I often get asked about the difference between my previous employers, all software companies, and my current employer, a biotechnology company. There are so very many differences. One that I feel every day is the knowledge that Genentech has very sensitive data. As a result, we have strict corporate policies that cover a wide range of areas like physical devices and data retention. I even have a separate corporate cell phone now.
It’s easy to see why we have such policies. Consider this article from the Washington post about healthcare hacks. It points out that some of the data loss has been from a stolen laptop or inappropriate disposal of paper records. I thought I used to be nervous about losing my corporate laptop; the stakes are a lot higher now. I was already the type who rarely printed anything out, and put anything that I did print straight into the confidential shredding bins once I was done with it.
I’m now even more careful with my devices and data. I print less than I ever did. I don’t even have a filing cabinet, which forces me to ensure that anything I do print is handled appropriately immediately. My awareness of security, both physical and data, is so much higher now. I’m also thinking more about the user experience of security and what we can do to engender better security practices.