TSL Blog

A Policy Proposal on Data Breach

by TSL

Colorado Technical University

CS881-1604C-01

Professor: Dr. James Webb

26-November-2016

Introduction

With contemporary cloud and mobile computing, automation, Web technologies in the competitive data-driven market and Internet-based economy, data at low storage cost and fast processing explode and become ubiquitous and ample in both public and private sectors. Big Data, a generic paradigm for data in 5V’s (massive Volume, Variety in forms, high Velocity in processing, truthful Veracity, and real-time Value) pose major challenges of extracting or transforming for insightful information to the organizational decision (Gartner, 2013). Big Data may be categorized into three types: (1) structured data, e.g., relational data, (2) semi-structured data, e.g., data in XML, JSON formats, and (3) unstructured data such as word, pdf, text, media blogs, streaming data, etc. Perhaps, healthcare data may be one of the most unstructured forms for big data analytics (BDA). The individual project in Unit 4 (U4 IP) will discuss Big Data in healthcare, healthcare issues such as fraud, data breach, and privacy. The BDA applications in healthcare will be addressed. This U4 IP will present a policy proposal that covers consequences of data breach and the importance of data privacy in the following sections:

I. Healthcare Data

II. Issues in Healthcare

A. Fraud

B. Data breach

C. Data privacy

D. Regulatory laws

III. BDA Applications in Healthcare

A. Big Data Analytics

B. BDA on fraud and breach

C. BDA on data privacy protection

IV. Policy Proposal

1.0 Purpose

2.0 Scope

3.0 Legislation

4.0 Consequences of data breaches

5.0 Importance of data privacy

6.0 Policy

7.0 Breach management plan

7.1 Identification and Classification

7.2 Containment and Recovery

7.3 Risk assessment

7.4 Notification of Breaches

7.5 Evaluation and Response

8.0 Roles and responsibilities

8.1 Line managers

8.2 Individual users

9.0 Enforcement

10. Review and update

I. Healthcare Data

In general, the healthcare industry generates a vast amount of data, driven by patient care, personal health records, clinical health systems, compliance and regulatory requirements, and public health information (Raghupathi & Raghupathi, 2014). Recently, broad and complex data sets in healthcare that include some structured and unstructured data are often stored in NoSQL databases such as Cassandra, Amazon DynamoDB, or MongoDB. They can be replicated and shared among many nodes and servers in the scalable distributed clusters. A backup system will provide a safeguard and recovery if some disasters such as hacking or risks of the loss happen. Many medical organizations amass and analyze the huge amount of medical data, protected health information (PHI) or personally identifiable information (PII). PHI or PII that can be extracted by typically advanced analytics tools like Hadoop, R Project, or Tableau is divided into three categories (Schneiderman, Plaisant, & Hesse, 2013):

1. Personal health information:

Physicians and patients collect information about their practice and own health habits respectively.

2. Clinical health information

Electronic health records systems can enhance a health care or cure to patients and useful insights into pragmatic patterns of treatment.

3. Public health information

A large quantity of PHI/PII is collected to assist policy makers in more reliable decisions.

II. Issues in Healthcare

Healthcare data is believed to contain hidden insightful information that is valuable for enhancing cure and treatment to patients, enriching physicians’ skill and healthcare systems. For example, protein therapeutics data, clinical trial data, genetics and genetic mutation data, protein therapeutics data, etc. can be harvested to improve daily healthcare processes (Hurwitz, Nugent, Halper, Kaufman, 2016). There are many advanced tools for data analytics in industry, particularly in health services for diagnosis of illness (EMC Education Services, 2015).

A. Fraud

Recently, health care fraud continues increasing significantly, particularly on Affordable Care Act. HHS (US Department of Health and Human Services) reported civil and criminal charges to 301 professional care givers and doctors in $900-million health care fraud schemes of false claims (Office of Public Affairs, 2016). HHS in its news release June 22, 2016, addressed various health care fraud-related crimes from the conspiracy of health care fraud identity theft, money laundering and violations in Medicare, Medicaid, etc. Health Net Federal Services, LLC (HNFS) defines fraud in health care as a misrepresentation of fact or intentional deception to obtain unauthorized payment or health services. For examples, a care provider submits the claims for services that it never delivers or bills for services at a higher price to the health insurance companies. Abuse in health care is the action that is inappropriate beyond the acceptable standard of conduct such as failure in maintenance of medical or financial records or refusing access to medical records (Health Net Federal Services, 2016).

