MgAAAEU&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offbeat/legal&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aJxiNjSDfC_4SyVw9YR0MgAAAEU&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offbeat/legal&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aJxiNjSDfC_4SyVw9YR0MgAAAEU&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://www.theregister.com/2020/01/08/how_not_to_be_seen/
[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offbeat/legal&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aJxiNjSDfC_4SyVw9YR0MgAAAEU&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[8] https://www.theregister.com/2025/07/21/column_social_media_entrapment/
[9] https://www.theregister.com/2025/07/16/if_you_want_a_picture/
[10] https://www.theregister.com/2025/06/11/opinion_column_mcp_von_neumann_machine/
[11] https://www.theregister.com/2025/05/21/opinion_column_ai_cant_replace_developers/
[12] https://whitepapers.theregister.com/
Why would you ever delete patient data?
Yes, seriously.
I can understand other records, but not medical ones.
I was able to get proper medical care, including surgery, for a broken coccyx after proving I had fallen off a hay bale in 1973 and seriously injured myself, and thus it was a chronic thing and not just the minor recent incident my doctor insisted it was. I would have otherwise not been considered eligible for the surgery.
And after you're dead, it's no longer a privacy issue and becomes historical records. It's no different than census records.
Should this data be held indefinitely? Yes.
This is the same sort of data that let me piece together that my great^9 grandfather was Edward Reavis, born 1680 in Paddington, England, and left to come to Virginia, after being held in Newgate prison for his religious beliefs. He moved to Henrico county, Virginia in 1721 and died in Northampton county, North Carolina in 1751. I've also found 454 other relatives down to me, through a ton of things including bible notes, estate papers, census records, marriage records, medical records, military records, family papers, private letters, obituaries, social security records, tombstones, and even old wedding invitations.
Re: Why would you ever delete patient data?
" I was able to get proper medical care, including surgery, for a broken coccyx after proving I had fallen off a hay bale in 1973... "
Unfortunately that is a two-edged sword: insurance companies call that a pre-existing condition and may refuse you as a customer, hike your premiums, or exclude coverage for anything that could possibly be related to that fall, on the basis of that same data.
Re: Why would you ever delete patient data?
I don't have insurance. It turns out it's cheaper to not have it, as you get a much reduced rate, instead of the insurance company getting the full bill and not paying 90% of it.
The money that would have gone to premiums is in securities earning interest.
Re: Why would you ever delete patient data?
I agree. Sort of.
Deleting data is the easy way to ensure privacy. Like a lot of easy ways, it mostly works for its intended purpose, but it has significant side-effects.
The proper way would be to have a well-designed data ownership framework, both technical and legal, that allows me to declare who can access what of my data and when, regardless of storage. Then I could declare that e.g. my health data is only available to a list of entities I explicitly approved (e.g. my doctors), and if anyone else (e.g. an insurer) turned out to have it, I'd be able to sue and win easily. I wouldn't even have to prove it was obtained illegally, because there would be no lawful way for an insurer to have it. If there was such a system, then I mostly wouldn't need to delete my data in order to safeguard my privacy, and if I wanted it deleted, I would be able to do so myself - the system would automatically take care of clearing copies and caches, and the institutions holding them would not be able to prevent this, legally if not technically. Same process for revoking consents.
Unfortunately, creating such a system would be an enormous task of both politics and technology. Not unfeasible, mind you. I sometimes like to hope I'd be able to see it in my lifetime. But I'm not holding my breath.
Deleting data is the next best thing. Should there be an exception for health data? Possibly, but there would have to be a fix for the insurers problem.
Re: Why would you ever delete patient data?
This one. A d is not so difficult. Here my data are protected by medical card. But for urgent care - and that only after I approved it beforehand - to access my medical records such card is needed. The only stupid thing they did is it was managed in a US like way, in a federal way. So there are tens of slightly different systems that do not talk to each other properly.
Deleting old records safely and sensibly requires that decisions be made, procedures be designed, routines be written and systems to be adapted. That takes personpower (unless you want to leave it to the tender mercies of AI) and that means cost. Worse: that cost will not lead to any increase in profits, it only hurts the bottom line without any commercial benefit.
Storage, on the other hand, is cheap.
Also, the fine print you signed/clicked/agreed on protects the parties involved from any legal repercussions as a result of your data being kept/stored/shared but not from any damages resulting from the deletion of said data. And the US medical sector is one of the most litigious ones in the world.
So what do you think will happen? Exactly. Nothing.
Not that it matters. Our privacy has been a mere illusion for over half a century, old records or no, and we eagerly buy into new systems every day that make that worse.
"Should this data be held indefinitely?"
[1]Birthlink , who keep (kept?) records of adoptions in Scotland, so that children could, if they so desired, trace their birth parents, [2]found out the hard way (BBC) that some records should not be deleted. [3]ICO monetary penalty notice
[1] https://birthlink.org.uk/
[2] https://www.bbc.co.uk/news/articles/cj4wn00pz48o
[3] https://ico.org.uk/action-weve-taken/enforcement/2025/07/birthlink/
Was it not Scott McNealy who said "Privacy is Dead, Get over it" when in charge of Sun Microsystems in the late 90's ?
If the old records showed you had your Appendix removed and you were in with suspected Appendicitis, then it would definitely be relevant. (More relevant now as they can do it keyhole through the Navel and so have no visible scarring.)