TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout


Editor's Note:

The IAPP’s “Profiles in Privacy” series features a monthly conversation with a notable privacy professional to discuss their journey in privacy, challenges and lessons learned along the way, and more.

When her parents' careers as doctors took her family to Saudi Arabia when she was 5 years old, Sue Khan would join her mom during her work as a general practitioner — watching as patients, especially women from neighboring Yemen, would seek treatment without understanding their bodies.

"It was not uncommon for women to seek treatment for pain related to their periods or even pregnancy without knowing much about their reproductive health. It became apparent to me at a young age how important clear communication and education are for the overall health and well-being of women," said Khan, CIPP/E, vice president of privacy and data protection officer at Flo Health. "I also realized through my experiences at my mum’s practice that women need to have access to health care and a support system in order to thrive."

Khan, who is ethnically Bengali, was born in Scotland and moved to London, England, at the age of 13, where she currently lives with her husband and two daughters. She said her childhood — including evacuating Saudi Arabia for New York City during the Gulf War at 10 years old — gave her a global perspective and sparked an interest in health care that continues today.

Flo Health Vice President of Privacy and Data Protection Officer Sue Khan, CIPP/E.

Khan’s career started in the telecommunications sector at The Carphone Warehouse, before she moved into the entertainment space at Hasbro, where she worked on issues like smart toys and age-appropriate design. But that original interest in health care drove her to the health tech space, first at digital health care company Babylon and now at Flo Health, where she joined in January.

"As a privacy lawyer, I thought, it just doesn’t get more interesting and rewarding than protecting health data with the advancement of technologies," Khan said, noting her particular fascination in the female technology field where "nearly all of the companies and accelerators in the industry were doing such important work."

In September 2022, Flo launched its "Anonymous Mode," a free feature that enables the female health application’s 50 million monthly active users access to its services without being individually identified. Global law firm Dechert, which advised Flo on the feature from inception to launch, received the 2022 IAPP Privacy Innovation Award for the Americas.

"At Flo Health, our mission is to build a better future for female health. When it comes to health, knowledge is power. Our app helps to put the power back into the hands of women by supporting them through their entire reproductive lives,” Khan said of the app that provides curated cycle and ovulation tracking, personalized health insights, expert tips, and a closed community for women to share questions and concerns.

With advances in digital technologies, Khan said health and wellness services have undergone major transformations and innovations like wellness apps, wearables, telehealth services and electronic health records that allow and improve access to health care and can help educate those in need.

"The fact that my team and I also have a role to play in this fascinating industry, by helping to protect the privacy of individuals along the way, is a privilege," she said. "The path to data protection compliance is certainly not for the idle, and this is especially the case when working with new technologies in organizations that have ambitious and beneficent missions like Flo."

With her team — which includes two privacy lawyers, a privacy program manager and privacy project manager — Khan, who reports to the chief legal and compliance officer, said her goal is to help women feel informed and in control of their health data by clearly communicating about privacy in simple terms, "so they can confidently use Flo without concern."

In her role, Khan said she manages Flo's framework for policies, procedures, training, risk management and vendor onboarding. She also contributes to product development, providing contextual, nuanced advice while preparing for the future, including for the emergence of new privacy laws and policy decisions globally.

She said leadership and peers at Flo are eager to learn and understand the privacy requirements for a global tech app and, as well as launching Anonymous Mode, the company achieved ISO 27001 privacy certification.

In addition to her team, all departments focus on privacy with what Khan described as a "cross-functional privacy pillar" to make sure each has "visibility into each other's work streams, delivers relevant feedback and aligns on priorities and upcoming projects." The company also established a Privacy and Security Advisory board that discusses privacy and security priorities on a quarterly basis. 

"It was clear from my first day at Flo that privacy is a top priority for the company and all of my colleagues care and want to do the right thing. My team and I are in high demand to support various initiatives and are expected to add value to every project," she said. "We work in sprint runs, just like the rest of the business. We are involved in planning week at the beginning of each quarter, where we link with other teams to check if our objectives are aligned. Also, I'm still in awe everything we are doing is to build a better future for female health and it is incredibly rewarding to feel this in every meeting, project and presentation."

Khan said her team is dedicated to protecting Flo users' privacy rights and freedoms, and safeguarding their most intimate health data.

"We want to help articulate what 'best in class' could look like in the femtech space," she said.

That means maintaining a commitment to delivering a trusted product among varying degrees of privacy expectations and cultures around the world, ensuring privacy has a "seat at the table" when making key decisions impacting user data, and implementing "robust and audit-ready" policies, procedures, data maps and training programs.

"Having a cycle or a pregnancy is not an illness, but it may well be taboo in some countries," she said. "I want women to feel empowered and stay in control of what information they put into the app, without fear of embarrassment, judgement or, in some cases, even prosecution."

Credits: 1

Submit for CPEs


If you want to comment on this post, you need to login.