B. Data breach

According to a Ponemon Institute, the average cost of a data breach is $3.8 million up 23% in 2013. The highest cost per stolen record is at an average of $363 in health care field. The costs of lost business from the breach have risen from $1.23 million to $1.57 million in 2013. The US and Germany have the most expensive data breaches. Those data breaches could cost the healthcare industry $6 million each year. The cost components of data breach consist of investigation, remediation, notification, identity-theft repair, regulatory fines, loss of business, class-action lawsuits. Criminal attacks are the leading cause of data breaches in healthcare (Raul, 2014). In 2015, 78% of healthcare organization breaches came from web-borne malware attacks. Notice that many healthcare organizations remain unprepared for data breaches – only 40% of healthcare organizations are concerned about cyber attacks.56% of the healthcare organizations address the lack of funding and resources for incident response to data breaches. Also, except external forces are the leading cause of data breaches, internal causes also expose some concerns (Pallardy, 2015).

Some data breaches occurred with substantial settlement costs as shown below:

1. In February 2015, Anthem the second largest insurer in the US reported the largest healthcare data breach. Hackers accessed the personal information of 80 million customers and employees. The hackers obtained credentials from 5 Anthem technology workers and log in the system from the link. The cause was weak login security, and Anthem’s database was not encrypted.

2. In 2010, the payer was fined $1,7 million for a smaller breach that includes information of 612,000 people. The payer was faced with two class-action lawsuits.

C. Data privacy

In the healthcare field, Bug Data is a valuable asset for medical science, but it poses a potential risk to patient (Bertolucci, 2014). Many medical organizations amass and analyze the huge amount of medical data or protected health information (PHI)

Market research and ethics or data privacy in Big Data based on Internet technology are usually at odds with each other in practice. Big Data Analytics presents both technical and strategic capabilities to generate value from Big Data, particularly data in healthcare, stored for the organizations. With the blossom of BDA, BI (Business Intelligence), and recent AI (Artificial Intelligence), IoT (Internet of Things), there are more chances of violation of security and privacy (Quora, 2014). The risk of violations of the personal privacy is a prominent threat to both public and private individuals and organizations. For example, terrorist hackers likely use advanced analytics tools to access the healthcare systems illegally for their unauthorized benefits or harm people. The issues become urgent and disastrous in a massive scale. The government’s regulatory agencies and protection organizations involve, participate and enforce the law with new rules, controversial in-depth regulations.

D. Regulatory laws

In the US, regulatory laws, rules, and practical guidance were introduced to tackle healthcare fraud, data breach, and data privacy violations. HIPAA is the federal Health Insurance Portability and Accountability Act of 1996 in Tennessee. It was designed to assist people to retain health insurance, safeguard healthcare information, and facilitate administrative costs’ control in the healthcare industry (HIPAA Act, 1996). On the privacy issue, HIPAA emphasizes on protection and maintenance of personal health information in all health-related organizations. HIPAA requires (1) healthcare providers (e.g., physicians, nurses, etc.), (2) producers (e.g., pharmaceutical, medical device companies, etc.), and (3) payers (e.g., insurance companies) must comply all the law and rules in governance. Security, Privacy, and Breach Notification Rules regulate medical information. These laws, rules, guidelines have restricted and governed the disclosure, security, collection, maintenance, transmission of electronic PHI or PHI used by healthcare providers, health insurances, or medical R & D groups. The PHI/PII may include social security number, driver’s license number, account number, photographs, credit or debit card number, required security code, access code, password, medical information, health insurance information, username, security questions, etc.

III. BDA Applications in Healthcare

A. Big Data Analytics

Big Data Analytics (BDA) is a process to examine Big Data for hidden patterns, unknown correlations, market trends, customer preferences, and other useful business information (Chen, Chiang, & Storey, 2012). Today, an emergent trend of BDA becomes a popular demand in many fields: education, manufacturing, marketing, politics, healthcare, security, etc. Many companies have analytics products. Some of the typical analytics products are IBM Watson, AWS (Amazon Web Services), R Project, Tableau, etc. Notice that demand in BDA provides plentiful opportunities for employment for big data talents who possess highly analytical skills in many organizations (Sondergaard, 2015).

B. BDA on fraud and breach

Today, the society constantly continues changing, especially in technology. Big Data Analytics become a powerful tool for data mining on the huge and complex data sets in many fields, and health care field is not the exception.

In 2012, CMS (Medicare & Medicaid Services) went further in fighting health care fraud and abuse. It used big data analytics in the twin-pillar approach to detect fraud before making payments. One of them is a fraud prevention system by utilizing the advanced analytical method in big data analytics, an extent of transforming data, particularly healthcare data, into insightful information with fast algorithms and historical data to detect fraudulent claims. The second approach is an automated program of screening providers approach to validate the eligibility of the suppliers or providers in the CMS program.

To fight against the health care fraud, waste, and abuses, HHS and other organizations have used the following measures:

- Increase funding to use BDA for detecting fraud and abuses.

- Spend all recovered funds from fraud and abuse for further enforcement activities with BDA tools.

- Prioritizing spending on fraud and abuse control activities.

- Increase trust of patients and the public with e-healthcare systems.

- Use BDA to reduce conflicts of interest for providers.

- Apply BDA to establish clinical practice guidelines and routines

- Restrict BDA tools in industrial marketing practices.

- Take a balanced approach to fraud and abuse control activities.

These measures focus on human efforts among many organizations such as social security administration, CMS, HHS, hospitals, outpatient clinics, nursing homes, and rehabilitation centers.

C. BDA on data privacy protection

For protecting data privacy, users can adopt data analytics technology in health informatics technology to assist patients and healthcare providers to access accurately protected data including (1) clinical health information, (2) public health information for policy makers, and (3) personal health information for physicians’ practice or patients’ own health habit. Also, social networking is the most sophisticated new analytic designed to catch fraudsters who use identity theft to obtain health care services or benefit without authorization by tracking ownership of the providers (Health Policy Briefs, 2012).

According to ICC/ESOMAR (European Society for Opinion and Marketing Research) International Code, four basic ethical issues that are identified are (1) autonomous collection of data, (2) data security, (3) information ownership, and (4) privacy in research ethics on Big Data. The individual privacy becomes a primary ethical issue (Agadish, Gehrke, Labrinidis, Papakonstantinou, Patel, Ramakrishnan & Shahabi, 2014). ICC/ESOMAR specifies in the Article that privacy policy, collection data, use of data, security of processing, rights of the respondents, and transborder transactions must be considered and protected privacy appropriately

As a student in DCS (Doctor of Computer Science) Program at CTU (Colorado Technical University), this student was required to take the Basic Institutional Review Board (IRB) Course and the “Computer Science and Information Technology researchers” in CITI (Collaborative Institutional Training Initiative) Course (Alexander, 2014). Both courses also emphasize on privacy protection. For example, the Common Rule (45 CFR 46, Subpart A) in section 6 of the CITI on privacy and confidentiality requires IRBs to determine adequate provisions the privacy protection of subjects and maintenance of the confidentiality of data. Therefore, the corporations should develop a strong tradition of proactive development of ethical standards based on the first ESOMAR Code of Marketing & Research Practice being published in 1948 and the MRS publishing its first self-regulatory code in 1954. Especially in Big Data research, researchers, scientists, practitioners, professionals, and particularly this student should comply with ICC/ESOMAR International Code of Conduct, HIPPA law, and CITI/IRB requirements by carefully complying, obeying and following these guidelines during their practices (Voosen, 2015).

IV. Policy Proposal

This policy proposal for healthcare organizations is designed to explain the consequences of data breaches on individuals and organizations. It emphasizes the importance of using big data analytics with security in mind. It also covers the importance of data privacy as well as the steps that the organizational staff should comply with data privacy rules, HIPAA and HHS (US Department of Health and Human Services).

1.0 Purpose

This policy proposal is legally required and compliant with the HIPAA, HHS, and other rules, guidelines and regulations for safeguarding individual health data against violations of severe penalties and restrictions. Data in healthcare such as PHI (protected health information) is a valuable organizational asset that requires identifying, managing, sharing and protecting for individual patients, health care providers and institutions, e.g., hospitals, outpatient clinics, nursing homes, and rehabilitation centers. A data or information breach or inconsistent data security may occur due to illegal access by unauthorized persons, groups, or lost due to natural disasters such a fire, flood, or stolen because of the cyber attack, or the theft of a mobile devices, e.g., smartphones, laptop computers (HSE, 2011; HHS, 2008).

