Executive Summary

Lucien Pierce is a lawyer presenting on various topics related to the future of law firms and the challenges of data anonymisation and usage in healthcare and insurance. He will discuss the importance of proactive client communication, data destruction, and legal considerations in data profiling. He will cover the implications of insurance fraud and the balance between public interest and privacy in legislation. Additionally, he will address the challenges of database integration and responsible data usage and how they impact the future of society.

Webinar Details

Title: HOW DO YOU IMPLEMENT BEST PRACTICES IN DATA PRIVACY & PROTECTION WITH LUCIEN PIERCE

Date: 25 May 2023

Presenter: Lucien Peirce

Meetup Group: Data Managers

Write-up Author: Howard Diesel

Contents

Executive Summary

Webinar Details

Career as a Lawyer

Lucien’s career background and upcoming topics of discussion

Anonymisation in Healthcare

Anonymisation Challenges in Healthcare Data

Debates on Laws and Data Breach Reporting

Anonymisation and Aggregation in Data Usage

Privacy and Security Concerns in Data Aggregation

Pseudonymisation and Anonymization in Health Data and the Use of Synthetic Data for Training Learning Algorithms

Importance of Proactive Client Communication and Data Destruction

Data Destruction and Ensuring Compliance

Data Traceability and Archiving Process

Data Deletion and Privacy by Design in Data Governance

Legal Considerations in Data Profiling for Insurance

Data Collection and Profile Building by Insurers

Profiling and the Impact of GDPR

Implications of Insurance Fraud in the Era of Data Collection and Governance

Balancing Public Interest and Privacy in Legislation

The Importance of Responsible Data Collection and Government Involvement

Database Integration Debate

Challenges of data anonymisation and re-identification

The Importance of Responsible Data Usage and the Future of Society

Career as a Lawyer

Lucien Pierce completed his LLB degree in 1995 and then trained for two years with a human rights firm. During this time, he developed a keen interest in law. After finishing his training, he decided to go backpacking and worked at a pub in the UK. However, Lucien initially struggled to find a job in the UK due to a misunderstanding about the meaning of the abbreviation "PA". He thought it meant "professional assistant", but it meant "personal assistant". To overcome this obstacle, Lucien changed the title on his CV to "associate" and quickly landed a job at a specialist Tech Law Firm. There, he worked on a litigation matter involving British Telecom and Camelot, which sparked a deep interest in networks and the law. In 2000, Lucien returned to South Africa and found numerous opportunities in media law, ICT law, and Tech Law due to the tech bubble. He later joined Webber Wentzel.

Lucien’s career background and upcoming topics of discussion

Lucien shared his career journey, which began with tasks like photocopying and running errands but eventually led to developing their technology skills. He has been focused on personal information protection and legislation, specifically the Electronic Communications Act, since 2003. Lucien aims to highlight the unique nuances of data privacy in the healthcare, insurance, and government sectors.

Anonymisation in Healthcare

Lucien introduces the topic of data privacy in healthcare, specifically discussing anonymisation. He references the Protection of Personal Information Act, which emphasises the importance of handling personal health information carefully and outlines guidelines for its transfer, use, and retention. Additionally, he shares an intriguing article about using data for research purposes. During the pandemic, the Department of Health collected information from individuals to aid in overcoming the pandemic.

Anonymization Challenges in Healthcare Data

According to regulations, the Department of Health must either delete all medical data six months after the pandemic is officially declared over or permanently anonymise it. However, Lucien refers to a case in Pennsylvania, where a student was able to identify the governor's health information from “an anonymised” list of government staff on a medical benefits program.

Lucien discusses the controversy of selling anonymised data, stating that it must be permanently anonymised to prevent re-identification. The dilemma is finding a balance between preventing re-identification and preserving valuable data.

Debates on Laws and Data Breach Reporting

JG is interested in exploring how debates surrounding laws occur within the legal community, particularly concerning the need for absolute laws. Lucien notes that anonymisation has not yet been fully addressed in South Africa. He predicts that a case study on anonymisation may arise soon, as the South African Department of Health has failed to anonymise specific data despite regulatory instructions.

Non-compliance by the Department of Health could lead to legal consequences. The debates among professionals provide valuable insights into the practical application of laws. Lucien shares that there is currently a debate on breach reporting. The law requires that any breach, even minor incidents like mistakenly sending information to the wrong person, be reported to the regulator and the affected individual.

