Tag Archive for Data Protection Act

Wanting to get data sharing right is not time-wasting

FOIMan is concerned that legitimate questions and concerns about data sharing are too often dismissed by those in a rush to exploit big data. And explains that this is nothing new.

Ambulances at A&E

Ambulances outside A&E

Years ago I worked for a hospital NHS Trust. Soon after I started, I was invited to a meeting with local police, council officers, a representative from the Department of Health and a manager from our own A&E department. The meeting was to discuss sharing A&E data with the police and local council.

This was part of a national programme sponsored by the Home Office. Academic research had found that where police had access to certain A&E data, crime – and particularly violent crime – dropped as they could target hotspots. A&E admissions also dropped. So win-win. The Home Office was obviously very interested in this and was pushing for all hospitals with an A&E department to share data in this way.

I was new to the job, and to data sharing, so I needed to know a few things. One of the key questions any DP Officer worth their salt needs to know in this situation is what legal power they have to share the data. So I asked, and nobody knew (which was interesting in itself, given this was supposedly a national project). They said they’d ask the doctor who’d done the original research to contact me and let me know.

So one afternoon I received a call from him. Initially he was very pleasant but he didn’t actually tell me what I needed to know. When I pushed him on this, his response was to angrily tell me that people were dying because I was delaying the project.

Eventually (and with no thanks to the researcher or the Home Office) I reached agreement with the community team. We would share some of the data they wanted (but not all), and the agreement stated that the police were not allowed to put the data together with their own to enable reidentification of individuals who may have been in contact with both organisations.

There seems to be an attitude from NHS England at the moment that is reminiscent of this episode. Reasonable questions about safeguards are being dismissed. Rational concerns about privacy are portrayed as preventing progress. I’m not someone who is blind to the benefits of care.data or other big data projects. But I want them to be handled properly and to have confidence in those looking after the data.

When concerns like these are dismissed as time-wasting or a failure to understand, it bothers me. And I suspect it bothers lots of other people too, whatever their views on the benefits of the individual project. It feels high-handed, as though the medical establishment doesn’t really care about the views or privacy of the public as long as they get their precious data. I’m sure that isn’t the case, but a continued failure to acknowledge legitimate concerns allows this impression to grow.

Photograph by D-G-Seamon [CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Wikimedia Commons

CP and DP

FOIMan finds DP being breached in his own backyard.

Back in 1936, the Crystal Palace, originally built for the Great Exhibition in 1851, and later moved to parkland to the south-east of London, burnt down. It had been in decline for many years, so there was no rush to rebuild it. Indeed, nearly 80 years on, its site still stands bare, save for a few sphinx, crumbling steps and headless statues.

A sphinx in Crystal Palace Park

Plans to rebuild the Crystal Palace have kicked up a sphinx

One of the reasons that it has remained that way is that local residents kind of like it. There is a romantic air about the site, and the lack of a central attraction means that its surrounding parkland is a nice place for a quiet stroll, occasionally interrupted by a dinosaur. It’s our little secret.

So there are a few raised eyebrows in this suburb of south London at Boris Johnson’s excited pronouncement last year that a Chinese investor, Zhong Rong International (Group) Ltd,  wants to rebuild the Crystal Palace. And keen to drum up community support the consultants coordinating the project, Arup, have arranged a series of drop-in sessions where locals can ask questions and complete a questionnaire about their views on what should be built (or indeed whether anything should be built at all).

Mrs FOIMan and I are sceptical about the plans so we decided to pop along to today’s session. The first thing we were asked to do was to add our name, address and email address to a sheet by the door. Mrs F, on the ball as ever, asked why they were collecting the information. The slightly flustered looking lady on the door answered:

“It’s just so we can write to you with updates, that sort of thing.”

Needless to say there was nothing on the sheet to explain this and it wasn’t volunteered. The lady at the door just asked each person who arrived to fill in their details as though it was a requirement of entry.

After we’d chatted to the staff from the Greater London Authority (Boris’s HQ, and my former employer) and Bromley Council we dutifully completed our questionnaires. Before asking about the plans, it asked for some personal information. It explained this time that we didn’t have to give this, but that it would be used to contact us with updates on the plans. Which is fair enough. Except that apparently they needed our gender, ethnicity, and age group to contact us.

Now if you’re trying to reassure a sceptical public of your plans, collecting their details unfairly (ie without telling them what you’re going to do with it) and breaching at least two data protection principles in the process (1 and 3 as you ask) probably isn’t the best way to do it. As more high profile projects have found, this kind of thing can come back to bite you. And it doesn’t exactly smack of a professional, well-run operation.

We completed it anyway (apart from the data that they had failed to justify) and left. On the way out Mrs F turned to me and said “Damn, I wish I’d made a copy of my questionnaire”.

