I’m curious whether the increasingly invasive telemetry of modern Windows will have legal implications surrounding patient privacy here in the US. I work IT in the healthcare field, and one of our key missions is HIPAA compliance. What, then, will be the impact if Microsoft starts storing more and more in-depth data offsite? Will keyboard entries into our EHR be tracked and stored in Microsoft’s servers? Will we subsequently be held liable if a breach at Microsoft causes this information to leak, or if Microsoft just straight-up starts selling it to advertisers? Windows is our one-and-only option for endpoint devices, so it’s not like we can just switch.
I genuinely don’t have the answers to these questions right now, but it may start to become a serious conversation for our department in the future if things continue at the trajectory they’re going at. Or, maybe I’m just old and paranoid and everything will be okie dokie.
Sadly a lot of the privacy switches are exclusive to enterprise and education users, but our endpoints are running Pro (we have our previous supervisor to thank for that). I guess I’ll hope this is one of the ones we can just toggle off without any fuss.