Data Privacy Protection

How To Maintain Data Privacy in Today’s Uber-Connected World

By Bojil Velinov, Head of DevOps and Automation at LunaPBC

2020 may be coming to an end, but it marks the beginning of the decade in which we had the largest amount of baby-boomers entering retirement age.

It is also the decade for coming of age for the last millennia generation. In the previous decade, the telephone, radio, and TV had a big influence on their lives. Now, internet connectivity, social networks, and instant information is changing everything we knew about communication. Both generations benefit from the exposure and existence of technology, or what we now have evolved to call, “high-tech.”

While earlier technologies were rendered as one-directional communication, new technologies have evolved to ingest vast amounts of input, processes, all while delivering information to us more quickly, efficiently, and accurately. Both past and current technologies depend on personal data to validate themselves and improve their services.

In today’s über-connected world, data privacy is more important than ever before. Everywhere we go, we leave behind a trail of data breadcrumbs that share valuable information about who we are and what we do. Whether knowingly or unknowingly, we often victimize ourselves to fulfill our desire for high-tech convenience. But even the simplest activities, like checking the weather or connecting to a free WiFi network, can put our data at risk. With modern internet-connected devices literally in the palm of our hands, we are constantly under indirect surveillance. Sites we visit regularly, products we engage with on social media, articles we read on search engines all contribute to our digital profiles. 

This raises the questions, how much exposure of our private lives is beneficial to ourselves and society? How much of our private data is monetized with no direct benefit to us as the creators? These questions contain many perceptions and tangents and raise many conversations between team leaders at LunaPBC. We strive to understand all arguments related to data collection, but always resort to the unanimous agreement that people belong at the center. Until every company aligns with our values and beliefs, it’s at least assuring to know that data privacy is headed in the right direction, with the implementation of the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). I’m anticipating other federal and state legislative initiatives aimed at protecting individual data on the horizon. 

Privacy is directly connected to our liberties, but liberties don’t exist in a vacuum. We all have to, more-or-less, agree on what’s right even as complex social organisms. For society to not only exist but thrive, liberties should require justice, and achieving this may require individuals to partially share some privacy. In other words, individuals, as integral members of the society, should always be in control of their privacy. Our actions, demands, and understanding of privacy can help us shape a “new” internet, and with that our continuous stream of data.

Obtaining data privacy, reducing your digital vulnerability, and maintaining control starts with protecting your passwords.  

Don’t Make Your Password Easy to Guess

  • 123456 and password are the most commonly used passwords. Don’t use them.
  • Switching a letter for a symbol (p@ssw0rd!) is an obvious trick hackers know well.
  • Avoid favorite sports teams or pop culture references. Use something more obscure.
  • Don’t use a single word like sunshine, monkey, or football. Using a phrase or sentence as your password is stronger. 
  • Don’t use common number patterns like 111111, abc123, or 654321.
  • Adding a number or piece of punctuation at the end doesn’t make your password stronger

Create More Than Just a Strong Password, Create Various Strong Passwords

  • The strength of your passwords directly impacts your online security.
  • Use a password manager to remember all your passwords.

Kicking off the decade with data privacy top of mind can ensure you have yourself safe and secure years ahead. 

A man's hands typing on a laptop keyboard

Health Data Privacy: Why Eroding Public Trust Harms Medical Research

By Scott Kahn, Ph.D, Chief Information Officer at LunaPBC

Using Data Privacy to Empower Health Research

The importance of data security and data privacy policies have recently come under scrutiny due to revelations around Google’s Project Nightingale. The initiative with Ascension, the nation’s largest nonprofit health system, granted Google access to medical records of more than 50 million individuals in 21 states and may hinder the trajectory of health discovery by eroding “consumer” trust. 

