Virtual data protection officer service helps UK businesses with GDPR compliance [Q&A]
Poster: I'd prefer vDPO over attorney expenses forever...
"With GDPR coming into effect on 25th May, many organizations will find themselves needing to appoint a data protection officer in order to comply.
But appointing full-time compliance staff can be a difficult and costly exercise. Which is why cyber security company ThinkMarble is launching a Virtual Data Protection Officer (VDPO) service.
The service will offer UK businesses access to a skilled team of cyber security and risk mitigation lawyers that can act as their Data Protection Officer (DPO) under GDPR. The lawyers will work alongside ThinkMarble's multi-disciplinary team of security analysts, incident responders and penetration testers to provide a fully comprehensive and bespoke service to businesses.
The team will act as the main contact point for data subjects, such as employees and customers, and help raise awareness and train in-house staff on the importance of data protection. Another function is to provide regular, comprehensive reports that advise on appropriate data security measures and risk mitigation at board and management level.
We spoke to Andy Miles, founder and CEO, and Robert Wassall, data protection lawyer and head of legal services at ThinkMarble to find out more about the offering.
BN: Why are you introducing this service?
AM: Something we spotted in the market is that is a need for a one-stop-shop for businesses where not only can we help protect them, we can have a full incident response team under one roof. Around 28,000 businesses are going to need a DPO once GDPR comes into force, but there’s a debate about who can and can’t be a DPO.
RW: The multi-disciplinary aspect of this is going to be unique. It’s an external service so organizations don’t have to take on people as employees with the associated costs, or go to the time and trouble of training somebody up."
Cloud Success: One CIO Shares His Experience January 31, 2019
Cloud communications "You can find a lot of companies transitioning from on-premises to cloud-based communications platforms, but perhaps not as thoughtfully as U.S. Retirement & Benefit Partners (USRBP), an independent national financial services firm.
As Kevin Dunn, CIO/CISO at USRBP, shared earlier this week in an Enterprise Connect webinar, the company embarked on a migration that featured adoption of both UC as a service (UCaaS) and contact center as a service (CCaaS) from 8x8. Integrating the CCaaS element, in fact, was a critical early step -- and one of the reasons I consider USRBP particularly forward-looking in its cloud communications strategy.
Another noteworthy distinction is that USRBP made integration of business applications with the new system a must, as Dunn discussed with his fellow webinar participant, Irwin Lazar, VP and service director at Nemertes Research. If you didn’t get a chance to attend, the replay is certainly worth a listen -- a great opportunity to hear two knowledgeable technologists discuss the ins and outs of a cloud transition and best practices for migrating from the premises to the cloud.
At a high level, Dunn recapped what made USRBP’s cloud migration successful, beginning with setting expectations early. Be realistic with timelines, follow best practices, and utilize testing tools to pre-qualify remote workers, he advised. In addition, expect the best and plan – and train – for the worst, he said.
Also critical is identifying key business drivers. For USRBP, the ability to integrate business applications into the cloud system was essential, as noted above, as well as two other must-haves. The cloud platform needed to support the company’s remote workforce and allow the seamless integration of knowledge workers into the call center workflow, Dunn said.
Lastly, Dunn attributed USRBP’s success to the strong partnership and support it receives from 8x8.
As I share in my latest “Keeping Up With EC” blog post, some of Dunn’s and Lazar’s talking points reflect longstanding migration principles and best practices around expectation-setting, planning, choosing your vendor wisely, and knowing what you can expect from that partner. However, as Dunn’s second point makes clear, enterprise IT/communications organizations now must consider today’s software-focused technology as inseparable from the wider environment.
Re-creating the communications silo as it existed in previous generations might be technically feasible, but doing so could be more dangerous than stepping into the unknown of business integration. The one thing you don’t want to do in migrating to a cloud communications service is make choices that turn out to be limiting factors -- leaving your users to wonder why they can’t do things that peers elsewhere can or that they can do in their consumer/personal lives."
How your health information is sold and turned into ‘risk scores’ 02/03/2019
"Companies are starting to sell “risk scores” to doctors, insurers and hospitals to identify patients at risk of opioid addiction or overdose, without patient consent and with little regulation of the kinds of personal information used to create the scores.
While the data collection is aimed at helping doctors make more informed decisions on prescribing opioids, it could also lead to blacklisting of some patients and keep them from getting the drugs they need, according to patient advocates.
Over the past year, powerful companies such as LexisNexis have begun hoovering up the data from insurance claims, digital health records, housing records, and even information about a patient’s friends, family and roommates, without telling the patient they are accessing the information, and creating risk scores for health care providers and insurers. Health insurance giant Cigna and UnitedHealth's Optum are also using risk scores.
There’s no guarantee of the accuracy of the algorithms and “really no protection” against their use, said Sharona Hoffman, a professor of bioethics at Case Western Reserve University. Overestimating risk might lead health systems to focus their energy on the wrong patients; a low risk score might cause a patient to fall through the cracks.
No law prohibits collecting such data or using it in the exam room. Congress hasn’t taken up the issue of intrusive big data collection in health care. It’s an area where technology is moving too fast for government and society to keep up.
“Consumers, clinicians and institutions need to understand that personalized health is a type of surveillance,” says Harvard University professor Eric Perakslis. “There is no way around it, so it needs to be recognized and understood.”
The justification for risk scoring is the terrible opioid epidemic, which kills about 130 Americans a day and is partly fueled by the overprescribing of legal painkillers. The Trump administration and Congress have focused billions on fighting the epidemic, and haven’t shied from intrusive methods to combat it. In its national strategy, released Thursday, the White House Office of National Drug Control Policy urged requiring doctors to look up each patient in a prescription drug database.
Health care providers legitimately want to know whether a patient in pain can take opioids safely, in what doses, and for how long — and which patients are at high risk of addiction or overdose. Data firms are pitching their predictive formulas, or algorithms, as tools that can help make the right decisions.
The practice scares some health care safety advocates. While the scoring is aimed at helping doctors figure out whether to prescribe opioids to their patients, it might pigeonhole people without their knowledge and give doctors an excuse to keep them from “getting the drugs they need,” says a critic, Lorraine Possanza of the ECRI Institute.
The algorithms assign each patient a number on a scale from zero to 1, showing their risk of addiction if prescribed opioids. The risk predictions sometimes go directly into patients’ health records, where clinicians may use them, for example, to turn down or limit a patient’s request for a painkiller.
Doctors can share the patients’ scores with them — if they want to, the data mongers say. “We stop really short of trying to advocate a particular opinion,” said Brian Studebaker from one of the risk scoring companies, the actuarial firm Milliman.
According to addiction experts, however, predicting who’s at risk is an inexact science. Past substance abuse is about the only clear red flag when a doctor is considering prescribing opioid painkillers."
News 
Market Data 
Discover 
AI