The purpose of this policy proposal is to ensure that the standardized management approach in place in the event of the data breach. This policy proposal is mandatory to all users who access PHI or healthcare information with an agreement to abide all terms and conditions stated in this policy proposal.

2.0 Scope

This policy proposal addresses the responsibilities, obligations, and duties that individuals, staff, service providers, contractors, third parties, and related organizations that access, use, store or process PHI in the healthcare system need to follow and comply with their practice on their daily work. The policy proposal must be approved and authorized by senior management of the organization.

3.0 Legislation

The policy proposal on data breach, data privacy, security and governance that regulate PHI/PII is based on the following regulations, laws, rules and guidelines as shown below (Practical Law, 2016):

- The HIPAA (the US Health Insurance Portability and Accountability Act)

- FTC Act (The Federal Trade Commission Act)

- The Financial Services Modernization Act (Gramm-Leach-Bliley Act (GLB))

- The HIPAA Omnibus Rule

- The Security Breach Notification Rule

- The Fair Credit Reporting Act

- The Controlling the Assault of Non-Solicited Pornography and Marketing Act

- The Electronic Communications Privacy Act

- The Federal Communications Commission (FCC)

- The Judicial Redress Act

- The federal security and law enforcement laws

- State privacy laws:

- Enacted the California Electronic Communications Privacy Act

- Enacted several amendments to security breach notification law

- Enacted A.B. 1541, etc.

4.0 Consequences of the data breaches

Data breaches lead to criminal and civil charges against 301 individuals, including 61 doctors, nurses and other licensed medical professionals, for their alleged participation in health care fraud and breaches involving approximately $900 million in false billings.

The individuals would get laid off for data violation. The staff would lose their jobs. The companies pay hefty fines, lose business, and public image to clients ( ).

The entities such as individual, staff, healthcare providers, hospitals, clinics, insurance companies that violate HIPAA Law may face hefty fines in both civil and criminal penalties.

a. Individual who does not know HIPAA violates data privacy:

- The minimum penalty is $100 per violation. An annual maximum fine is $25,000 for repeated violations.

- The maximum penalty is $50,000 per violation. An annual maximum fine is $1.5 million for repeated violations.

b. Individual violates HIPAA due to willful neglect, but the violation is corrected within required timeframe.

- The minimum penalty is $1,000 per violation. An annual maximum fine is $100,000 for repeated violations.

- The maximum penalty is $50,000 per violation. An annual maximum fine is $1.5 million for repeated violations.

c. Individual violates HIPAA due to willful neglect but is not corrected within required timeframe.

- The minimum penalty is $50,000 per violation. An annual maximum fine is $1.5 million for repeated violations.

- The maximum penalty is $50,000 per violation. An annual maximum fine is $1.5 million for repeated violations.

d. Covered entities are clearinghouse, providers, health plans and employees. They are held liable under HIPAA. The penalty for data violation is heavy in fines and imprisonment for up to one year.

Except the penalties for HIPAA violations, individuals such as employees, contractors who violate the rule(s), based on the degree of severity, may receive a notification warning with a black mark in the disciplinary record of the first data violation, get suspended or pay a fine for the second, or may get laid off without pension, or dismissed or terminated on the third PHI violation.

5.0 Importance of data privacy

Data privacy is very importance during practicing BDA on Big Data for useful insights. All users including individuals, staff, healthcare providers, contractors, third parties, organizations at all levels must be trained for awareness of data privacy.

a. HIPAA patients’ rights

All users must understand and respect patients’ rights as shown below:

- The right to received notice of privacy practices from healthcare providers.

- The right to see their protected health information and receive a copy.

- The right to request changes to their records to correct errors or add information.

- The right to have a list of PHI/PII.

- The right to request confidential communication.

- The right to complain.

a. Main obligations

They have the primary obligations to comply all HIPAA rules as follows:

HIPAA requires the covered entities like healthcare organizations and medical professionals to (1) use, disclose and request the minimum quantity of PHI to complete a transaction; (2) implement data security protocols, security procedures and policies at technical, administrative levels to protect data under the HIPAA Privacy Rule; (3) comply with the standards set up for electronic transactions. It also requires the entities to obtain a writing consent form from data subjects. HIPAA requires the entities to provide a notice of privacy practices to data subjects, patients.

