this post was submitted on 14 Jan 2024
1017 points (98.8% liked)

Technology

59039 readers
3615 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 40 points 9 months ago* (last edited 9 months ago) (4 children)

A lot of healthcare and education institutions use Outlook as well, so I wouldn't be surprised if mental health or legal uses it too. There may be rules about what kind of client/student/patient information can be sent over email, and often there are healthcare/institution specific variants of the office suites which (are supposed to) meet regulatory requirements

I think the other comment applies regardless. Do work things on the work device/account and let the workplace handle any other concerns. When it comes time to discuss alternatives, you can make a case for something else

[–] [email protected] 17 points 9 months ago (2 children)

I mean it even harvests typing data and Outlook also includes calendars etc… It’s really bad.

But yes, I just suggested a re-evaluation of the use of Microsoft Outlook to my company …

[–] [email protected] 7 points 9 months ago (1 children)

What would you get them to use instead? I use Proton personally, but I doubt many companies are using it at scale.

[–] [email protected] 2 points 9 months ago

Use geary as a client with a private company selfhosted mailserver.

[–] [email protected] 2 points 9 months ago

A company would use a Microsoft 365 plan that includes Outlook for Office 365, not a Windows Mail app. An the MS365 agreement would come with protections of company data from sharing with advertisers.

In other words, I wouldn't worry if my company used Outlook. But never log in to your private mailbox from a corporate device.

[–] [email protected] 4 points 9 months ago

There are dozens of articles about mental health systems selling patient data.

People are worried about these dystopian futures, completely unaware that we're living in one today. You can't do anything, go anywhere, or buy anything without it being logged and sold for profit. Not without spending years of your time becoming a cyber security expert.

[–] [email protected] 3 points 9 months ago

Cloud services who want the business of healthcare providers usually offer a separate service for customers who need enhanced privacy.

Google etc have this option.

Also Microsoft has “pay for enterprise control” for businesses. Businesses can pay for their data not to be collected or at least sent to a business controlled server.

[–] [email protected] -1 points 9 months ago (2 children)

All of it is compatible with HIPAA.

[–] [email protected] 2 points 9 months ago (1 children)

There is more than one country on this planet.

[–] [email protected] -4 points 9 months ago (1 children)

Yes, and plenty of them use HIPPA or variants of it as a standard. There will certainly be a control mapping from any other law or standard used and 365 is going to be mostly compatible with them all.

[–] [email protected] 2 points 9 months ago (1 children)

Not trying to dismiss your view, but I am not aware of any country outside US using HIPPA as a standard. I'm also not an expert in this so probably mistaken. Which country are you thinking of?

[–] [email protected] 1 points 9 months ago (1 children)

It isn't HIPAA in other countries. But it is similar enough that you can easily find white papers and crosswalks in compliance communities. The difference between HIPAA and gdpr is mostly informed sharing and where that's permissible https://www.microsoft.com/en-us/industry/blog/healthcare/2018/05/14/gdpr-implementation-hipaa-compliance-what-you-need-to-know/

Linked on that page is a PDF example. The execution and requirements are mostly the same.

[–] [email protected] 1 points 9 months ago

I see what you mean yes. Some common principles can be found outside of the US