PatientsLikeMe.com, an online community for chronically ill people to share personal information (and a business that also sells information about its users) is the victim of the latest form of privacy-violation-for-profit: a practice known as “scraping,” according to a great story today in The Wall Street Journal.
Julia Angwin and Steve Stecklow, my former colleagues at the WSJ (which is clearly going for a Pulitzer Prize with its series, “What They Know,” about the many ways your “private” online information is being sold and tracked) begin today’s story like this:
At 1 a.m. on May 7, the website PatientsLikeMe.com noticed suspicious activity on its “Mood” discussion board. There, people exchange highly personal stories about their emotional disorders, ranging from bipolar disease to a desire to cut themselves.
It was a break-in. A new member of the site, using sophisticated software, was “scraping,” or copying, every single message off PatientsLikeMe’s private online forums.
PatientsLikeMe managed to block and identify the intruder: Nielsen Co., the privately held New York media-research firm. Nielsen monitors online “buzz” for clients, including major drug makers, which buy data gleaned from the Web to get insight from consumers about their products, Nielsen says.
“I felt totally violated,” says Bilal Ahmed, a 33-year-old resident of Sydney, Australia, who used PatientsLikeMe to connect with other people suffering from depression. He used a pseudonym on the message boards, but his PatientsLikeMe profile linked to his blog, which contains his real name.
After PatientsLikeMe told users about the break-in, Mr. Ahmed deleted all his posts, plus a list of drugs he uses. “It was very disturbing to know that your information is being sold,” he says. Nielsen says it no longer scrapes sites requiring an individual account for access, unless it has permission.
Cambridge-based PatientsLikeMe confirmed that after the scraping, which occurred primarily in the “Mood” community, about 200 people withdrew. Overall, the site has about 70,000 users across all communities. And while the company does sell information about its users, the patients are deidentified and the data is aggregated.
“This incident could certainly be considered a violation of our patients’ trust, but it has spurred an important discussion within industry about how to put patients first,” says Jamie Heywood, Co-founder and Chairman of PatientsLikeMe. “It’s also clear that it has not broken the spirit or social contract of PatientsLikeMe when it comes to sharing and learning. The vast majority of members on our site have stayed with us through all of this and perhaps come out even stronger in their commitment in understanding the value of being open.”