INSIGHTS
Flo Health: Protecting the most intimate data
Image credits: Unsplash
Gathering and storing users' personal data is a challenging point for app developers. It becomes even more challenging when it comes to storing the users' most intimate, personal information. This is the case of Flo, the period tracker developer co-founded by Palta. We spoke with Susanne Schumacher, DPO of Flo Health, and Leo Cunningham, the company's CISO, about how Flo is treating its users' personal data and how the company is dealing with possible threats for its users' privacy.
How does the risk level differ between sharing personal health information with a doctor versus sharing personal health information with an app?
Susanne: "A doctor is the subject to the same laws as we are. They have to protect the data and they have to protect data subjects' rights. I know doctors, just as lawyers, go through rigorous training around data protection specifically".
Leo: "Also, a doctor may examine several dozens of different patients on a daily basis. It is likely that the doctor will put the details about their patients' cases into a system in their computer. So it puts the situation at the same level of risks as sharing your personal health data with an app".
Leo: "Also, a doctor may examine several dozens of different patients on a daily basis. It is likely that the doctor will put the details about their patients' cases into a system in their computer. So it puts the situation at the same level of risks as sharing your personal health data with an app".
What happens to a woman's personal information after she puts it in your app?
Leo: "Once the user finishes entering the data, it gets transferred to the cloud data storage. Then we might retrieve this data back to the app to the end user to be viewed on their screen when required. Our service builds predictive cycle models with the help of smart algorithms working in the background of the app".
Susanne: "It's important to note that we de-identify the data to analyse it, so there's very little risk to the individual. Then we use the results of the analysis to provide the service to the user for their benefit. Public benefit of sharing de-identified or anonymised data is important for building the future. We aim to be transparent about the way we use data, so you are very welcome to read about it on our website in detail. The personal data belongs to the person and not us, and our users can always contact us directly to ask questions about what happens with their information, when they use Flo".
Susanne: "It's important to note that we de-identify the data to analyse it, so there's very little risk to the individual. Then we use the results of the analysis to provide the service to the user for their benefit. Public benefit of sharing de-identified or anonymised data is important for building the future. We aim to be transparent about the way we use data, so you are very welcome to read about it on our website in detail. The personal data belongs to the person and not us, and our users can always contact us directly to ask questions about what happens with their information, when they use Flo".
What about third parties?
Susanne: "We have a robust vendor due diligence procedure. All the suppliers that we might work with are scrutinised to make sure that they have at least the equal security measures that we do. We also make sure that there are contractual measures in place with the detailed obligation on the third-parties to provide an extra level of protection".
Leo: "We don't give any companies any information of other uses for advertising purposes. All private data is stored on Flo's side, and isn't stored anywhere else. Our responsibility is to provide safe and secure storage for all our users so all the information stored and backed up remains encrypted. We make sure those companies we partner with are reliable and share our values. For example, we use Amazon Web Services, they are one of the key partners of Flo. Amazon is widely regarded for their security and their approach to users' privacy".
Leo: "We don't give any companies any information of other uses for advertising purposes. All private data is stored on Flo's side, and isn't stored anywhere else. Our responsibility is to provide safe and secure storage for all our users so all the information stored and backed up remains encrypted. We make sure those companies we partner with are reliable and share our values. For example, we use Amazon Web Services, they are one of the key partners of Flo. Amazon is widely regarded for their security and their approach to users' privacy".
How do you deal with laws around personal data?
Susanne: "It's quite a challenge considering that they are constantly changing. As the globe becomes more privacy-aware, countries are bringing in different laws, and we have to keep on top of that. We have a law tracking system that notifies us about any changes on a daily basis. We track the laws of every jurisdiction where we provide our services to make sure we meet all local regulations where necessary.
Laws are mostly very much aligned with each other globally, and it's very rare that the law is so diverse that it gets tough for us to take a different approach, but we want to meet our users' expectations regarding their local laws, so we look into that and try to meet them where we need to".
Laws are mostly very much aligned with each other globally, and it's very rare that the law is so diverse that it gets tough for us to take a different approach, but we want to meet our users' expectations regarding their local laws, so we look into that and try to meet them where we need to".
What are the main challenges for protecting Flo users' personal data?
Susanne: "Flo deals with the very intimate data which can be used to discriminate against the user if leaked. As for your cycle information, it could be that you work for someone who might judge you depending on where you're at in your cycle. To prevent such damage it's important to take extra steps to protect this data. Also it's very subjective: what I feel is okay sharing might be very different for another person depending on cultures and other life circumstances. Given this, we always look at this issue from the most sensitive person's point of view".
Leo: "One of the main challenges for us is ensuring the data does not get accessed from unknown or unapproved sources as a result of a hacker's reach. I think that would probably keep me and Susanne awake at night. We provide security around health data by ensuring we build highly professional privacy teams, that we're hiring people with the right skill sets so that we don't have any gaps in the company; and that we're educating our colleagues on how we reduce risks and how we look at things that may cause a danger when handling sensitive data. Investing in technologies that help you stop attacks from hackers or other cyber events is also very important. You can find out more about our security measures on our website. With our current data privacy and security measures in place, I personally believe Flo is well on its way to being an industry leader and an example for other companies to follow.
Leo: "One of the main challenges for us is ensuring the data does not get accessed from unknown or unapproved sources as a result of a hacker's reach. I think that would probably keep me and Susanne awake at night. We provide security around health data by ensuring we build highly professional privacy teams, that we're hiring people with the right skill sets so that we don't have any gaps in the company; and that we're educating our colleagues on how we reduce risks and how we look at things that may cause a danger when handling sensitive data. Investing in technologies that help you stop attacks from hackers or other cyber events is also very important. You can find out more about our security measures on our website. With our current data privacy and security measures in place, I personally believe Flo is well on its way to being an industry leader and an example for other companies to follow.
Susanne Schumacher
DPO of Flo Health
Leo Cunningham
CISO of Flo Health
Other stories