Information on the Guidance for Remote Use of and Access to Electronic Protected Health addresses the risk of accessing, storing or transferring medical data on laptop and desktop computers, home PC, wireless devices, memory flash drives, e-mail and public workstations. Sample business associate agreements are provided by Department of Health and Human Services.

6.0 Policy

In gathering and exploiting big healthcare data, most data science projects in exploratory nature pose the huge challenges. The companies often establish a process for the best practices to govern, manage and control in several phases for effectiveness and efficiency. Similarly to software or hardware development process or even proposed dissertation research process, a basic Data Analytics Lifecycle (DAL) is an analytics process designed to particularly for Big Data challenges and data science projects. According to EMC Education Services (2015), DAL consists of six phases with the project work that can occur in several phases at once. Six phases are:

a. Discovery: Learn business and determine the business problem

b. Data Preparation: Gather data and perform ETLT (Extract, Transform, and Load or Extract, Load, and Transform) on the data.

c. Model Planning: Determine methods, techniques, and workflow, and learn the relationship between variables.

d. Model Building: Develop datasets for testing, training, and production.

e. Results Communication: Determine the results or explain the outcome.

f. Operationalization: Deliver final reports, briefings, code, etc.

In the event of data breach, PHI/PII violation, or data privacy violation, the following breach management plan is strictly executed in five sequential stages (HHS, 2008; HSE, 2011):

1. Identification and Classification

2. Containment and Recovery

3. Risk Assessment

4. Notification of Breach

5. Evaluation and Response

7.0 Breach Management Plan

7.1 Identification and Classification

This stage requires any staff member to report any suspicious activities or data security breach to managers. The procedure for such report must be in place for staff members. Data breach is an unintentional release of confidential or PHI to unauthorized persons or accidental disclosure, or theft of PHI/PII

7.2 Containment and Recovery

Containment includes the scope and impact of the data breach. If the data breach occurs, managers should (1) decide on who should investigate the breach, (2) inform which department(s) need to be aware of the problem and which measures should be used., (3) Determine how to recover the losses and limit the damage.

7.3 Risk assessment

The manager should consider what would be the potential consequences for staff members and individuals. The manager should consider (1) What type of data or information is involved. (2) How sensitive the data is, (3) There are any security mechanisms such as password, protected, encryption, (4) What could the information tell a third party about the individual, and (5) How many individuals are affected by the data breach.

7.4 Notification of Breaches

- All data breaches must be reported to the authority such as the Consumer Affairs or Computer Security Incident Response Center (CSIRC).

- CSIRC should inform to other related agencies and notify the HHS Records Officer, and third parties (e.g., media outlets and public and private sector agencies)

7.5 Evaluation and Response

At this stage, a thorough review must be performed on the incident of data security breach to ensure that some measures must be improved in the identified areas. Any recommended change must be documented, implemented and deployed right away. Managers should identify who are responsible for reacting to the breaches of data security.

8.0 Roles and Responsibilities

8.1 Line Managers

Line managers are responsible for (1) the implementation of this policy proposal within the business area, (2) make sure that all individual, staff are instructed to comply with this policy proposal, and (3) consulting HIPAA office and CSIRC office in association with the appropriate procedures for following up when a breach has occurred.

8.2 Individual Users

Each individual is responsible for (1) complying with the terms, rules of this policy, (2) respecting and protecting the confidentiality and privacy of data and information they process at all times, (3) reporting all breaches, abuse, misuse of this policy to the line manager.

9.0 Enforcement

The violators who break the rules or conditions of this policy will be subject to disciplinary actions. They must be denied to access organizational IT resources and may be suspended and dismissed in the disciplinary procedure.

10.0 Review and Update

The policy proposal’s author reserves the right to update and revise the content of the policy proposal appropriately and frequently to ensure that any changes in structures, reorganization and business practices must be reflected in this policy proposal.

Conclusion

In summary, this document provided a brief introduction of Big Data, Big Data Analytics. It described huge data sets in health care and discussed healthcare fraud, data breach, the issue of data privacy and the current regulations. Especially, the document focused on the applications of Big Data Analytics on health care data to detect widespread healthcare fraud, fight against security breaches and use BDA to protect data privacy. It presented a policy proposal including ten sections: purpose statement, scope, legislation, consequences of the data breaches to individuals, staff and organizations, the importance of data privacy, the policy, breach management plan, roles and responsibilities, enforcement, and review and update.

