SecurityCon 2020, the Information Security Office’s annual conference on October 9, featured conversations about increased cybersecurity concerns related to remote work and learning during the COVID-19 pandemic.
Dennis Schmidt, Chief Information Security Officer and Assistant Vice Chancellor at UNC-Chapel Hill ITS, moderated a panel with five privacy experts. The panel was called, “At the Intersection of Privacy and Information Security.”
The panelists were Shelly Epps, Security Program Manager at Duke Health; Sarah Schtakleff, Associate University Counsel at UNC-Chapel Hill; Tracy Williams, Privacy Analyst at the UNC School of Medicine; David Behinfar, Chief Privacy Officer at UNC Health; and Holly Benton, Privacy and Data Protection Attorney with the Smith Anderson law firm in Raleigh.
The panelists explained the nuances of privacy and information security and the different challenges that each pose.
Epps explained that security is a set of physical controls and policies for data use while privacy is a constantly evolving understanding of proper usage, collection and storage techniques for data.
The panelists discussed topics related to current events, privacy and information security, including the effect of COVID-19 on privacy concerns and the future of privacy in the digital age.
COVID-19 and information security
Schtakleff said that the University Counsel’s Office received an influx of concerns about privacy rights and contact tracing as a result of the pandemic. Groups across the University wanted to know what contact tracing tools could be used, and how the roles of the Orange County Health Department, UNC Occupational Health and Campus Health Services differed in regards to data sharing.
Schtakleff also said that she dealt with concerns related to privacy and remote work, especially around University employees working from other countries. Employees needed to know about data restrictions and the safest ways to share data from home.
The UNC School of Medicine also faced an increase of privacy-related challenges as a result of the COVID-19 pandemic.
Williams explained that medical students work in clinical environments and often handle private health information. When classes went online, the school had to develop avenues to safely share information and avoid hackers and Zoombombing.
The future of privacy
When discussing health research at Duke, Epps said that she thinks there is a growing disconnect between the way privacy regulations are written and the direction that the world is moving.
“A problem in the near future is that the regulations don’t tend to be very flexible, and humans are extremely flexible in the way they interact in the world,” Epps said. “We will need to see a meeting in the middle.”
Epps said that it can be a struggle to find wiggle room in privacy regulations for researchers and clinicians at Duke Health, but that the work is worth the reward.
Behinfar also discussed the future of privacy within the scope of healthcare.
As the world becomes more centered on data sharing, data flows are increasing to third parties, Behinfar said. This increases the need for the partnership of privacy and security efforts to ensure that sensitive data remains protected.
People need to understand privacy and information security, said Epps, and bridge the two through solid communications and relationships to encompass the big picture.