Lucien questions the feasibility of reporting every minor breach and suggests that leaving the decision to report to the affected individual may be more appropriate. In contrast, the European Union (EU) has provided guidelines through GDPR to assess potential harm before reporting a data breach. If the harm to the data subject is deemed low, reporting is not mandatory.

Anonymisation and Aggregation in Data Usage

Lucien suggests that there may be future guidelines on anonymisation, but the current lack of guidelines is hindering the use of data. Individuals are encouraged to submit their ideas to the information regulator for the best way to handle data anonymisation. In the absence of regulations, one possible solution is to prove your point through court cases with the assistance of skilled lawyers. Judges will weigh the benefits to the public interest against individual privacy concerns.

There are two paths to address data usage concerns: the implementation of guidelines and court cases. JG highlights the ongoing debate regarding the difference between anonymisation and obfuscation. Anonymisation involves removing identification features, while obfuscation further prevents the alignment of data sets. The example of a small town's population data suggests how the risk of re-identification through the alignment of multiple data sets may occur. Howard is concerned about the effectiveness of anonymisation and suggests considering alternatives, such as aggregation or obfuscation techniques.

Privacy and Security Concerns in Data Aggregation

The question has been raised regarding the possibility of someone illegally extracting detailed information by realigning data sets on another feature. Lucian is being asked if the individual who initially collected the data only had access to statistics and if someone else provided additional data, which would indicate a breach of privacy. The default assumption is that individuals keep their health information private, so it is crucial to identify the source of the additional data.

The conversation has now shifted towards statisticians and data analysts and how one person was able to identify individuals by using publicly available data and postal addresses. Howard mentions an example from Ireland where census and voting data were connected using GPS and address information. Lucien shares that personal information can be compromised when data is accessed by hackers, negligence, or other means. He then explains the difference between anonymisation and pseudonymisation, with pseudonymisation using codes to connect to personal information.

Pseudonymisation and Anonymization in Health Data and the Use of Synthetic Data for Training Learning Algorithms

When using health data for research purposes, it's essential to understand the difference between pseudonymisation and anonymisation. Health data should be anonymised permanently and irrevocably to protect individuals' privacy. Synthetic data can be a solution for data sensitivity concerns, as it removes personalisation sensitivity. Legal teams should establish standards for using synthetic data, including mapping, protection, and potential destruction of the mapping. Value key pairing in the synthetic data process is crucial, and an adjudicated process for deleting mapping should be in place. Healthcare is a field that is constantly evolving with new technologies, which require ethical evaluation. However, legal teams may be disadvantaged when evaluating these new technologies. It's essential to involve legal teams in this process to ensure the ethical use of these technologies.

Importance of Proactive Client Communication and Data Destruction

Lucien advises that it's essential to prompt clients to involve legal teams early during the planning stages to prevent unnecessary expenditure and time wastage later in the process. Moreover, seeking legal guidance initially to identify ways of achieving desired goals within the legal framework is recommended. In complex fields, clients should be encouraged to seek guidance early on.

The concept of "Privacy by Design" and privacy impact assessments must be implemented from the start to customise the process and avoid getting stuck at a later stage. Proof of data destruction is mandatory, and it's crucial to be able to trace back any destroyed data if needed.

Data Destruction and Ensuring Compliance

The law requires it to permanently destroy data in a manner that doesn't allow for its reconstruction or identification. A suggestion of receiving a certification of destruction to ensure compliance with specific regulations and requirements is made. However, Lucien notes that it is important to exercise caution when relying solely on certificates. Necessary measures must be taken to ensure data destruction is properly carried out. Audit logs should be maintained to track and confirm the permanent deletion or destruction of expired records. It's also important to question the traceability of information back to the audit log for verification purposes.

Data Traceability and Archiving Process

During the discussion, the participants focused on the importance of data traceability and the archiving process. Lucien clarified that he understood the concept of audit logs recording data related to an employee and then deleting that data, with the audit logs reflecting the removal. He sought confirmation about the absence of data on a server and asked if the concern was related to a pre-division.

