Data Protection aims to protect people's personal information by ensuring individuals have rights over their data, creating rules on how companies and governments can use data, and placing regulators to enforce the application of the laws. Nowadays, data protection has become more complicated than ever. New challenges have emerged in the form of new technologies and business models, especially considering that new services and systems highly rely on Big Data analytics, data sharing, tracking and profiling. The majority of the digital interfaces and platforms used in our everyday lives collect lots of data deriving from human behaviour. Almost all of the devices we wear, carry and interact within our homes, generate and track more and more data. In the modern era, protecting people's privacy is critical to effective and good democratic governance.
Data Privacy, which is also known as information privacy, constitutes a significant aspect of information technology (IT) dealing with the organisation's or individual's ability to define what data a computer system can share with third parties. Compliance regulations have been repeatedly created in response to the needs of a particular industry or section of the population. Such examples include the Children’s Online Privacy Protection Act (COPPA), giving parents control over what information websites collect from their kids, as well as the Health Insurance Portability and Accountability Act (HIPPA), securing patient confidentiality for all healthcare-related data.
Nevertheless, despite increasing awareness in regards to the right to data privacy in many countries, there is still a lack of legal and institutional infrastructure to support the protection of human rights. In particular, some parts of the world suffer from either a lack of regulatory and legal frameworks or a poor implementation and enforcement plan.
In the healthcare sector, data privacy issues often have a substantial impact. For example, Australia government officials have recently warned a “significant” technical glitch affecting an Australian Digital Health Agency's system, called My Health Record. The issue that emerged resulted in critical information to be missing or incomplete from the patient file.
Under this prism, the European Union has recently decided to proceed with the application of a new General Data Protection Regulation, which includes a set of important data protection rules ensuring that individuals have more control over their personal data while businesses can benefit from a level playing field. The Facebook/Cambridge Analytica revelations have shown that EU made the right choice to conduct an ambitious data protection reform, which applies as of 25 May 2018 to all companies operating in EU, regardless of their base location.
More specifically, the new EU regulation brings several improvements to deal with data protection violations:
- Clear language. Privacy policies have to be written in clear, straightforward language and not in lengthy and complicated terms.
- Consent from the user. The user needs to give affirmative consent before a business can use their data. Silence is no longer considered a valid user consent to data processing.
- More transparency. Businesses need to inform the user whenever their data is transferred outside the EU. Additionally, they can collect and process data only when there is a clearly-defined purpose.
- Stronger rights. Users must be informed by their respective businesses immediately in the case of a harmful data breach. Furthermore, the user should be provided with the ability to access, move, or even request the deletion of their data.
- Stronger enforcement. The European Data Protection Board has the power to provide guidance and interpretation and adopt binding decisions in case the same case concerns several EU countries.
Here at Newlife IVF, we consider the protection and security of personal data a matter of high importance and priority due to the extremely sensitive environment in which we operate.
There are a variety of reasons for placing a high value on protecting the privacy, confidentiality, and security of health information. Medical records may include some of the most intimate details about a person’s life, such as a patient’s physical or mental health, personal relationships or even financial status. A potential data breach can have a huge negative impact, leading to scenarios of medical fraud or even identity theft.
The goals of our security plan are threefold: to ensure that (a) only authorized staff members can see stored data, (b) they only see the data when they need to use it for an authorized purpose, and (c) what they see is accurate. When it comes to security, we strongly believe that prevention is a matter of extreme importance. We maintain a comprehensive risk register that includes all the cases where something can go wrong and anticipates problems so we can correct things before even the problem occurs. Regarding patient data, we deploy several techniques to prevent any potential data loss starting from a well-designed backup plan. The preventive measures of our disaster recovery plan include the storage of data on local, as well as, remote backup servers. Moreover, our users can request their data to “be removed” or “transferred” at any time.
The security and reliability of our services are also a top priority. We invest heavily in the training of our staff and our infrastructure to ensure that best practices are followed in everything that we do. We use two-factor authentication for all critical systems and communications services, and automatically log all staff activity using an internal logging tool. Moreover, we only use third-party services, such as Amazon Web Services, which are fully vetted and adhere to the highest levels of privacy and security practices. All the information stored and transmitted is encrypted with AES 256-bit military grade encryption technology, which is the strongest and most robust encryption standard that is commercially available today.