Andrea Monti – Page 91

May 23, 2014

Data Protetcion, MTA, Human Samples and Identity Backtracing

To comply with privacy and data-protection regulations, Material Transfer Agreements for human samples often state that the samples are either anonymous (meaning: the donor institution doesn’t know at all the ID of the patient) or anonymized (the donor institution only knows and keeps secret the patient ID.) But this compliance approach won’t work anymore, since the probability of backtracing the ID of patient accessing third parties provided information is not only a proof-of-concept but an “actual reality.”

Amending the MTA to handle this issue is far more complicated than ask the lawyers to just re-phrase their lingo, because what is actually needed is a thorough analysis of the human sample collection process back to the first ring of the donor chain.

The sooner the biobank community will address this issue, the better for the research, the pharma industry and – first of all – the patient himself.

May 21, 2014

The Fake Data Processor and The True Criminal Liability

Under Legislative Decree 196/03 (the Italian enforcement of the Data Protection Directive) one of the most common practice when developing the data-protection corporate policy of a company is to appoint the heads of the various departments as “Data Processor”.

Although easy on the short term, this solution might backfire the company itself. A recent Corte di cassazione (Italian Supreme Court) decision – ? III penal section – Dec. n.20682/14 – ruled that under the workplace safety regulation, the employer that appoints a safety manager who is not fit for the job because of his lack of competence, ? commits a criminal offense.

The very same principle can be applied by analogy to the Data Protection Directive. The DPD – and its Italian enforcement – make mandatory to appoint a data controller actually fit for the job.

By choosing people on different basis (not because they know the matters, but just because they’re company’s heads) means that in case of data-protection-related criminal offenses the data controller (and, most important, the prosecutor and the court) can’t blame (only) the data processor itself.

Then, in terms of management, the decision is between only formally comply with the legal requirements, and actually comply by appointing capable data processors.

In the first case the company is accepting the risk of a future (but uncertain both in “if” and “when”) accident but saves on the short term effort and time.

In the second case the company spends more, has to possibly change its internal processes in the anticipation of an event that might not happens at all.

May 21, 2014May 21, 2014

The “Specialist” Lawyer… Whatever It Means

An upcoming regulation – still in draft – will regulate the possibility for an Italian lawyer to call himself “specialist” of something. This “specialist patch” will be obtained by either attending seminars and courses or by showing evidence of practicing in a specific field (BTW, in the mandatory list of field of practice, there are no reference to high-tech, pharma and telco topics.)

I wonder which company has ever chosen a lawyer just because of the patches he stuck on his gown.

May 19, 2014May 19, 2014

Mesh Networks and BBS. Re-inventing the Wheel?

An important Italian online magazine just “discovered” today the possibility to build a “parallel-Internet” by using WI-FI antennas, no need to purchase an access-plan and (allegedly) free form NSA’s peeping eyes. Of course, the buzzword is “revolution”.

I can’t stop being amazed by the candid ignorance of these contemporary “digital cognoscenti” or “digital natives”. They think that the ICT world was born with Facebook and that beforehand there only was a gravitational singularity.

Today only some mature former(?) geek can remember of the BBS Era and witness how does the world worked at those times: mesh networks are nothing but a way to create an independent network like Fidonet was; with the only difference that Fidonet was software-indepedent, while mesh networks might become hardware independent too. In this sense mesh networks are an evolution and not a revolution, and omitting the “r” at the beginning of the word makes a great difference.

But semantics isn’t the (only) issue to deal with. Why, somebody might in fact ask, should we be concerned by this granny’s style rant? Things evolve so do people: who cares anymore about relics such as Bocamodem or Fidonet?

Answer: because the experience of the BBS Era is the basis of all of the modern (social, political and economical) ways to exploit a network and a lot of answers to a lot of questions have already been provided. Just think of issues like online anonymity, forum posting liability, online free speech, online journalism: these are just a few examples of the topics that once were hot and today we still struggle with. The difference between yesterday and today is that the “old school” users were and are more conscious about the actual impact of technology in their own life, while the “digital natives” actually are part of a dumb generation of technology’s passive users. A condition that is everything but different than the one reserved to the human part of The Matrix: fuel for the machines.

May 16, 2014May 16, 2014

The XP’s EOL. History Will Teach Us Nothing

Windows XP is dead in Redmond, but alive and kicking in a huge quantity of devices such ? ATMs. When the news hit the media, waves of “concerns” for the security of our money and safety stormed the public, with no actual effect on the Microsoft’s strategies. And history keeps repeating with domotics, wearable technologies and in-car systems.

This aftermath was easy to foresee when some “clever” IT manager chose to go proprietary when moving its ATM infrastructure “to the next step”, but between this and the open source alternative a third option would have spare us all the current trouble: just put into the agreement a source-code escrow provision, to guarantee the (big) client against the End-of-Life of the software.

Sure, this wouldn’t have been a cheap solutions (we’re not talking about a bunch of PHP code, here) but there are no free beers and easy life can’t last forever. If you go proprietary and enjoy the safety(?) of having somebody else who cares about bugs, patches and updates, you need to have a contingency plan for the moment when your licensor plugs-off the cord that keeps alive the software you’re using.

And now history is re-repeating itself. We’re on the edge of a new invasion of pervasive technology based on Apple’s OSX or – again – Microsoft Windows Whatever, and in a bunch of years we will complain again that because of a copyright issue we can’t enter our home, use the fridge, watch the television, start the car, know what’s the time, have a medical diagnosis and so on…

A final, collateral, question: where do the corporate lawyers were, when those agreement have been signed?