[Businessmtg] Anonymity on the WSO app

[Mary Abbott]

Below is the content is from the WSO app about meeting security within their app. Note that e clearly states that meetings chats are formatted so that they cannot be copied or saved. The journal option within the app is individual passcode and encrypted protected. The app does keep my contact information for business purposes only. For recovery purposes, there are safeguards to protect my anonymity and no group content is saved or available for anyone to go back and look at. As stated, these safeguards put the meeting in compliance with US federal HIPPA regulations that protect the privacy of individuals. 

At ASP, like the WSO, anyone can sign up for an ASP account. However, once they sign up at ASP,  have full access to all of our past shares and email addresses of all of the present and past members who have shared. What keeps the husband of a wife in recovery from becoming a member and reading all of her recovery shares? Nothing keeps the husband from doing that because there is a permanent written record easily available on our ASP website. 

Archiving shares may be convenient for some administrative tasks but it violates anonymity which is the spiritual foundation of our organization. Although our website states that shares are archived, once a member decides that they don’t want their shares saved, there is no recourse to have those shares removed. I believe that is a potential HIPPA violation of personal information being easily accessible to anyone who chooses to become an ASP member no matter their reason for joining. 

Archiving shares is just wrong and should be stopped. 


6:31
< Frequently Asked Questions
이 100.
What is the level of security of the app, journals and meetings?
Access to app code is restricted through highest levels of authentication through
unique tokens, validation of input to prevent unauthorized content being sent to the database.
The database (where journal and other member information is stored) is only accessible through authorized credentials and not exposed to any servers. The journalis a private entry for an individual, an API exposed for journals always makes sure that only the user with the relevant token can access the journals from the database. No user or admin can access another user's journal. Login process uses SSL, 2-factor authentication and passwords are encrypted before storing. Chat messages feature end-to-end encryption and they move to the back-end database via a protected layer (SSL).
Al-Anon meetings in the app are powered by Zoom with Health Insurance Portability and Accountability Act (HIPAA) compliance enabled. In the app you will see this added security is identified by a green shield inside the meeting. The HIPAA compliance provides the following additional securities:
Disallows cloud recordings
Forces out of meeting chat encryption on
Forces encryption for 3rd party endpoints
Disables streaming to any service that only supports RTMP
Prevents copying or saving meeting chats
The app only provides the member's display name to Zoom when a member joins a meeting in the app.

Sent from my iPhone