Privacy By Design Protects Clinical Trial Participants
Author: Jen Davis, JD, MBA, MA, CIPP/E, CIPP/US
Deputy General Counsel and Privacy Officer, Science 37
Happy Data Privacy Day! But, really, isn’t every day privacy day? As Science 37’s Privacy Officer, I certainly take that approach. Protecting the privacy rights and freedoms of Science 37’s clinical trial participants requires thinking about privacy every day. It also takes a sustained company-wide effort. At Science 37 we take privacy seriously because first and foremost we believe it is the right thing to do. In addition to this guiding principle, we also must comply with a myriad of global privacy laws that require us to maintain robust privacy protections. By embracing privacy principles and putting them into practice, Science 37 is able to protect individuals’ rights and comply with rigorous privacy laws. In particular, Science 37 has adopted the Privacy by Design framework. Through a Privacy by Design lens, we know that privacy cannot be assured solely by compliance with laws but rather must be baked into Science 37’s mode of operations.
To this end, Science 37 takes a proactive rather than reactive approach to privacy risk mitigation by including privacy considerations during trial execution and enhancements of our technology platform. Privacy considerations are especially important in terms of technology-based processing of personal information as such processing can be further removed from the data subject’s control or general understanding. Science 37 aims to remove such barriers by clearly articulating our data processing activities in our notices and consents. In addition, Science 37 adheres to the privacy by default principle in particular in the design and development of user roles that control access to our clinical trial technology platform. The team keeps in mind the specific purpose for the user role and ensures only the minimum necessary personal information is accessible to achieve the role purpose. Privacy is embedded into the design of the platform by assessing privacy risk throughout the development from user stories to implementation to testing of the platform.
Science 37 views privacy as a desired functionality of the platform and not a trade-off in the user’s experience of the platform. Data protection is built into the end-to-end lifecycle of data from creation to destruction. Security controls are in place that are commensurate with the sensitive nature of clinical trial data and that ensure the confidentiality, integrity, and availability of personal data. The design and functionality of the platform is fully visible to our stakeholders, and we are transparent with all users of the platform about our data-handling practices. Fundamentally, we respect the user’s privacy and respect our sponsor’s desire to protect clinical trial participants’ privacy.
As we celebrate Data Privacy Day / Data Protection Day this January 28 and honor our shared commitments, we're proud to lend our voice and highlight ways we demonstrate the crucial importance of respecting privacy, safeguarding data, and enabling trust. More importantly.... we want to thank the thousands of trial participants who have put their trust in us.
Learn more about how we orchestrate our workflow, generate evidence and harmonize our data, here
Deputy General Counsel and Privacy Officer