I considered this and replied helpfully:

“Well you could always make a subject access request…or at least you could have done if they’d told us who the data controller was.”


If you want to know how to collect personal information fairly, why not book on my Practical DP course through Act Now Training?


IMG_0337FOIMan despairs of the way the care:data project is being handled.

Care:data has literally kept me awake at night. Six months ago I wrote a piece which referenced care:data as an example of what I perceived to be a knee jerk reaction to any proposal to share personal data. That was a mistake. But that’s only part of the reason for my angst.

I still think that data protection practitioners need to be careful not to be known as “Doctor No”. I do worry that often, through a polarisation of views on these issues, there is a risk that “the baby is thrown out with the bathwater” in projects that involve personal data processing. And I also worry that because of the polarisation that happens, the debate – or argument, as too often it can be categorised – becomes bitter and often personal.

I have been concerned, and remain concerned, that it has been impossible for patients, practitioners and others to get to the bottom of what is happening with care:data. This is not just because of the failings of NHS England, who of course bear the primary responsibility for the problems that have emerged. But I have also felt uneasy about the information coming from opponents of care:data which has been one-sided, often verging on propaganda (for example, posters for GPs to place in their surgeries explaining only why patients should opt out are not really “informing patients” in my view). I also question whether activity that verges on trolling of NHS representatives on Twitter and elsewhere is the best way to make the case for privacy. These activities have alienated me, and perhaps many others who might have been persuaded by a more balanced approach (though I was pleasantly surprised to find that Phil Booth of MedConfidential and Nick Pickles of Big Brother Watch came over as measured during today’s committee hearing, and didn’t respond to the bait laid by some MPs asking them if they were insisting that care:data be made “opt-in” only).

But the truth is that just from watching this afternoon’s Health Select Committee session on care:data, it is clear to see that there are major problems with the project. They go way beyond communication – though that has been lamentable (no, I didn’t get the leaflet either). The witnesses from NHS England and the Health and Social Care Information Centre in particular were very poor. It was not unexpected that the MPs would want to ask about the disclosure to the Actuaries society reported in the Telegraph. So why wasn’t Max Jones of HSCIC better briefed beforehand? It is simply incredible to claim not to have any information on it because it happened when the organisation was in a previous form. There was time to establish the facts before the hearing. Tim Kelsey and Daniel Poulter appear to be in denial about problems, and despite promising to listen seem to have wax in their ears. “I don’t trust the performances I’ve seen here today” said one MP and I’m with her on that.

Agonising is the appropriate word to describe my attempts to make sense of care:data, so God help patients who haven’t been reading about it. Today’s committee wouldn’t have helped, with both MPs and witnesses appearing confused. Even the Information Commissioner’s Office has given conflicting statements on the project (within 48 hours they went from being satisfied with the communication of the project to dissatisfied, somewhat incredibly). My gut instinct is that I want my data to be used for medical research for the reasons articulated by Ben Goldacre in his brilliant article for The Guardian at the weekend. But unless NHS England, HSCIC and the Department of Health get their acts together, even I’ll be wanting to opt out. And that’s if it doesn’t get axed, which based on today’s performance is increasingly likely. It could well lead to this baby being pitched right out on its ear.

Seriously, I just want to hear both sides

FOI Man wants a balanced and calm debate on sharing of personal data. Is that really too much to ask?

At the end of last week I posed two questions. Firstly, are we assuming the worst of any proposal to share data? And secondly, if this is the case, is it damaging to society?

I was aiming to start a debate, and to an extent I was successful. It generated a lot of heat, but for me at least, not much light.

Let me just reiterate what I was not saying. I wasn’t saying that it should be easier for organisations to share data. I wasn’t saying that the Data Protection Act or confidentiality law should be weakened. I wasn’t saying – necessarily – that I agree with any of the examples I gave, including the care:data programme (the plan that will allow a central NHS body to extract data about patients from GPs’ patient records, and then share that data with other approved bodies). My mind is open on this, which is why I wanted the debate – I wanted to be persuaded one way or the other.

The problem I have is that whilst there are lots of blog posts and newspaper articles telling us to opt out of care:data and describing the risks in emotive terms, I’ve seen very little explaining why, therefore, it is being done. Presumably if NHS England are pressing ahead with this, somebody is giving them alternative advice. Somebody thinks this sharing is legitimate. But I can’t find anything about this. I get told to opt out or my data will be sold to companies (though NHS England deny this, so what am I to believe?), and if I want to know more, I’m given a link to Mail Online (which obviously has a reputation for balanced reporting of these matters). Interestingly, none of these articles or posts appear to link to the relevant website provided by the Health & Social Care Information Centre. They all point to other articles which subscribe to the same view.

This is exactly what I was referring to in my last post – the debate about sharing of personal data is marked by hyperbole and polarised opinions. That’s not how I want to make my mind up about important issues.

