I can imagine that companies that work very closely with public health data, such as local startups and even research labs that partner with hospitals, regulatory bodies, etc. could easily risk public safety if they were managed by over-networked systems and then hacked. Many of these adjacent organizations are already very integrated with other government-led health systems which can result in an accidental or intentional invasion of privacy. For example, one research lab that I’m working with this quarter receives a significant amount of data from different public health bodies throughout the United States. However, upon further exploration, there are numerous copies of this same data stored if various online repositories “managed” by different repositories throughout the state. This branching out without any centralized accountability system in place makes it easier for a hacker isolating a single part of the system, hacking it, and the main regulatory body not even knowing about it. In this case, none of PI/PII/PHI should be stored (even a copy of it) on a company’s/startup’s own servers – rather they should always be linked from the main data provider.
If Sara had remained quiet, then the CEO would have never understood the downsides of the technological transformation that the CEO himself sparked. Her perspective allowed higher-level executives to get off their bandwagon and almost ignorant complacency. While it is not intuitive to go seemingly backwards to including humans again in the loop (eg. hiring an expensive consultant), Sara’s perspective allowed the team to move in a direction that would more effectively safeguard the company’s trade secrets – which is what everyone wanted. By speaking up, she was able to defy the assumptions that others may have had about her business and technical acumen as a non-leadership level employee and woman. Ironically, even though she wasn’t technically part of the “leadership” team, she exhibited great leadership speaking up – which definitely served as precedent for the future in the company.
This discussion definitely highlights some ethical considerations that our team should consider. Our project, however, is highly-dependent on technology: from the optimization algorithm, to user interface, and data storage. The main takeaway from this exercise is how we can possibly use privacy-perserving models/systems to ensure that the user data is very highly protected.
