In this Volunteer Spotlight, The Privacy Advisor caught up with Abhishek Agarwal, CIPP/US, chief security and privacy officer at Fresenius Medical Care North America, where he serves to communicate security risks to key players and ensure adherence to regulatory requirements. As chair of the San Francisco Bay Area KnowledgeNet, Agarwal provides privacy leadership in the Bay Area, speaking on operationalizing requirements and best practices of the EU General Data Protection Regulation. Agarwal reflects on his growth in the profession, the expansion of tech in health care, and the importance of taking a wide approach to include privacy and security.
Privacy Advisor: You have been both a chief privacy officer and chief information security officer — does the title change your approach to privacy?
Privacy Advisor: Does your current role as both a privacy and security officer provide a lesson for other organizations to learn from?
From an accountability standpoint, I have both security and privacy responsibilities. When I was evaluating the opportunity with my current company, I asked management to think about aligning the privacy and security function together. It doesn’t mean that the accountability or responsibility walks away from either the legal or IT department; instead, it involved combining them from an operational point of view to assess and mitigate the risks. The leadership really got behind it because they understood the challenges and foresaw the healthcare industry trending towards it. The decision making, investments based on capabilities, and managing daily privacy operational risks were a few of the reasons that led them to the decisions.
Privacy Advisor: What challenges do you continue to face in the health care industry, how has that shifted, and what is left to improve the health care regulatory space?
Agarwal: Regulations such as HIPAA or the EU Data Protection Directive were passed more than 20 years ago and have gone through numerous revision cycles. Within that time frame, technology has evolved exponentially and continues to digitize healthcare services. I believe we have barely scratched the surface. From a privacy regulations aspect, more effort is needed to drive clarification on topics such as cross-border data transfers, encryption, data anonymization, data residency and so forth. However, the regulations should be written from point of view of improving human condition.
Healthcare is related to people's lives. It takes time to fully realize an impact of a privacy regulation. I think we will see the continuous evolution of privacy laws as it refines itself by finding a balance between rights to safeguard personal information and how to protect that personal information. From a purely legal standpoint, the definitions of covered entity and business associates or controller and processor are fully clear now; companies understand their obligations.
Now, the question is, where do we go from here as the technology evolves? Cloud computing, data lakes, machine learning and artificial intelligence are developing fronts for data privacy.
There is an opportunity for public-private sector partnership, not just in the US, but at a global level, where we can bring great minds together to develop solutions of the future. A better solution, a global solution, for people that safeguard their privacy rights and protect their personal information.
Privacy Advisor: What's the privacy pro community like in San Francisco?
Agarwal: I was in Chicago for more than 20 years. It's very different here in the Bay Area. A metro area with midwest culture and global connectivity, managing a privacy portfolio for a Chicago-based global company, requires a special skill set. Someone with international experience, bilingual with global education, who understands the local pulse can have a successful corporate career in Chicago. San Francisco and the South-bay area is very different. It is a global technology melting pot where results are expected quickly. The global pace doesn’t necessarily sync with the expectation in the Bay Area. There is also a lot of passion behind the work here, and people are committed to solving global problems rather than local issues. They go for the world.
If you want to comment on this post, you need to login.