Howard then went into further detail, explaining their process of archiving customer data and aggregating it to a level where individual identification is no longer possible while still keeping a record of impact. He emphasised the importance of data traceability throughout this process and the challenges in maintaining data privacy and preventing accusations based on specific actions. Overall, the discussion highlighted the need for careful data management throughout its lifecycle, from creation to deletion and archiving.

Data Deletion and Privacy by Design in Data Governance

As part of data governance, it is vital to consider the principles of Privacy by Design when designing and developing data products. This includes ensuring compliance with privacy regulations, particularly regarding data aggregation and archiving. It is also essential to prioritise removing citizen information when publishing open data.

Regarding data deletion, it is crucial to note that individuals do not have an absolute right to request data deletion without any trace. The request must be recorded, and measures should be taken to ensure the data is not accessible again. This includes the disposal of physical and electronic documents, which should also include the deletion of underlying records that comprise the aggregate. Surrogate keys can be helpful instead of actual IDs for deleted individuals.

From a legal perspective, it is important to note that evidence can be presented to a judge showing that data was present until a specific time and has been permanently removed. Therefore, it is crucial to ensure that data deletion is done thoroughly and with appropriate documentation. By following these guidelines, we can ensure that data deletion and privacy by design are effectively implemented in data governance practices.

Legal Considerations in Data Profiling for Insurance

When it comes to data profiling in the insurance industry, it's important to keep legal considerations in mind. Insurers often use specific profiles to determine premiums based on the propensity for certain illnesses or risks. However, this must be done in accordance with data protection regulations. Ensuring privacy by design and conducting privacy impact assessments before aligning another data set to re-identify citizens is crucial. A data product should include privacy measures as an integral part of its construction, and this responsibility cannot be subordinate. Failure to adequately protect patient data records can lead to anxiety in the healthcare sector, which applies equally to the insurance industry. De-risking by combining multiple data sets must be done with care and in compliance with legal frameworks.

Data Collection and Profile Building by Insurers

In today's highly competitive market, insurers attempt to find innovative ways to build more comprehensive profiles of their target markets. One solution is for different insurers to collaborate and combine their data. However, current laws require prior authorisation from the information regulator when combining data from various sources, such as insurers, gyms, and event organisers, including social media information.

To stay ahead of the competition, insurers like TransUnion and Experience are typically required to seek prior authorisation due to their extensive data collection and profile-building practices. These insurers gather information from various sources, such as court judgments and police records, to create detailed profiles of individuals in their databases. By utilising this information, insurers can better understand their target markets and offer more tailored products and services to meet their customers' needs.

Insurers need to be transparent in their data collection practices and ensure they comply with all relevant laws and regulations. This will help build trust with their customers and ensure they provide fair and safe services. With careful consideration and collaboration, insurers can create more comprehensive profiles of their target markets and provide better products and services to their customers.

Profiling and the Impact of GDPR

Lucien moves on to the topic of Profiling, which involves using personal data to create profiles of individuals, is a sensitive area. He notes that the General Data Protection Regulation (GDPR) has been putting great emphasis on compliance with this regard. The impact of GDPR is significant, as it ensures that individuals have control over their personal data and how it is used. However, profiling can have enormous consequences, such as insurance companies refusing coverage based on potentially incorrect data.

The Netherlands' tax agency used artificial intelligence programs to create biased profiles based on ethnicity, leading to wrongful accusations of social security and tax fraud. This is a clear example of how profiling can be misused and cause harm to individuals in the long run. The Dutch tax agency is facing significant lawsuits due to wrongful profiling.

Profiling raises ethical concerns, as it can lead to discrimination and unfair treatment of individuals. Managing consent and ongoing data usage for profiling is challenging and requires continuous effort. Organisations must understand the impact of GDPR on profiling and take steps to ensure that they comply with the regulation. This includes conducting regular audits of profiling practices, obtaining clear and explicit consent from individuals, and ensuring individuals have the right to access and correct their personal data. By doing so, organisations can ensure that they are using profiling fairly and transparently while also protecting individuals' privacy and rights.

Implications of Insurance Fraud in the Era of Data Collection and Governance

Insurance fraud has become a widespread problem today, and insurance companies increasingly rely on data collection from publicly available sources like social media to detect and prevent fraud. However, the issue of consent is crucial when collecting data from these sources, and lack of consent can lead to significant legal issues for insurance companies.

