FOI Man asks if we’re in danger of throwing the baby out with the bathwater through an increasingly negative portrayal of the use of personal data.
It’s easy to see why many of us have concerns over the possibility of the security services accessing our email or listening in to our phone calls. What I’m increasingly worried about is what appears to be a widely held and instinctive view that any sharing of personal data – and even data that has been anonymised – is necessarily a “bad thing”.
The Liberal Democrats in particular were highly critical of the last government’s use of technology. One development which David Laws, now a Minister, criticised as “intrusive” was a national database called ContactPoint. It had been developed as a result of a recommendation by Lord Laming in his report on the death of Victoria Climbie. It allowed doctors, social workers and police to access details of any child, thereby helping to prevent situations where abuse of children went undiscovered because of poor communication between these services. When the current Government came to power, the system was scrapped.
The last government also tried to introduce central medical records for all NHS patients, which would mean that when you turned up at a hospital far from home, as I have done myself, doctors would have access to your medical records and history. Believe me, when you are in pain and desperate to be treated, the last thing that you want to do is to answer questions about your medical history. And that’s if you are in a position to answer those questions. This project was scuppered by its complexity and expense fundamentally, but there was a big campaign by critics to encourage patients not to allow their doctor to upload their details.
One aspect of recent NHS reforms is that GPs will be asked to share data about their patients’ care with a central body called the Health and Social Care Information Centre. Patients can choose to opt out if they wish by writing to their GP. The data will be shared with approved partners, for example the Department of Health. It will be used, for example, by medical researchers trying to find out what treatments are effective. The data is invaluable to such researchers – it could well save more lives than donating organs or the odd litre of blood. It will normally be shared in anonymised form unless the research concerned requires more information to be effective.
There has been the predictable outcry against this. And that’s really my point. It has become fashionable to criticise any sharing of personal data, even if anonymised, no matter what the purpose. It’s all about big brother.
I can understand some of the concerns. There are risks in building up big central datasets. There are lots of stories of individuals abusing access to personal data. Police workers who misuse the Police National Computer to check up on a neighbour, or GPs’ receptionists who read their ex-husband’s new wife’s medical records. But firstly, where this is discovered staff can be – and should be – disciplined and/or prosecuted. Protection of this data is what the Data Protection Act is all about, and breaches should be taken seriously. And secondly – we’re surely not saying that the Police National Computer should be shut down as a result of breaches. The greater good of being able to solve crimes through linking a large pool of data is generally accepted as justification. Indeed police were criticised following the Soham murders for not keeping data on there. Instead what we really want is a proportionate use of this data, and for effective safeguards to be put in place.
One popular claim is that there is no such thing as “anonymised data”. Academic studies are widely cited showing that it is possible to identify individuals within large datasets. However, what isn’t so widely reported is that there are other academics who argue that there are deficiencies in those studies and that they are, in any case, being misreported.
As a Data Protection Officer (as well as an FOI Officer), I would certainly want any organisation to assess the impact on individuals’ privacy of any proposed plan involving their personal data. I would expect them to consider which condition of the Data Protection Act justified this processing of the data. But it does worry me that we seem to be moving to a position where we assume that any processing of our data must be wrong by its very nature. Where organisations are discouraged from innovating or using data to potentially save lives because there is a risk, however small, that an individual might be identified (and an even smaller risk that that would actually have any real impact on the individual concerned). What’s more, because this has become a political issue, there are few in government now prepared to champion the use of personal data for the benefit of all.
In my view, the current trend is damaging. If we continue to portray all use of personal data as wrong, it will become more and more difficult to offer public as well as private sector services. It will certainly become more difficult to improve them. Contributing personal data to society is at least as important as paying our way financially. Data Protection shouldn’t be about saying “no” all the time.