REFERENCES

Agadish, H., Gehrke, J., Labrinidis, A., Papakonstantinou, Y., Patel, J. M., Ramakrishnan, R., & Shahabi, C. (2014). Big data and its technical challenges. Communications Of The ACM, 57(7), 86-94. doi:10.1145/2611567

Alexander, M. (2014). What is the institutional review board (IRB) process?

Presentation presented at the Doctoral Symposium of Colorado Technical University, Englewood, CO.

Bertolucci, J. (2014). Healthcare big data debate: public good vs. privacy. Retrieved November 21, 2016 from http://www.informationweek.com/big-data/big-data-analytics/healthcare-big-data-debate-public-good-vs-privacy/d/d-id/1316367

Chen, H., Chiang, R. H., & Storey, V. C. (2012). Business intelligence and analytics: From big data to big impact. MIS quarterly, 36(4), 1165-1188.

EMC Education Services. (2015). Data Science and Big Data Analytics: Discovering, Analyzing, Visualizing and Presenting Data. John Wiley & Sons.

Gartner Group (2013). Gartner predicts business intelligence and analytics will remain a top focus for CIOs through 2017. Press Release. Las Vegas, NV. Retrieved June 4, 2015 from http://www.gartner.com/newsroom/id/2637615.

Health Net Federal Services (2016). Our commitment to fight health care fraud and abuse. Retrieved November 14, 2916 from https://www.hnfs.com/content/hnfs/home/tn/bene/claims/what_is_fraud.html

Health Policy Briefs (2012). Eliminating fraud and abuse. Retrieved November 14, 2916 from http://www.healthaffairs.org/healthpolicybriefs/brief.php?brief_id=72

HIPAA Act, (1996). The federal health insurance portability and accountability act. Retrieved October 19, 2015 from http://tn.gov/health/topic/hipaa.

HHS (US Department of Health and Human Services), (2008). Personally identifiable information (pii) breach response team. Retrieved November 22, 2016 from http://www.hhs.gov/ocio/policy/20080001.003.html

HSE (Health Service Executive), (2011). Data protection breach management policy. Retrieved November 23, 2016 from http://www.hse.ie/eng/services/Publications/pp/ict/Data_Protection_Breach_Management_Policy.pdf

Hurwitz, J., Nugent, A., Halper, F., Kaufman M. (2016). How to incorporate big data into the diagnosis of diseases. Retrieved October 09, 2016 from http://www.dummies.com/programming/big-data/how-to-incorporate-big-data-into-the-diagnosis-of-diseases/

Office of Public Affairs, Department of Justice (2016). National health care fraud takedown results in charges against 301 individuals for approximately $900 million in false billing. Retrieved November 14. 2916 from https://www.justice.gov/opa/pr/national-health-care-fraud-takedown-results-charges-against-301-individuals-approximately-900

Pallardy, C. (2015). 50 things to know about healthcare data security & privacy. Retrieved November 21, 2016 from http://www.beckershospitalreview.com/healthcare-information-technology/50-things-to-know-about-healthcare-data-security-privacy.html

Practical Law (2016). PLC - Data protection in the united states: overview. Retrieved November 21, 2016 from http://us.practicallaw.com/6-502-0467

Quora (2014). What is the future of business intelligence? Retrieved October 20, 2015 from http://www.quora.com/What-is-the-future-of-business-intelligence.

Raghupathi, W., & Raghupathi. V. (2014). Big data analytics in healthcare: promise and potential. Retrieved October 09, 2016 from https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4341817/

Schneiderman, B., Plaisant, C., & Hesse, B. (2013). Improving healthcare with

interactive visualization methods. Retrieved September 06, 2016 from https://www.cs.umd.edu/~ben/papers/Shneiderman2013Improving.pdf

Sondergaard, P. (2015). Gartner says big data creates big jobs. Retrieved on December 7, 2015 from http://www.gartner.com/newsroom/id/2207915

Voosen, P. (2015). After facebook fiasco, big-data researchers rethink ethics. Chronicle Of Higher Education, 61(17), A14.

TSL Blog

Thursday, December 15, 2016

No comments:

Post a Comment