A lot of the fault – probably most of the fault – for this lies with NHS England, who could, as has been pointed out, have communicated the aims and implications of this project far better. But a lot is down to the tone of the debate. Just raising the possibility that there is another side to the argument attracted pretty strong criticism.

I have friends outside the information rights profession (if there is such a thing) who don’t understand why there is such opposition to this proposal. Scientists in particular who can see the potential for life saving discoveries through analysis of data. To them this looks like scaremongering. These are not stupid people. They can be persuaded by reason and evidence. They’re not going to be persuaded by just telling them there are risks. They, like me, want to know all the arguments for and against, see the evidence, and then reach a reasoned decision.

At the start of next month I hope to attend a meeting of the National Association of Data Protection (and FOI) Officers. One of the speakers is a representative of MedConfidential who have been vocal in opposing care:data. I’ll be interested to hear what they have to say, but I’d really like to hear someone from NHS England or the Health & Social Care Information Centre give the other side before deciding whether to opt out and encourage others to do the same.



Is a disproportionate fear of “Big Brother” preventing us from seeing the big picture?

FOI Man asks if we’re in danger of throwing the baby out with the bathwater through an increasingly negative portrayal of the use of personal data.

It’s easy to see why many of us have concerns over the possibility of the security services accessing our email or listening in to our phone calls. What I’m increasingly worried about is what appears to be a widely held and instinctive view that any sharing of personal data – and even data that has been anonymised – is necessarily a “bad thing”.

The Liberal Democrats in particular were highly critical of the last government’s use of technology. One development which David Laws, now a Minister, criticised as “intrusive” was a national database called ContactPoint. It had been developed as a result of a recommendation by Lord Laming in his report on the death of Victoria Climbie. It allowed doctors, social workers and police to access details of any child, thereby helping to prevent situations where abuse of children went undiscovered because of poor communication between these services. When the current Government came to power, the system was scrapped.

The last government also tried to introduce central medical records for all NHS patients, which would mean that when you turned up at a hospital far from home, as I have done myself, doctors would have access to your medical records and history. Believe me, when you are in pain and desperate to be treated, the last thing that you want to do is to answer questions about your medical history. And that’s if you are in a position to answer those questions. This project was scuppered by its complexity and expense fundamentally, but there was a big campaign by critics to encourage patients not to allow their doctor to upload their details.

One aspect of recent NHS reforms is that GPs will be asked to share data about their patients’ care with a central body called the Health and Social Care Information Centre. Patients can choose to opt out if they wish by writing to their GP. The data will be shared with approved partners, for example the Department of Health. It will be used, for example, by medical researchers trying to find out what treatments are effective. The data is invaluable to such researchers – it could well save more lives than donating organs or the odd litre of blood. It will normally be shared in anonymised form unless the research concerned requires more information to be effective.

There has been the predictable outcry against this. And that’s really my point. It has become fashionable to criticise any sharing of personal data, even if anonymised, no matter what the purpose. It’s all about big brother.

I can understand some of the concerns. There are risks in building up big central datasets. There are lots of stories of individuals abusing access to personal data. Police workers who misuse the Police National Computer to check up on a neighbour, or GPs’ receptionists who read their ex-husband’s new wife’s medical records. But firstly, where this is discovered staff can be – and should be – disciplined and/or prosecuted. Protection of this data is what the Data Protection Act is all about, and breaches should be taken seriously. And secondly – we’re surely not saying that the Police National Computer should be shut down as a result of breaches. The greater good of being able to solve crimes through linking a large pool of data is generally accepted as justification. Indeed police were criticised following the Soham murders for not keeping data on there. Instead what we really want is a proportionate use of this data, and for effective safeguards to be put in place.

One popular claim is that there is no such thing as “anonymised data”. Academic studies are widely cited showing that it is possible to identify individuals within large datasets. However, what isn’t so widely reported is that there are other academics who argue that there are deficiencies in those studies and that they are, in any case, being misreported.

As a Data Protection Officer (as well as an FOI Officer), I would certainly want any organisation to assess the impact on individuals’ privacy of any proposed plan involving their personal data. I would expect them to consider which condition of the Data Protection Act justified this processing of the data. But it does worry me that we seem to be moving to a position where we assume that any processing of our data must be wrong by its very nature. Where organisations are discouraged from innovating or using data to potentially save lives because there is a risk, however small, that an individual might be identified (and an even smaller risk that that would actually have any real impact on the individual concerned).  What’s more, because this has become a political issue, there are few in government now prepared to champion the use of personal data for the benefit of all.

In my view, the current trend is damaging. If we continue to portray all use of personal data as wrong, it will become more and more difficult to offer public as well as private sector services. It will certainly become more difficult to improve them. Contributing personal data to society is at least as important as paying our way financially. Data Protection shouldn’t be about saying “no” all the time.