The idea that contributing my data to this year’s doomed political wheeze is analogous to paying my taxes to keep public services going is so completely alien to me, I probably can’t make a sensible contribution. I have the opposite perspective – the public and the private sector should have access to as little information about people as they need to keep things ticking over, unless with consent. If UK-wide access to my health data is so much in my benefit, what possible reason could there be for not giving me a choice about it? I think comparing NHS databases with the PNC is positively eccentric – the PNC is a crime-fighting tool that affects a minority of the population, and the criteria for entry is having (or beings suspected of having) committed a crime. The intrusion is justified, even though the PNC is a terrible example of what you’re advocating because it is so full of errors, so unfairly run (with massive retention periods for even minor cautions) and rampant inappropriate access which strong action does not deter. The criteria for entry on NHS systems is being human – think of all the insurance companies, PPI text spammers, ambulance chasing lawyers and banks who would love to get access. Whether it’s through blatant theft or deals with the government, more and more will leech out.
I absolutely think that Data Protection should be much more widely understood and not used – like health and safety – as a barrier to data sharing. But sharing and disclosure without consent should be the exception. I think the idea that I have some kind of duty to give my information to the state is preposterous. The public and private sector’s hunger for more and more personal data should be treated with scepticism, if not outright resistance.
The problem is that, although in theory you are quite right that anybody accessing such data without a good cause is going to be subject to disciplinary action and/or criminal prosecution, the reality is that in all probability most people that do it will never get caught.
It is of course impossible to know how many people don’t get caught, but it’s reasonable to suppose that it is likely to be a large proportion of those who access records inappropriately.
Systems handling sensitive records such as health records will hopefully have good audit trails in place to record who is looking at what (though there is still a problem of credential sharing) but an audit trail will only detect abuse if it is regularly reviewed and if the person reviewing it has a way of telling whether or not an access was appropriate.
I think there are some interesting things which could be done in this area to greatly increase the level of monitoring by crowdsourcing the work, and I wrote about this in the context of the NHS Summary Care Records several years ago.
Cat, meet pigeons.
I’ve already got a half-drafted post on care:data/HSCIC, and I think you’ve just prompted me to finish it (what a way to spend a sunny afternoon off eh?). For time being, I will just say that if you’re coming to NADPO’s September seminar you might hear a contrary view.
You are an outstanding chap, but really, your post has managed to wake me out of my redaction-induced stupor…
Para 1: I think that data sharing is a lovely thing when it is done right, with full consent and understanding of the consequences. That is why it gets a bad name – there is almost never any proper understanding and consent.
Para 2: ContactPoint was scrapped because of money and because the new administration did not want another big IT cock up, which is what all very large public sector IT projects end up being. The fact that some MPs wandered about saying that it was intrusive is neither here nor there. The decision was made at the Treasury.
Para 3: I refer you to what I said about para 1 – if it were not for such campaigns and outcry, it would have happened and we would hardly know about it. It is communication and consent that is so often lacking – the campaigns are necessary, because without them, there would be even less awareness. And anyway, as you say, Connecting for Health mucked up a project and wasted £billions. I am not sure that the campaigns had any effect on the outcome, other than informing us.
Para 4: “Patients can choose to opt out if they wish by writing to their GP” Er… only if they know about it. There is no plan to tell anyone at all, really. HSCIC had decided that if patients did not object to having information uploaded on the NHS Spine, then they have magically consented to this new, very detailed information collection.
Para 4: “The data will be shared with approved partners, for example the Department of Health”. Dude, try looking at the price list for buying data. There is a committee that oversees who has access, but there is so little guidance about who will get to look at this that I do not share your confidence at all.
Para 4: “It will normally be shared in anonymised form unless the research concerned requires more information to be effective.” Is this supposed to be reassuring?
Para 5: It may be predicatable but that does not mean that it is not appropriate. As for the outcry, ask most people and they will not know about this – so the outcry is not loud enough.
Para 6: People do not necessarily say that a system itself should be scrapped – they want informed consent. If you had that much, at lot of people would be happier.
