|
|
|
|
|
|
by toomuchtodo
969 days ago
|
|
|
It is problematic but has no perfect solution, as there is no such thing as perfect security. Create data security and governance requirements contractually. Require the partner carry insurance as well as attest to and provide evidence of their controls and processes. If they fail to protect the data provided, require penalties outlined in the data processing agreement. Alternatively, 23andme could offer compute to pharma companies that can run against their genetic data lake, with DLP and data security controls between them and the pharma customer. This would minimize leakage potential while still allowing compute against the data. |
|
|