Echo of Non-Compliance
Everyday, we hear about new ways we can use our smart speakers. Retailers, radio stations, product companies, and others remind us that we can use our Amazon Echo or Google Home to buy, listen, or learn. The term “smart speaker”, however, is misleading. These are microphones and they are always listening. They are also likely recording everything they hear.
If you are covered by HIPAA or other privacy regulations, do not talk about protected information within earshot of Alexa.
This warning stems from a 2015 murder case in Arkansas. Believing that the Amazon Echo may have “heard” a murder, the District Attorney subpoenaed any recordings that Amazon may keep from the device. Amazon fought the decision on First Amendment and privacy rights, not by claiming that it was not recording. Amazon did not deny having recordings.
The issue for data privacy compliance is that your smart speaker may be listening to and recording conversations you have about protected information. Allowing this is a violation of HIPAA and other regulations protecting personal identifying information (PII).
When is your Amazon Echo recording?
The short answer is: we are not sure, but maybe always.
Better Safe Than Sorry
When speaking about sensitive or protected information, stay away from your “smart speaker” or manually mute the device.
One more thought: Ever notice how after certain conversations, you see ads on Facebook related to the topic discussed? Unless you turn off microphone access, Facebook is using your phone to listen to your conversations, analyze what you say, and profile you. Letting Facebook listen is another potential HIPAA and PII breach.