A lot of emphasis has been placed on data security from hackers or ransomware, but the latest data governance regulations also set provisions around privacy and access to the data. The common misconception that data security and data privacy are synonymous is simply not the case, especially in the healthcare industry, where often times organizations don’t even know what data they’re collecting and the security or its impacts on a hospital’s risk profile, according to Sheila FitzPatrick (pictured, left), chief privacy officer at NetApp Inc, a global data management company.

“You have to build your privacy compliance program and understand what data you need in order to drive your business. What data do you need to sort your customers, your patients, your employees? Once you’ve determined that fundamental need and what your legal requirements are, that’s when you start looking at technology,” FitzPatrick said. 

FitzPatrick and Michael Archuleta (pictured, right),  director of information technology services, HIPAA, and information security officer at Mt. San Rafael Hospital, spoke with host John Furrier (@furrier) and guest host Keith Townsend (@CTOAdvisor) on theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the NetApp Insight event in Las Vegas, Nevada. They discussed the importance of data privacy with respect to security technology. (* Disclosure below.)

Data privacy by design

The regulations and legal frameworks around data privacy aren’t intended to inhibit security technology innovation. Instead, organizations are encouraged to think about the individual use cases and data access requirements upfront before approaching technology solutions.

“One of the concepts under GDPR [General Data Protection Regulation] is privacy by design. So it’s saying that you have to think about privacy very similar to where we’ve always sat about security up front,” FitzPatrick said. 

Rather than focusing on which security technology or cloud architecture will be most secure, FitzPatrick suggested it’s more important to think about the context of the data first before looking for a solution. Answering fundamental questions around why the data is needed, who needs to access it, and what is its risk profile is critical in understanding how to manage data securely and privately.

This conversation needs to happen at the top level in order to have a successful implementation, according to Archuleta. Data privacy and security can have a dramatic impact on the ability for a business to operate and therefore needs to be a part of the executive discussions.

“You really have to have a data-driven CEO that basically understands at least the fundamentals of cybersecurity, information technology, innovation — having those all combined in together and having that main focus of governance so everyone has the full fundamentals of understanding,” Archuleta said.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of NetApp Insight US 2017. (* Disclosure: NetApp Inc. sponsored this segment of theCUBE. Neither NetApp nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE