Privacy and Provenance

Data privacy has recently been making headlines, and with good reason. In the wake of Cambridge Analytica’s Facebook data privacy breach, and in advance of the EU’s upcoming implementation of the General Data Protection Regulation (GDPR), questions abound about how to best secure and ensure personal data. However, privacy is only a small part of the equation. Provenance-who really owns the data and how to create effective governance and control from the point of origin-is at the heart of the discussion.

For the life sciences industry, this revolves around data, entities, and actions associated with clinical trials and patient data for real world evidence, which uniquely overlap the consumer and business data worlds. Data ecosystems often involve more than two parties. When patient data is collected by a trial site for a pharmaceutical company that has contracted a CRO, there are four distinct players, each with different value drivers and end goals, as well as unique access patterns. Storing clinical trial data on a distributed “public ledger” such as blockchain has many benefits, chief among them being how blockchain very effectively tracks access and usage of data through multiple users.

However, the world of consumer data is asymmetrical. As evidenced by the Facebook scandal, we give rights to our data in return for a value that is in no way connected to the intrinsic value of the personal data we surrender. If we use Google Maps or obtain a "free" service on the internet, our personal data can often be monetized to maximum value by the provider of that free service, without an individual knowing, consenting, or being compensated. 

Correspondingly, the world of business data is under-optimized due to lack of a trust mechanism for sharing data. If competing businesses shared information with each other directly, both would benefit by understanding the bigger picture. Instead, third parties-data aggregators, which are abound in all industries-have carved out a wide niche, mainly through governance around what and when data gets shared with different businesses. Such data aggregators slow business processes, add little value, and benefit from lack of a trust mechanism for sharing data among corporations.                                                                                                              

Since clinical trials cross both the consumer and business data worlds, the data analytics industry is uniquely positioned to ensure that smart contracts can be drafted to address ownership and control, and allow for the right level of individual or aggregate information to be shared between various participants; patient to trial site, trial site to pharma, pharma to pharma, or trial site to trial site. Such contracts, if done correctly, would effectively move beyond the current confidentiality assurances provided by blockchain into a higher level of security and privacy, ensuring appropriate access and provenance.

Privacy deserves a closer look. At the core, since blockchain is a distributed “public ledger,” the read is open to participants. To ensure privacy and empower individuals to control access to personal information, either data needs to be encrypted with private-key or blockchain needs to just store a pointer to some private database with its own security and access control.   

Data analytics industry leaders like Saama are aggressively pursuing and realizing these critical distinctions. They are differentiating by addressing privacy, big data storage issues, and pre-defined contracts, which allow exchange of clinical trial participant data with the confidence that personal privacy as well as provenance will be protected. Such security safeguards can and must be a part of current and future clinical trial processes.

Rajeev Dadia, Chief Technology Officer, Saama Technologies