The Genomics Data Privacy Landscape: Individual to Global Scale

Ann Nguyen:
Hello and welcome to this podcast from Cambridge Healthtech Institute for the 2015 Bio-IT World Conference & Expo, which takes place April 21-23 in Boston, Massachusetts. I'm Ann Nguyen, Associate Conference Producer. We are chatting now with Dr. John M. Conley, William Rand Kenan, Jr. Professor of Law at University of North Carolina, Chapel Hill and Counsel to the law firm Robinson, Bradshaw & Hinson. He'll be speaking during the shared closing session that includes the Cloud Computing, Data Security, IT Infrastructure – Hardware and Software Development conference tracks. John, thanks so much for joining us.

John Conley:
Glad to do it.

Ann Nguyen:
Your research interests include the laws of biotechnology and intellectual property as applied to emerging technologies and scientific evidence. Why those areas and what's it like to focus on them at UNC?

John Conley:
Actually, it's a good place to do it. I've been doing this kind of work for as long as I can remember. I originally started out focused on software and IT issues. I actually got into intellectual property back in the late 70's when I tried a computer copyright case called SAS v. S & H for SAS Institute, which is down here.

I shifted my research focus from IT to biotechnology about 15 years ago. Although I did it just because I was interested in it, it turns out that in that same 15 years, UNC Medical Center has become a huge place for genetic and biotechnology research. I've gotten involved with them and that's been a good collaboration.

Ann Nguyen:
What are the most persistent data management and security themes you've encountered as editor of the Genomics Law Report? What should a genomics researcher continue to keep on his radar?

John Conley:
I actually don't encounter much data security and privacy work while doing the Genomics Law Report, which is kind of interesting in itself. When I deal with big institutional health researchers like UNC, they’re governed by HIPAA as well as by human subjects regulation with respect to their research, so they have a lot of institutional expertise from that perspective. What I found when doing biotech work in the Genomics Law Report and in practice is that once you get below the level of large research institutions who are just used to dealing with privacy questions, smaller companies and individuals are only beginning to think about those issues.

From that point of view, they're really not issues that I deal with regularly in the Genomics Law Report. I've gotten into privacy not through doing biotech work, but doing law practice work for IT and Internet companies. They, at least in my experience, even small IT and Internet companies, have been a lot more concerned about privacy issues for a longer time than the smaller biotech companies.

On the biotech side, the very large institutions are concerned about it and know how to deal with it. On the IT side, there has been for several years now growing concern among smaller companies, but on the biotech side for smaller companies and individuals, it's a relatively new issue that people are just starting to think about.

Ann Nguyen:
What issues and updates will you be sharing during your presentation on “Global Developments in Privacy and Data Security Law” on April 23?

John Conley:
One thing I want to do and the first thing I want to do is give a very brief overview of the international privacy regulation structure. We have HIPAA in the United States, but if you're not a healthcare provider, if you're a researcher or somebody else doing biotech work, you are subject to a patchwork of state and federal regulation. It's not really a clear-cut case of what you have to do.

Now contrast that with the situation in the European Union where there is a massive privacy regulation infrastructure that's been in place for several years now. If you're doing research in the United States, there are bits and pieces of privacy law that will apply to you if you're not actually functioning as a healthcare provider under HIPAA. But if you take your research international, particularly if you take it into the European Union and deal with people there, then you are subject to a much more elaborate and much more developed privacy regime, and a regime that is about to get even tighter. EU's basic data protection regulation is about to change, not clear whether that's going to be a matter of months or another year or so, but there is a pending and major change to the basic EU data regulation that will be taking effect sooner rather than later.

I will talk initially about what that framework is and I'll talk about a couple of issues that the U.S. is way behind on and the European Union is starting to think about. The big one there is cloud storage research data. It's still not clear how that's going to come out, but that's something data regulators all over the world are starting to worry about and are not sure what they're going to do about it.

Ann Nguyen:
Well, we're looking forward to learning a lot more during the event this spring. For now, though, John, thank you again for sharing some of your work with us.

That was John Conley of University of North Carolina, Chapel Hill and Robinson, Bradshaw & Hinson. He'll be joining the closing session on Regulations, Data Privacy and Security at the upcoming Bio-IT World Conference & Expo happening April 21-23 in Boston.

If you'd like to hear him in person, go to for registration information and enter the keycode “Podcast”.

I'm Ann Nguyen. Thank you for listening.

Platinum Sponsors