Home / Tag Archives: data management

Tag Archives: data management

Audit of NHS Trust’s app project with DeepMind raises more questions than it answers

A third party audit of a controversial patient data-sharing arrangement between a London NHS Trust and Google DeepMind appears to have skirted over the core issues that generated the controversy in the first place. The audit ( full report here ) — conducted by law firm Linklaters — of the Royal Free NHS Foundation Trust’s acute kidney injury detection app system, Streams, which was co-developed with Google-DeepMind (using an existing NHS algorithm for early detection of the condition), does not examine the problematic 2015 information-sharing agreement inked between the pair which allowed data to start flowing. “This Report contains an assessment of the data protection and confidentiality issues associated with the data protection arrangements between the Royal Free and DeepMind . It is limited to the current use of Streams, and any further development, functional testing or clinical testing, that is either planned or in progress. It is not a historical review,” writes Linklaters, adding that: “It includes consideration as to whether the transparency, fair processing, proportionality and information sharing concerns outlined in the Undertakings are being met.” Yet it was the original 2015 contract that triggered the controversy, after it was obtained and published by New Scientist, with the wide-ranging document  r aising questions over the broad scope of the data transfer ; the legal bases for patients information to be shared; and leading to questions over whether regulatory processes intended to safeguard patients and patient data had been sidelined  by the two main parties involved in the project. In  November 2016  the pair scrapped and replaced the initial five-year contract with a different one — which put in place additional information governance steps. They also went on to roll out the Streams app for use on patients in multiple NHS hospitals  — despite the UK’s data protection regulator, the ICO, having instigated an investigation into the original data-sharing arrangement. And just over a year ago  the ICO concluded that the Royal Free NHS Foundation Trust had failed to comply with Data Protection Law in its dealings with Google’s DeepMind. The audit of the Streams project was a requirement of the ICO. Though, notably, the regulator has not endorsed Linklaters report. On the contrary, it warns that it’s seeking legal advice and could take further action. In a statement  on its website, the ICO’s deputy commissioner for policy, Steve Wood, writes: “We cannot endorse a report from a third party audit but we have provided feedback to the Royal Free. We also reserve our position in relation to their position on medical confidentiality and the equitable duty of confidence. We are seeking legal advice on this issue and may require further action.” In a section of the report listing exclusions, Linklaters confirms the audit does not consider: “The data protection and confidentiality issues associated with the processing of personal data about the clinicians at the Royal Free using the Streams App.” So essentially the core controversy, related to the legal basis for the Royal Free to pass personally identifiable information on 1.6M patients to DeepMind when the app was being developed, and without people’s knowledge or consent, is going unaddressed here.

Read More »

Facebook data misuse firm snubs UK watchdog’s legal order

The company at the center of a major Facebook data misuse scandal has failed to respond to a legal order issued by the U.K.’s data protection watchdog to provide a U.S. voter with all the personal information it holds on him. An enforcement notice was served on Cambridge Analytica affiliate SCL Elections  last month  and the deadline for a response passed without it providing a response today. The enforcement order followed a complaint by the U.S. academic, professor David Carroll, that the original Subject Access Request (SAR) he made under European law seeking to obtain his personal data had not been satisfactorily fulfilled. My prepared statement to @EUparliament committees today on my data quest to recover my Cambridge Analytica data under UK/EU law. The company did not respond to the @ICOnews Enforcement Order due today. We are now in uncharted waters. pic.twitter.com/8djPQykHAt — David Carroll (@profcarroll) June 4, 2018 The academic has spent more than a year trying to obtain the data Cambridge Analytica/SCL held on him after learning the company had built psychographic profiles of U.S. voters for the 2016 presidential election, when it was working for the Trump campaign. Speaking in front of the EU parliament’s justice, civil liberties and home affairs (LIBE) committee today, Carroll said: “We have heard nothing from SCL in response to the ICO’s enforcement order. So they have not respected the regulator

Read More »

Toward transitive data privacy and securing the data you don’t share

Anshu Sharma Contributor Anshu Sharma is a serial entrepreneur and a former venture partner at Storm Ventures . More posts by this contributor The unbeatable advantage of Apple and Amazon An engineer’s guide to picking a startup We are spending a lot of time discussing what happens to data when you explicitly or implicitly share it. But what about data that you have never ever shared? Your cousin’s DNA We all share DNA  —  after all, it seems we are all descendants of a few tribes. But the more closely related you are, the closer the DNA match. While we all know we share 50 percent DNA with siblings, and 25 percent with first cousins  —  there is still some meaningful match even between distant relatives (depending on the family tree distance). In short, if you have never taken a DNA test but one or more of your blood relatives has, and shared that data  —  some of your DNA is effectively now available for a match. While this may have seemed like theory a few weeks ago, the cops caught the  Golden State Killer by using this method . Cambridge Analytica A similar thing happened when data was mis-used by Cambridge Analytica . Even if you never used the quiz app on the Facebook platform but your friends did, they essentially revealed private information about you without your consent or knowledge. The number of users that took the quiz was shockingly small  —  only 300,000 users participated. And yet, upwards of 50 million ( as many as 87 million ) people eventually had their data collected by Cambridge Analytica

Read More »

BigID lands in the right place at the right time with GDPR

Every startup needs a little skill and a little luck. BigID , a NYC-based data governance solution has been blessed with both. The company, which helps customers identify sensitive data in big data stores, launched at just about the same time that the EU announced the GDPR data privacy regulations . Today, the company is having trouble keeping up with the business. While you can’t discount that timing element, you have to have a product that actually solves a problem and BigID appears to meet that criteria. “This how the market is changing by having and demanding more technology-based controls over how data is being used,” company CEO and co-founder Dimitri Sirota told TechCrunch. Sirota’s company enables customers to identify the most sensitive data from among vast stores of data. In fact, he says some customers have hundreds of millions of users, but their unique advantage is having built the solution more recently. That provides a modern architecture that can scale to meet these big data requirements, while identifying the data that requires your attention in a way that legacy systems just aren’t prepared to do. “When we first started talking about this in 2016 people didn’t grok it. They didn’t understand why you would need a privacy-centric approach

Read More »