Skip to main content

Emerging Data Privacy Issues: Discussion from the First Cybersecurity and Technology Futures Event

January 30, 2019

Author:

Connor Herriford

This event was the first in a series of events. The next one will focus on systemic risk. It will be on February 6 at 3pm in the Peterson Room in the Allen Library on the UW campus. The full schedule can be found here.

Speakers from the public and private sector spent the afternoon of January 23 addressing emerging and persistent data privacy issues while calling attention to future challenges and potential threats. The speakers were Frances Dewing, the CEO and Co-Founder of Rubica, Inc.; Ivana Lichtscheidl, the Director of Compliance, Privacy, and HIPAA Security Officer of Pioneer Human Services; and Ann Nagel, the UW’s Associate Vice Provost for Privacy, University Privacy Officer, and European Union General Data Protection Officer. The Jackson School of International Studies’ Professor Sara Curran was the moderator of the panel.

Ms. Dewing is the CEO of Rubica Inc., a cybersecurity company that concentrates on providing security solutions to families and every day consumers. Ms. Dewing began by calling attention to the inadequacy of the tools consumers have access to; noting that individuals (rather than corporations) are the primary target of the majority of cyberattacks. She also explained the subtle differences between security and privacy – accentuating the idea that security is about preventing loss, harm, or intrusion whereas privacy is about keeping information from being shared or public. She then elaborated on the necessity for a shift in consumer’s mindsets. Stating, for example, that consumers should not purchase a (technological) product from a manufacturer without understanding its privacy policies, the strength of security, and how the manufacturer will use the data. Ms. Dewing argued that the need for a cognizant consumer is emphasized by the security versus convenience debate: consumers have varying levels of risk appetites, or willingness to release personal information, based on the convenience the product provides. She stated that this was one of the large risks moving forward – consumers are becoming increasingly comfortable with the amount of data being harvested without minding the risks involved.

Ms. Lichtscheidl, the Director of Compliance, Privacy, and HIPAA Security Officer of Pioneer Human Services, provided a unique perspective by focusing on privacy issues in the healthcare IT environment. In healthcare, the federal government requires organizations to identify Personal Identifiable Information (PII) as well as Protected Health Information (PHI) and secure this data properly. Ms. Lichtscheidl identified the trends and challenges in healthcare system – specifically drawing attention to mergers and acquisitions and especially affiliations – which may be shorter term ventures. As an example, Ms. Lichtscheidl referenced the short-termed affiliation of Virginia Mason and Evergreen Health, focusing the listeners on the pivotal issue of patient data migration and, subsequently, patient data ownership after an organizational affiliation is terminated. According to Ms. Lichtscheidl, medical records are worth ten times more than a credit card number on the black market, which makes hospitals and healthcare institutions a prime and frequent target of cyber criminals. As a final note, she stated that, in healthcare, privacy ends where public safety begins (referencing exceptions specifically listed in HIPAA and 42 CFR Part 2 where disclosure without consent is permitted, additionally reflecting on the 1976 Tarasoff case); underlining that if public safety were to become a concern because of a patient, that the healthcare system may release a patient’s private information.

Ms. Nagel, the Associate Vice Provost for Privacy, University Privacy Officer, and European Union General Data Protection Officer at the University of Washington, began by discussing global privacy. She argued that as consumers become more connected to devices, they provide more data. This data becomes increasingly valuable to large corporations for use in their supply chains, to predict future consumer needs, and to cater their products to the consumers. However, Ms. Nagel argued that as nice as it may seem to have personalized products, it is still personal data, and consumers need to be more aware of that. Ms. Nagel also asserted that privacy is becoming a discussion of legal regulations, as a variety of corporations are releasing governance reports on privacy and state legislatures are raising awareness around the meaning and definition of the term. One of her main focal points was that, globally, we need a more holistic approach to ensure data privacy protection. This approach could be more compliance based, where the law says what a person can or cannot do — or contingency based, which is a response framework in the event of compromises. Regardless, Ms. Nagel emphasized the need to reassess the global perspective on data privacy in a way that is more coherent and less nuanced.

The talk was the first in a series of talks on Cybersecurity and Technology Futures. The next talk is on February 6, 2019 at 3pm in the University of Washington’s Allen Library’s Peterson Room. The speakers include: Mary Gardner, Chief Information Security Officer, F5; Annie Searle, Lecturer, UW Information School; and Michele Turner, Senior Manager, Amazon. Jessica Beyer, Lecturer, UW Jackson School of International Studies will moderate.

The speaker series is sponsored by the University of Washington’s Jackson School of International Studies, Information School, and Women’s Center with support from the Carnegie Corporation of New York.

This event and publication were made possible in part by a grant from Carnegie Corporation of New York. The statements made and views expressed are solely the responsibility of the author.