Home CXO FILES CTO Tony Jarvis on data privacy and the coronavirus pandemic

CTO Tony Jarvis on data privacy and the coronavirus pandemic

November 17, 2020

EXECUTIVE SUMMARY:

Tony Jarvis, Chief Technology Officer of Asia Pacific and Japan region for Check Point Software, collaborates with business leaders and CISOs to understand their cyber risk exposure, and to tailor effective cyber security strategies to meet their needs. In addition to serving as the CTO for the Asia Pacific and Japan region, Tony contributes to corporate thought leadership, pursues media engagements, and represents the brand as a keynote speaker at international cyber security events.

Data privacy has become an issue in relation to the coronavirus. What are we seeing, globally, right now?

We’re seeing a number of groups come together and establish what are being referred to as ‘data trusts’. The goal of these trusts is to enable sharing of data in a way that is fair and safe. A number of principles will make up the foundation of such trusts and may include elements such as how the data is managed, how those using the data are trained before they access it, and engagement with the general public.

How can organizations more effectively manage their coronavirus-related employee health data?

A growing number of organizations are tracking employee health data, and there are a number of valid reasons why this could benefit the workforce in general. However, such information could be valuable in the wrong hands, as medical information in general is highly sought after by cybercriminals. This means that the highest levels of safeguards must be put in place, such as restricting IT access to authorized individuals, encrypting the data itself, and using adequate cyber security measures.

To manage this newly collected data, should businesses consider hiring data privacy and security specialists?

Ideally, organizations will have some level of security proficiency which includes data privacy. If this is not the case, and health data is being collected, it represents a significant risk for the organization to be in possession of such data without the means to adequately protect it. For those who lack the skills, it is recommended to consult with a trusted advisor who can discuss the options available. This could include training of staff, investments in cyber security capabilities, or outsourcing the protection of such data to third parties.

How can organizations become trusted and transparent when it comes to coronavirus health data collection?

Ultimately it comes down to having the right policies in place. If employee health data is being collected, then those employees should be provided with the details around its collection, use and sharing with outside parties. Individuals should have access to their data upon request. By looking at earlier data privacy legislations, such as the GDPR and PDPA, best practices can easily be replicated.

For consumers, is telehealth putting data privacy at greater risk than traditional in-person physician appointments?

While most medical data is being stored electronically regardless of the nature of the consultation (in-person versus remote), the consultation itself is the real risk that should be addressed here. For example, if a remote consultation takes place using a video conferencing platform that has security vulnerabilities or fails to adequately encrypt the session, this represents a very real privacy risk. The choice of conferencing platform should therefore be carefully considered when making this decision.

How can individuals reclaim control over their own data, if at all?

The primary means of controlling one’s own data is to be aware of who is collecting it and how it will be used and shared. Read the data collection policies when they are made available, understand why and how that data is being used, and determine what avenues are available to query or seek changes to any incorrect information once identified. Health data is one of the tools we have at our disposal to combat the coronavirus pandemic. Rather than trying to suppress the information, it is in the community’s best interests to understand the reason for collecting such data and individuals should make informed decisions on a case-by-case basis.