Data privacy is an enormous issue in a world where people and organizations rely on mobile devices, social media channels and “big data” for everything from their job to their health care and the delivery of innovative services. There’s an overwhelming volume of personal information about each of us stored on various computers and in the “cloud” and moved through the airwaves every day. How often have you clicked on a site to be subsequently sent related adverts and emails, and even birthday wishes?
Consumers, companies and policy makers are all increasingly concerned with how that information is or can be used. People were already concerned about the impact of data breaches, which have become more frequently reported in recent years. The recent controversies involving how Facebook and other companies use and sell the information they collect on their subscribers has increased scrutiny and added to calls for greater legal and technical protections on personal data. In this context, the European General Data Protection Regulation, which has been adopted some two years ago by the European authorities, comes into force on May 25.
Our digital culture means our lives are open books and some of the most sensitive personal information out there relates to health care. Not only are comprehensive electronic health records (EHRs) becoming the standard, advances in technology gradually allow for the processing of genomic information and DNA profiles. That has heightened concern about how well protected that information is from prying eyes and misuse.
At Sanofi, that means keeping a close eye on how such personal data is collected and handled with a priority on compliance with privacy and data protection rules.
“Sanofi is becoming increasingly digital; data is therefore at the core of everything we do, and the advance of medicine relies on personal data,” said Lionel de Souza, Group Data Protection Officer for Sanofi and the executive in charge of compliance with the new EU directive. “Being an international group headquartered in Europe, Sanofi is deeply rooted in the European culture of privacy and data protection, in viewing privacy and data protection as a fundamental rights that everyone is entitled to. So that means that, even if we see advantages to processing personal data in certain ways, we will only do so if it is consistent with the protection of these rights and the law.”
While many consumers may prefer to withhold access to their personal information for marketing purposes, when it comes to health care, this digital transformation is an essential component of the advancement of medicine and health care.
As “precision” medicine and better predictive preventive care become the standard, access to detailed personal health information is vital to providing the right diagnosis, treatment and follow-up to ensure a medicine’s long-term safety. Personal medical and contextual types of health data contribute to the prediction of relevant outcomes and provide essential information for predicting the likelihood an individual to develop a serious condition, such as breast cancer, or the response of a patient to a treatment. Aggregated information can help researchers developing new medicines or public health officials trying to prevent or control epidemics.
The challenge for companies like Sanofi is two-fold: Helping people understand the need for researchers and others in the health care industry to have access to personal health information, while also ensuring it has the technologies and processes in place to protect that information. The first step is to develop the right policies; the second is to constantly search for and implement new technologies are making it possible to do both things: Keep data private but also let it be shared in a useful way.
“New technology gives Sanofi the opportunity to make use of the data, but only the data that is relevant, and we make sure we implement security measures that are adequate relative to the data which is processed,” said de Souza. “If we can use aggregate or anonymized data, we will. But having the ability to process data allows Sanofi to offer better service and support to patients and to health care professionals.”
While the new EU regulation does not revolutionize the approach to privacy and data protection, de Souza said, it does heighten Sanofi’s awareness of the issue and focus on the issue. In fact, this regulation could also help to align the various rules that prevail around the world. The new EU legislation is being seen as the outline of a standard, de Souza said – and even if international regulations lag, global companies tend to adopt the most stringent rules as their standard. It also means that Sanofi “takes great care selecting partners to ensure that they will protect personal data” that must be shared.
He also notes that individuals can help protect their privacy, by being mindful of what information they share, and by checking on the privacy policies and reputation of the companies with which they share information. It also means reconsidering that sharing on a regular basis.
“Anyone who wants to get control of their data should review it on a regular basis, and remember they have rights to access data and to update it,” he said.