Forensic departments within large corporations also use data analysis to predict and prevent fraud and corruption within their organisations. This predictive analysis involves examining an employee's history and social media profiles, which can have severe consequences without proper authorisation.

Lucien notes that the desire for price reduction through fraud detection and prevention initiatives in the insurance context is understandable. Still, there is a fine line between supporting fraud reduction and risking the prejudice of individuals in isolated events. Legal teams face the challenge of being representative and fair to the masses and individuals.

Furthermore, the era of data collection and governance has added another layer of complexity to the issue of insurance fraud. With the increasing amount of data being collected and analysed, there is a risk of violating individuals' privacy rights and breaching data protection laws.

While data collection and analysis can help detect and prevent insurance fraud, ensuring the process is conducted with proper consent and authorisation is crucial. Legal teams must balance the need for fraud reduction with protecting individuals' privacy and data protection rights.

Balancing Public Interest and Privacy in Legislation

In discussing crafting legislation, Lucien noted that balancing public interest and privacy is crucial. This was demonstrated in a recent case of animal cruelty, where a farm owner argued invasion of privacy when mountain bikers photographed dying animals in his traps. While legislation acknowledges the need to respect privacy, it cannot come at the expense of stifling economic activity or obscuring public interest. A balancing act is required to determine the limits of privacy in relation to the public interest. It's important to note that legal rulings on privacy may not necessarily indicate ethical appropriateness or potential harm. Therefore, ethical considerations must also be considered when crafting legislation that protects both public interest and privacy.

The Importance of Responsible Data Collection and Government Involvement

Responsible data collection is of utmost importance, especially regarding government involvement. The purpose of data collection should be to make communities more efficient, environmentally aware, and socially conscious. However, concerns arise about the potential misuse of data in the wrong hands or by individuals seeking personal gain.

It is the government's responsibility to ensure that data is collected responsibly and published in a way that contributes to economic viability and exploration of options within the country. The government's involvement in data collection is not new, especially in the context of the fourth Industrial Revolution and the digital economy.

Therefore, the government must implement effective measures to ensure that data is collected and used responsibly. This can be achieved by establishing regulations that govern data collection, storage, and usage. The government should also work closely with private companies and individuals to ensure data is collected and used ethically and for the greater good.

Responsible data collection and government involvement are essential in today's digital age. It is the government's responsibility to ensure that data is collected and used to benefit society as a whole while protecting individuals' privacy and rights.

Database Integration Debate

Lucien recently attended a virtual event at the United Nations. During the event, Estonia or Latvia, criticised the idea of a seamless and combined database. They argued in favour of keeping data silos and only allowing communication when necessary and authorised. This approach is due to the fear of potential data misuse by malicious individuals with bad intentions.

There is a debate between combining all data for more usefulness or keeping it siloed and only sharing in specific circumstances. The speaker at the event believes in making all data available for common use, as it benefits everyone.

During the event, a participant named Gauchet brought up the idea of biasedness in design and how it should be considered for applications such as aggregation, transactional use, or record-keeping.

Anonymisation was also discussed as a way to remove personal identifiers from a dataset, but it may hinder the ability to reconstruct lineage.

Challenges of data anonymisation and Re-identification

Sometimes, despite efforts to keep data anonymous by removing personal identifiers like names, surnames, and social security numbers, an exceptional circumstance can still allow individuals to be identified. This was demonstrated in a case in Pennsylvania, where the Governor's data was re-identified even after important identifiers were removed. The ability to re-identify someone is not necessarily due to bias but rather the ability to recreate “the original person.” Data profiling may not always detect the possibility of re-identification, and combining data from various sources can allow personal information to be reconstructed even if the original data set was anonymised. It's important to note that the process of removing personal information is separate from the risk of re-identification.

The Importance of Responsible Data Usage and the Future of Society

It can be challenging to guarantee that data cannot be traced back to individuals, underscoring the importance of being cautious when attempting to re-identify someone. As data usage influences society's future, it's essential to have measures in place to prevent misuse and enact appropriate laws and protections. Privacy impact assessments should be taken into account when designing data products.

If you want to receive the recording, kindly contact Debbie (social@modelwaresystems.com)

Don’t forget to join our exciting LinkedIn and Meetup data communities not to miss out!