Isn't securing employee personal information equally important (vis-a-vis' company data) in a BYOD scenario?

The title of a recent article on W.I.R.E.D Innovation Insights asks "How Secure Is Your Company's Information With the Mobile-Carrying Social Employee?" - The apparent one-sidedness of this 'concern' got me thinking that somewhere in all this securing data of employers, the employee's is getting compromised.

Just may be, while designing the data-security solutions the product companies should simultaneously address another question "How secure is the Mobile-Carrying Social Employee's Personal Information with the Company?" - Not just for the heck of it, but so as to come-up with a compliance boosting mutual-data security feature! 

Below is the comment I posted against the above article:

---------------------------------------------------------------------------------------------

An interesting observation in the second paragraph "The second thing that worried me was all the data on the phone, the contacts, the texts and all the account passwords that I had fed into the various applications and the data within those apps".... this aspect doesn't however figure in the solution though...

Sure while employers securing their data by way of ‘remote controlling information even after dissemination’ is probably necessary for justifiable business reasons, the technologies employed for this purpose must not breach the fine-line between ‘securing employers corporate data’ & ‘respecting employees social/ personal data' - as safety of personal data is an equally big concern for the individual in question as suggested by the quoted text above.

As a social corporate employee I personally would hate carrying two smartphones if not for anything else, for the sake of not sacrificing efficiency & convenience. This means my corporate mobile will have to double up as my personal device too & I suspect I’m with the majority in this matter. Given this and given the corporate decision makers too are part of this BYOD environment & since ensuring compliance (by employees) ideally should be a two-way transaction of trust, I believe whichever company develops technologies/ products that equally address both the above aspects will have a sure-shot winner at hand.

Is YODA-enabled clinical data-transparency more than smart externalization of clinical data-mining & analysis?

The day started with a news item on Xconomy declaring "J&JOpens Data Vault to Yale, in ‘Unprecedented’ Transparency Move" - Surely an important development on something that's been propounded for long - below is my comment on this piece;

---------------------------------------------------------------------------------------------

Way back in March 2008 a fellow member initiated a discussion topic titled ”Radical Transparency for Drug Safety?” on Pharmaceutical Discussion Group that I manage. The brief engagement that this topic generated ended up identifying the following as ‘key aspects that need to be addressed’ before radical transparency becomes acceptable to pharma;

• Enabling climate (safe harbor) &
• Some incentivization

Well, it appears Yale cracked this code, of de-risked data-sharing after beta-testing it on rhBMP-2 Project based on Medtronic’s data-sharing, well enough to get J&J aboard this transparency express.

A brief read of the Data Use Agreement of the rhBMP-2 project shows what emboldened, motivated J&J with agreeing to share all its data publicly. Below is a list of clauses within the data use agreement broadly catagorized into the key aspects stated above;

Safe Harbor
Reproduced Text in “quotes”

Section 2.3 - No Direct Identifiers

“The Data will not include any direct personal identifiers ofthe study subjects to whom the information relates, nor will it identify which clinical investigators or sites contributed the data for a particular subject. Within the Data, subjects and investigators are identified by unique identification numbers, and User will not have access to the keys that relate the identification numbers to the identities of the subjects or investigators”

Section 5 - Confidentiality of Data

Across sub-sections 5.1 (obligations of Confidentiality) through to 5.4 (Survival of Obligations)

Section 6 - Subject Protection

“The Data may contain certain information that can be used by itself or in combination with other available information to identify a specific study subject (“Study Subject Personal Data”)”

This section is detailed further through sub-sections/ clauses 6.1 (no re-identification) through to 6.4 (safeguards)

Section 8 – Publications

Prevents user sharing any ‘redacted portions’ of the data fro being referred in any publication.

To the credit of Medtronic & YODA though section 6.3 (Non-Disclosure) allows user to share study subject personal data with the “regulatory authorities, upon lawful request by such authority” – It will be interesting though if a similar openness would be retained in the J&J data use agreement, given the much larger data set & hence greater regulatory implication.

Incentivization
Reproduced Text in “quotes”

Section 7 - Reporting and Use of Results

Obligates user to share all data generated from the analysis/ reserach into the sponsor data with YODA and the sponsor. Further YODA retains the right to make this report public (or not…)

Section 9 - Inventions

“In the event that User utilizes the Data to develop any inventions or discoveries, whether patentable or not (“Inventions”), User will assign to Medtronic all proprietary interests in said Inventions and in the event that User is statutorily prohibited from assigning its interest, User will grant, or ensure that the inventor grants, to Medtronic a fully paid, perpetual, worldwide, exclusive, royalty-free irrevocable transferable license for all purposes, including sub license and assignment to each such Invention without further consideration. User will cooperate with Medtronic to ensure execution and delivery of all documentation that Medtronic reasonably deems necessary to perfect Medtronic’s rights in the Inventions.”

The sheer scope of the section 9 along with the safe harbor provisions listed above makes this exercise come across more as externalization of clinical data-mining & analysis by the sponsor organization – I have no reason to believe J&J will have it any different except that the safe-harbor provisions may be more detailed, as mentioned above.

Finally, the one unstated intent of any pharma opening up its own data banks is to build pressure on the other peers and thus have insight into competitor clinical data that till date eluded them.

All said, it’s great to see transparency starting to be practiced rather than just debated about & hopefully this’ll give pharmaceutical research a chance to impact lives better than it could before.

More power to radical transparency.