As much as we try to tighten data security, no one imagines that absolute safety is ever possible. The recent leak of records from the HIV registry will surely be followed by further breaches, some maybe even more extensive. Is laying on ever more layers of security the only possible response?
On 28 January 2019, the Health Ministry revealed that over 14,200 records of HIV-positive persons had been stolen and leaked online. They included details of 5,400 Singaporeans diagnosed with HIV up to January 2013 and 8,800 foreigners diagnosed up to December 2011.
The ministry accused Mikhy K Farrera Brochez, a US citizen of possessing and releasing the data. Brochez was at one time the partner of Ler Teck Siang, a doctor who, from March 2012 to May 2013, was head of the National Public Health Unit, giving him access to the records.
If we look really hard at the matter, this is not an HIV issue. This is not even, at least not solely, a data security issue. Our hand-wringing is actually about the impact that this leak may have on the people affected. Roy Chan, the founding president of Action for Aids, wrote an insightful article for the Straits Times, pointing out that we need to reduce stigma.
Wrongful dismissal
The Ministry of Manpower soon suggested that should an employer fire an employee solely because of his HIV status, it would constitute wrongful dismissal. (See the 3 Feb 2019 Straits Times story HIV data leak: Having HIV can’t get you fired but could affect chances of getting a job.) Although posts on social media have thrown cold water onto this by pointing out that such a position is not written into law, they misunderstand the leeway available to administrative processes. Now that a clear statement has been made by the ministry, one should be able to rely on this for countering instances of HIV-linked dismissal.
But reinstatement into a job as a result of a successful appeal is not a viable solution. If an employer and perhaps many of its other employees hold highly prejudicial attitudes, resuming the job is just a ticket to continued ostracism and misery.
Moreover, as the Straits Times’ story pointed out, HIV-positive persons would have a harder time getting a job in the first place if employers continue to ask for health history — which is not illegal.
This issue is once again that of stigma.
Not just HIV
So, in the certainty that more data leaks will happen however hard we improve cyber-security, we should also ask ourselves what else we can do to mitigate the damage that follows. That said, the next leak will almost surely not involve HIV, but will throw the spotlight on a different type of stigma.
I’m reminded of the time when being gay was a secret one kept to oneself and at most a handful of close, trusted friends. To be outed would bring serious consequences on employment and on family relationships — with implications for mental health and housing. Friends might quickly become distant. Gay-bashing was an experience that many faced.
The solution was not thickening the walls of secrecy, adding more locks to gates. The solution was coming out. As more and more did so and, in the process, argued for a more enlightened understanding of sexual orientation. the stigma of being gay was reduced. It’s not yet completely eradicated, but I’d say that in Singapore, we’ve come a long way.
The next leak may be about people with prison records or unmarried mothers or of Malays who have left Islam. Would we be wringing our hands as tightly again?
Heterogeneity and resilience
It’s a known fact that genetic variability within a species confers resilience to disease. Clones by contrast can all be wiped out by a single infection. The same applies to the social landscape. A society that is more accommodating of differences and less judgmental of others will be more resilient to the next data leak. If people would just simply shrug when they learn that their workmate had once been in jail, then society would be less disrupted with the loss of privacy.
Stigma is a tool for the powerful and the privileged to impose their ideas of social acceptability upon others. Sometimes, it remains relevant and useful. Unreformed child molesters and recalcitrant cheats should never be deemed acceptable in our midst. But more often than not, stigma is used to penalise attitudes and behaviour simply for their difference when no social harm is demonstrable. The less we have of the latter type, the less the pain when confidentiality is broken. A tolerant society has greater immunity to data breaches.
Yawning Bread 
0 Responses to “Tolerant societies and immunity to data leaks”