Science Leaks: A Signal to Improve Data Protection in Scientific Research

Hello sir, I’m calling regarding a recent scientific study in which you are participating. I want to thank you for taking part in this study by offering you a present. Only a small amount of postage costs need to be paid to receive this present, for which I will need your bank account number.

Recently, an older visually impaired participant of a clinical trial conducted by the VU University Medical Centre in Amsterdam (which will be referred to as the university hospital in this article) received this harassing telephone message from someone unknown to the research team. Fortunately, the participant did not respond to the request and immediately contacted the executive researcher. This incident is a textbook example of ‘phishing’, i.e. the act of attempting to acquire information from an individual by masquerading as being trustworthy via electronic communication. Phishing is an example of social engineering, i.e. psychological manipulation with the aim to acquire confidential information. The threat of privacy invasions is progressing and technological advances in the digital world play a significant role contributing to this trend. In recent years reports about spying, wiretapping and invasion of privacy frequently dominated the media and provoked a worldwide debate on the importance of privacy. In scientific research, the right to privacy versus the responsibility of society to conduct valuable medical research is an ongoing issue of debate . A major topic in this debate is that of ‘nourishing’ a patient’s trust. Medical research would not be possible without the patient’s trust: when patients are not ensured and convinced that their private information is handled confidentially, they may not be inclined to participate. Instructions on how to prevent privacy violations within clinical research have been published, e.g. not discussing patients in the public area and following strict security protocols when working with electronic data. However, even when professionals follow these rules and regulations carefully, the threat of privacy invasions, e.g. the phishing incident described in this article, cannot always be completely eliminated. This threat is increasing because of technological progression, growing complexity of large clinical trials, growing amounts of electronic datasets and the increasing value of personal medical data on the black market. This raises the question: how can data security be improved to reduce the increasing threat of privacy invasions? In this commentary article we describe measures to deal with the phishing incident and to improve data protection, supported by National and European regulations.

---

Department of Ophthalmology, VU University Medical Centre, De Boelelaan 1117, 1081 HV, Amsterdam, the Netherlands ²EMGO+ Institute for Health and Care Research (EMGO+), VU University Medical Centre, Van der Boechorststraat 7, 1081 BT, Amsterdam, the Netherlands 3Department of Strategy Policy and Projects, VU University Medical Centre, De Boelelaan 1117, 1081 HV, Amsterdam, the Netherlands 4Department of Epidemiology and Biostatistics, VU University Medical Centre, De Boelelaan 1117, 1081 HV, Amsterdam, the Netherlands 5Department of Ophthalmology, Elkerliek Hospital, Wesselmanlaan 25, 5707 HA Helmond, the Netherlands Corresponding author: Hilde Petronella Adriana van der Aa () Department of Ophthalmology, VU University Medical Centre, De Boelelaan 1117, 1081 HV, Amsterdam, the Netherlands, Tel: +31(0)204444795; E-mail: h.vanderaa@vumc.nl