Uber Security Breach And The GDPR: Hard Lessons For Pharma Professionals

Salman Kasbati
Written By
Salman Kasbati
November 23, 2017

Uber recently disclosed a security breach that put the personal data of 57 million users and drivers at risk. As a pharma compliance professional, what does that mean to you, and why should you care? What are the key lessons, and what are its implications for Big Pharma in the post-GDPR environment.

  1. Consider all personal data sensitive: In the Uber case, hackers stole names, email addresses and phone numbers, the names and driver’s license numbers of about 600,000 drivers in the United States. Barring license numbers, pharmaceutical companies collect similar data. And for the compliance professionals uninitiated into high-tech data security features, the vulnerabilities can go further.
  2. You’re seeing the tip, the iceberg isn’t that far away: News of the Uber data breach was published in November 2017. That’s one year after the incident happened. In his statement, Uber’s CEO said he “recently learned” about it. Are similar violations occurring in your company, without you knowing about it? For global pharmaceutical companies, that means considering all the third-party, cloud-based services they use. That’s where Uber’s vulnerabilities were.
  3. “Keeping quiet” doesn’t solve the problem: While it is true that the GDPR (General Data Protection Regulation) is aimed at the personal data of natural persons in Europe, one should pay heed to its emphasis on notification in the case of a data breach. A lot of damage control can be done in 72 hours. By attempting to cover up, you’re only creating mistrust.
  4. Data is your problem. Data is your challenge. Data is your asset: What makes companies like Uber popular is their ability to provide customized experience using data they have of individual customers. Whether it’s zoning in exactly on location, or communicating the exact amount of commute time, these companies use data to tell users exactly what they need to know. Not more, not less. That is the future of healthcare products and services too. The difference is, the datasets companies like Uber have are superficial and observable. Whereas, with demographic records, health history, physical and environmental vulnerabilities, the power of the data medical drug and device companies is far deeper and widespread. By owning data security, you can convert a challenging responsibility into an asset. Get started now.


Salman Kasbati

About the Author

Muhammad Salman Kasbati is the COO at qordata. Before he joined qordata, he was the Director - Software & Consulting Services, and then Partner at Streebo. With a background in software development spanning over 16 years, his projects have served clients in energy, banking and the life sciences industry. He has led software projects at LMKR, CresSoft, and Avanza Solutions.