At day one of True North 2019, held by Communitech in Kitchener-Waterloo, MedStack CEO Balaji Gopalan and Ann Cavoukian, a privacy expert in residence at Ryerson University, both explored the issue of privacy in the emerging tech, and why decentralization could be pivotal in the future of data.
“Data encryption is crucial to privacy and freedom.”
– Ann Cavoukian
MedStack is a Toronto-based compliance solution for healthcare apps. The company aims to enable the adoption of digital innovation in healthcare, by allowing entrepreneurs to build healthcare applications and meet privacy compliance requirements through automation.
These compliance systems standardize data protection elements for Canadian, US, European and Asian health data privacy legislation across public cloud vendors and technology stacks, to generate security policies and compliance monitoring.
Gopalan opened by discussing the thin line that exists between the “amazing potential” of digital healthcare versus the “scary risks” of not carefully managing data privacy. Gopalan argued there is a thin line between these two perceptions, but he added that it does not always have to be this way.
Chronic disease is the major force of the healthcare industry, and the traditional method of healthcare, he said, is struggling to keep up with this force. This problem is coupled with the way that doctors deliver services.
“The feedback is that [doctors] have insufficient data, insufficient time, and insufficient context to deliver proper care, and that’s leading to misdiagnoses and increasing costs,” he said.
Gopalan made the case for a cloud strategy for healthcare, in order for the medical industry to fulfill some of its most basic obligations. Healthcare should be accessible, physicians need to make smarter and faster decisions and allow hospitals and health centres need to operate and function seamlessly. These issues, Gopalan said, can all be addressed through the cloud.
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was passed to offer provisions for data privacy and security protocols for safeguarding medical information. Gopalan said this legislation set out a framework for how data could be acquired and managed, how the data could be protected, and how the medical industry could bring privacy and security to the forefront of the conversation.
But HIPAA was created before the advent of Google and the pervasiveness of the internet. Now, with the growing digitization of health information, and the heightened risk of data breaches, Gopalan said the conversation around data and privacy is critical for industries to innovate. He said the industry needs to focus on collaboration, creating standards, sharing best practices, celebrating integrative achievements, and driving a culture of security, to keep privacy at the vanguard of healthcare innovation.
“Privacy should not be a zero-sum game,” Gopalan said. “As entrepreneurs, we have a responsibility to take care of the betterment of society.”
The Curse of Centralization
The shift toward decentralized systems reaches far beyond blockchain and Ethereum. In 2017, iNovia Capital partner Todd Simpson argued the internet has centralized around the biggest players, like Google and Facebook. Sidewalk Labs, a Google sister company is looking to bring new data collection to Canada’s doorstep with its proposal to create a smart city neighbourhood in Toronto’s Quayside neighbourhood.
Cavoukian served as an advisor to Sidewalk Labs and resigned last year due to concerns around how data will be used. She also has served as Information and Privacy Commissioner of Ontario.
“The internet has, unfortunately, turned into a tool that subverts freedom.”
At True North, Cavoukian made the case for decentralization as the way forward. She said this method of data collection will return control of one’s data back to the data subject, rather than to governments and corporations.
“The internet has, unfortunately, turned into a tool that subverts freedom,” Cavoukian said. “Right now, our data is centralized in huge honey pots of information. This centralized model of data collection on the web has led to the massive tracking and surveillance of our activities.”
Cavoukian touched on blockchain, one of the decentralized solutions to data collection, calling it a “public records repository,” that keeps information in the hands of the individual. She also dispelled some of the myths around privacy and like Gopalan, highlighted the importance of abandoning a “zero-sum” way of thinking when it comes to privacy.
“Privacy is not about secrecy,” she said. “Privacy is not about having nothing to hide.”
Cavoukian said privacy is about personal control, informational self-determination, freedom of choice, and user control. There is also a business incentive to ensuring privacy, she said. Businesses that can attain consumer trust also gain a competitive advantage in their respective industries.
Cavoukian talked about the Privacy by Design Centre for Excellence, created to serve as the gold standard for privacy and data protection. The centre has developed a set of standards for regulating and safeguarding privacy. The standards including being proactive rather than reactive, setting privacy as the default setting, embedding privacy into the design process, allowing for full functionality, creating end-to-end security, ensuring everything is visible and transparent, and maintaining respect for user privacy.
“You cannot have open, democratic society without privacy,” she said. “Data encryption is crucial to privacy and freedom.”
Image courtesy Harminder Phull for Communitech