While historically it might have been a safe harbor to stay within the letter of the law, consumer sentiment around health data privacy, control, and opportunity has shifted dramatically in the last year. The biggest challenge affecting the sharing of individual data is the establishment of trust between the individual and the researcher. Mistrust has developed as a result of the unethical and/or unconsented use of data for research purposes – like the cases of HeLa cell line creation, and the Tuskegee and Havasupai studies – and are reinforced by more recent examples –  like the study to find a gay gene and the study of extreme inheritance using the UK BioBank.  Innovations in genomics and AI benefit the population and fuel the changing needs of discovery, however, when trust and transparency are compromised, health discovery can be harmed. 

Re-establishing trust amongst individuals contributing data for research must be addressed directly through various efforts, including:

  1. The transparency of data handling and data usage,
  2. A measure of reciprocity in the value achieved via data usage, and
  3. The ability of the individual data contributor to exert control over the use of their data throughout the research process.

Ideally, these elements contributing to the re-establishment of trust are implemented through adequate technologies, contractual arrangements with research participants, and a regulatory oversight environment that enforces accountability on the part of the data manager. 

Switching the model of control from institutions to individuals offers a solution that can empower health research that is more representative of the population(s) in need of improved and more cost-effective healthcare.  

Benefits of Establishing Trust in Research

Researchers can establish trust via the secure, seamless contribution from participants that have otherwise been grossly under-represented in medical research. For example, a recent study from the National Cancer Institute Center to Reduce Cancer Health Disparities found only one-tenth of their biorepositories specimens are from non-white patients. Despite this lack of wide-spread ethnic representation, there are several studies that signal the benefits of research including understudied populations that include the revelation of new insights on disease and therapy response. Moreover, not all of the global population is of European descent, which suggests potential benefits of expanded diversity as the field of precision medicine evolves to address the growing needs in healthcare that can benefit all people.

Additionally, a health data platform that implements privacy policies, enables individual control and prioritizes trust inverts the research paradigm, transforming the individual data contributor from research subject into a research partner. This new person-centered paradigm holds the promise of a valued community engagement that fuels richness and depth of information that is longitudinal and provides researchers the information needed to unlock discoveries necessary to prevent the onset of disease and even intervene unavoidable disease earlier. 

Preventing Misuse of Data in Research

Fortunately, the technical requirements of transparency, reciprocity, control, and privacy can be supported by modern infrastructures that have moved into the mainstream of information technology. Cloud platforms provide a level of security that can be coupled to a set of privacy policies that fully support data privacy control by individuals. Furthermore, the coupling of an immutable corporate charter to focus on data uses that directly contribute to societal benefit via health and medical research ensures that data misuse is prevented contractually. 

Holding Researchers Accountable

Several processes are still required to ensure that the use of data is restricted to research aimed at health and medical advancements. The first is the evaluation of potential researchers and their discovery aims. The second is that all operations on data are themselves available for public review and are executed in an environment that can leverage security authorizations of data contributors and data researchers alike. The final process required involves the downstream research usage of data shared that should remain under the control of the data subject rather than downloaded to a research environment beyond the control of the data subject.  It is essential that these processes support the ability of data subjects to completely erase their data to be “forgotten.” 

The continual erosion of public trust in the storage and sharing of their medical data only serves to harm medical research. It is the responsibility of the institution to implement and adhere to strict data privacy policies that recognize an individual’s right to control their data. Health research will be enhanced through more representative participation (ie, social, economic, and ethnic diversity) that in turn should empower discoveries otherwise unachievable. By establishing a direct engagement with the individuals in a study as partners, the researcher can support the individuals’ desires to have a positive societal impact through the sharing of their data.  

Scott Kahn

About Scott Kahn, Ph.D.
Scott is the Chief Information Officer at LunaPBC, Board of Directors at Rady Children’s Institute for Genomic Medicine, and former Chief Information Officer and Vice President Commercial, Enterprise Informatics at Illumina. He’s integrating data privacy and security provisions that comply with GDPR and HIPAA at LunaDNA, the world’s first people-powered health database that offers shares of ownership to health data contributors.

Luna is bringing together individuals, communities, and researchers to better understand life. Directly drive health discovery by joining the Tell Us About You study. The more we come together to contribute health data for the greater good, the quicker and more efficient research will scale, and improve the quality of life for us all.  

Click here to get started.