What The DNC Data Breach Means To The Future Of Traceability Data Repositories

iStock_000008540261SmallerThose of you who are paying close attention to the presidential election campaigns in the United States late last week were treated to a news story that may be a preview of stories that will be written at some point after 2023.  The story is about the potential game-changing impact of technology on business when competitors are forced to share a data repository.  That is, when private data that would be considered strategically valuable, in some way, if a competitor were to gain access to it, is held by an independent third-party.

In this case, a technical failure inadvertently exposed the private data of one party to employees of their direct competitor.  Here is how the Washington Post explained the situation (see the full article here):

“Officials with the Democratic National Committee have accused the presidential campaign of Sen. Bernie Sanders of improperly accessing confidential voter information gathered by the rival campaign of Hillary Clinton, according to several party officials.

Jeff Weaver, the Vermont senator’s campaign manager, acknowledged that a staffer had viewed the information but blamed a software vendor hired by the DNC for a glitch that allowed access. Weaver said one Sanders staffer was fired over the incident.

The discovery sparked alarm at the DNC, which promptly shut off the Sanders campaign’s access to the strategically crucial list of likely Democratic voters.

The DNC maintains the master list and rents it to national and state campaigns, which then add their own, proprietary information gathered by field workers and volunteers. Firewalls are supposed to prevent campaigns from viewing data gathered by their rivals.

NGP VAN, the vendor that handles the master file, said the incident occurred Wednesday while a patch was being applied to the software. The process briefly opened a window into proprietary information from other campaigns, said the company’s chief, Stu Trevelyan. He said a full audit will be conducted.”

When I first read about this situation I immediately recognized it as the worst nightmare of pharmaceutical supply chain executives assembled at a GS1 US meeting way back in 2005.  Back then there were various technology ideas being proposed for dealing with the U.S. State pedigree laws and some of them would have required private traceability data owned by competing members of the supply chain to be held in one or more repositories by independent third-parties.

At that meeting I remember how multiple executives emphatically stated that their company would never allow a single shred of their private data to be placed in the hands of third-parties outside of their four walls and outside of their control.  At the time, this was sometimes referred to as the “database in the sky” concept, and it was initially viewed as a comical concept that would never come to pass.  I remember one executive commenting that his company would never allow their traceability data to reside on the same hard disk platter as their competitor’s data, as if it might get infected somehow by the proximity.

FAST FORWARD TO TODAY

Fast forward 10 years and look where we are.  Centralized government-run repositories of traceability data exist today in China and Turkey, and they are well on their way to being implemented in Korea, the European Union, Brazil, and yes, maybe even the United States in 2023.

But this very public technical glitch by the DNC’s technology vendor could change all of that, because, despite the assurances of everyone, competitor’s private data has been exposed to each other.  An example of the worst nightmare of the pharma supply chain executives from 2005 has actually come to pass.

It doesn’t take much to convert the Washington Post story into the pharma supply chain story of the future.  Here is the same text with the names changed to reflect what could hypothetically be written if the same thing happens in 2024 with pharma traceability data:

Officials with the [FDA] have accused the [LittleDrugCo] of improperly accessing confidential [traceability] information gathered by the rival [drug company BigDrugCo], according to several [agency] officials.

Jeff [Beaver], the Vermont [company’s CEO], acknowledged that a staffer had viewed the information but blamed a software vendor hired by the [FDA] for a glitch that allowed access. [Beaver] said one [LittleDrugCo employee] was fired over the incident.

The discovery sparked alarm at the [FDA], which promptly shut off the [LittleDrugCo’s] access to the strategically crucial [data repository].

The [FDA] maintains the [repository] and rents it to [companies in the U.S. drug supply chain], which then add their own, proprietary information gathered by [workers and automated equipment]. Firewalls are supposed to prevent [companies] from viewing data gathered by their [competitors].

[BigDataCo], the vendor that handles the [repository], said the incident occurred Wednesday while a patch was being applied to the software. The process briefly opened a window into proprietary information from other [companies], said the company’s chief, Stu [Brevelyan]. He said a full audit will be conducted.

If it can happen in the political sphere, what will prevent it from happening in the pharma regulatory sphere?

Happy Holidays!  Don’t forget to subscribe to RxTrace before the end of 2015 so you can take advantage of one of two incentives being offered!

And use some of your slack time between the holidays to fill out the 2016 RxTrace U.S. Pharma Traceability Survey, sponsored by Frequentz!  Click here to begin.

Dirk.