Privacy and ethics are inseparable: What data is ethical to collect and share about another person, and to what extent? How can you use what was collected, and how much control does that person have over their data?
Privacy is personal, especially when we are talking about genetic data. Our specific genetic code can reveal our individual traits and disease propensity, and is literally what makes us unique.
As Regeneron’s Chief Privacy Officer, I lead our efforts to safeguard these personal data, with a passion for privacy that was actually sparked much earlier in my career.
The notion of data privacy as an ethical issue first became obvious to me when I was working in the department of Medical Informatics at New York Presbyterian Hospital, Cornell University. My goal at that time was to go to medical school and become a neurosurgeon, but my path quickly changed as I started to realize that making medical data accessible for patients, doctors and researchers were riddled with legal, technical and ethical issues. Ethical issues that were close to and dear to me – ‘doing the right thing’ brought me back to the historical context of the many wrongs that were done in the name of science, particularly to traditionally underrepresented populations. It became important to me to help drive the change to protect people and their most sensitive data. With an interest in bioethics, I started pondering the ethical issues intertwined with easy access to sensitive data – and how it could be misused.
This set me off on a path through law school and ultimately into the labs and innerworkings of Regeneron. Here, by working hand-in-hand with like-minded, science-driven colleagues, I am helping take a sentiment that already existed at Regeneron and mold it into a concrete approach that ensures the privacy of all people whose data we handle. Historically, data privacy issues, like the use of Henrietta Lack’s cells or the Tuskegee experiments, have been steeped in issues of transparency and consent. Now is the time for us to clearly define our privacy values and how we hold ourselves and our collaborators responsible for the personal data we utilize to discover and develop medicines.
To that end, I am proud to share Regeneron’s Data Privacy Philosophy, which centers around three key principles. The ultimate mission of Regeneron’s Data Privacy Office is to advance scientific and business objectives through responsible handling of personal data, and a key component of that is ensuring our approach is clear and understandable for the people who take our medicines. I believe these principles reflect our longstanding commitment to being an ethical, responsible organization.
Regeneron’s Data Privacy Philosophy – Three Key Principles:
- Transparency is key to helping individuals make informed decisions about their data. Transparency about our data handling practices means making information available, understandable, and actionable. People should know how their personal data are being used. At Regeneron, we inform individuals about the personal data we collect, including how and why we use and share data. We provide clear notice and meaningful choice to individuals to empower them to make informed decisions about how to manage their data. This is foundational for building trust across Regeneron and the globe. We believe that we must always be clear in what we say and do.
- Privacy ethics make good sci-ense! Our culture of integrity is core to building trust. As a science-driven biotechnology company, the personal data we collect and use are integral to performing vital research and delivering life-transforming medicines. Ethical research is central to improving human health, and enlightened scientific discovery depends on principled handling of personal data. Personal data should be collected and used only for specific, valid purposes, which are communicated clearly to individuals.
- Data protected is data respected. We are committed to acting responsibly and safeguarding the data with which we are entrusted. This requires protecting personal data throughout its lifecycle. Following industry best practices, our privacy framework includes policies, training, data inventories, and data handling and use rights to support the proper management of personal data. To prevent unauthorized access to personal data, we use robust authentication measures, oversee access and use, employ data encryption, and utilize secure data erasure and destruction measures. We also hold third parties that process personal data to our privacy standards by requiring appropriate data security measures and contractual protections.
At Regeneron, we lead with science – and at the center of science is data. In fact, data drives everything we do – we collect, analyze and use it to inform our decision making. We must take great care with this data, as it is not only essential to our business, but it is also essential to the people who may benefit from our medicine.