Balancing Data Transparency with Privacy and Security


In a fast-growing biotech, how does data and information present as a risk and opportunity? To tackle this question, Chris Jennings moderated a panel discussion with biotech industry experts Jackie Fernandes, Jennifer Heckman and Anthony Murabito.

Chris Jennings posed the question:

“Can you share any examples of how to balance data and information transparency with privacy and security?”

Jackie Fernandes jumped in with IT’s mission of building a controls infrastructure across the enterprise, stating it requires everyone's cooperation. And in order to accomplish the effort, the business needs to see IT as a partner. She candidly added, “Most people don't want to see me coming to them because they think they're in trouble. And that's not a good feeling to have!” Jackie shared how she shows them that she is their collaborative partner. She is there to take their mind off any trouble they think they might get into due to violations. However, by building a good controls infrastructure to streamline activities at a very high level, business stakeholders can successfully do their job every single time while meeting compliance regulations and obligations. Jackie concluded with, “Essentially, privacy and security is everyone's responsibility.”

Tony Murabito built on Jackie’s advice by saying, “Let the organization see everything you're working on [which includes]:  

  • Here's our current project list;
  • Here are the next set of projects;  
  • Here are our strategies;
  • Here is our security.”

Tony added how he creates a cadence with the organization to make them aware of security and potential risks in a visible fashion. “For example, I tell everyone, hey, we lost $300,000 three years ago. That's not going to happen again. And that's why we do intensive phishing tests. That's why we have a button on your email, etc. Make them aware why you're doing it. Another example, we had to lock down USB devices a year ago, and only open them up for business reasons. Why? Somebody tried to take the whole company with them when they were leaving, and we can't have that. Tell them the truth to let them know what you're dealing with, and they tend to be much more understanding. Again, do it with that sense of visibility, that you're not hiding anything.”  

Jen Heckman agreed with Jackie regarding building trust between the business and IT, “It shouldn't be when we see you coming that we're like, ‘Oh no! I'm in trouble!’ It should be that we're including compliance and privacy right out of the gates and building cross functional collaboration and trust.”

To view and navigate to allthe different topics covered by this panel, head to Blog Series Introduction: Data as a Risk and Opportunity.