Para 7: I struggle to believe in non-anonymised data. But I yield to you as you know far more than me about this (someone clever, for God sakes, contradict him).
Para 8+9 do you not follow Tim Kelsey on Twitter? He wants all of our pd to be accessible… who are these politicians who care about personal data? Letwin, who chucked constituents’ letters in the bin in a park instead of shredding?
Thank you for the chance to rant.
Thanks Kid, and the feeling is mutual. I did say I was putting the cat amongst the pigeons…
But I don’t really think that I’ve said anything that is in fundamental conflict with your views, or Tim’s or Jon’s to be honest. I haven’t argued that data should be shared without consent. I haven’t argued against informing patients. All I’ve said is that I think that there is a tendency to assume the worst, and that I think that is damaging. And I also do think that we need to look at the broader benefit to society in discussing projects like this. It may well be that there are serious flaws in the care:data programme or in the other examples I’ve mentioned. And I may not have articulated myself particularly well. But I do think that there is an issue here. I don’t think what I’ve said is unreasonable as a question, but it’s interesting to see the response it provokes.
I think the suggestion that contributing data is the same as ‘paying our way financially’ is unreasonable. It implies an obligation, something which one cannot opt out of, something which is just a fact of life. I reject that line of thinking completely.
I also think it should be really difficult for the government, or Facebook/Google/Apple, or any other big powerful institution to point at the little guy and say that you owe it to society / future generations / the free internet to give us your data. They shouldn’t quite tear the data from our cold, dead hands, but it shouldn’t be any easier than it is now.
I haven’t argued that it should be easier. I’ve just said that people ought to consider both sides of the argument. And in some, but not all, cases, people should consider the general value to society above themselves. But I grant you that it’s easier to just assume that the Government and others are always wrong. Doesn’t mean it’s right though.
Pingback: An unshared perspective | inforightsandwrongs
I’ve now uploaded a rather rushed blog post in response http://informationrightsandwrongs.com/2013/08/16/an-unshared-perspective/
It’s all about money and cost. In principle it is not hard to have a system of informed consent. It just requires the will, the planning (Privacy by Design and impact assessment), and the right policy and training. When I had to have hospital treatment in early 2012 I was way impressed by how much progress NHS Wales had made in this area. Every new discipline I saw, including the consultants, always started by asking whether they could look at my records.
Personally I couldn’t care less what others know about me (other than things that will cause me harm such as my PINs and passwords) but understand the genuine and not unreasonable views of those in the opposite camp. On the other hand I am a bit of a pedant and do expect to be given an option where the law requires it, and would be quite willing to complain if things were done without consent.
In my view the NHS and ICO are wrong and this requires a positive opt-in, not just a privacy notice. Whilst it may be that in DPA terms they can invoke some of the non-consent conditions, such as Schedule 3 Para 8 or SI 2000 No. 417 or para 9, my medical data IS confidential, and consent to waive confidentiality cannot be implied in these circumstances.
Yet again there is a fudging of the two distinct purposes of a privacy notice : informing people what they are consenting to so that the consent is genuinely informed; and informing people what you will be doing without their consent under some other applicable condition.
You’ll have to forgive the slightly emotive analogy I’m about to use, but this reminds me of discussions I used to have with the Revolutionary Communist Party stalwarts trying to sell me the latest copy of Living Marxism (or whatever it was called) when I was an undergrad.
I realised after reading one of their magazines that they were pro nuclear power. As someone who viewed themselves as ‘on the left’ and firmly anti-nuclear, I asked them how they reconciled these two (to me, at least) conflicting positions. Their view was that there wasn’t anything inherently wrong in the technology, just the way it was managed and the ends to which it was put.
I suggested to the comrade from the RCP that all the evidence available suggested that nobody, of any political persuasion, seemed to be capable of managing nuclear energy safely or beneficially, particularly if you took into account the back end issues of storing tons of radioactive waste for a very very long time. They stuck to their position that, if controlled and managed by the right people, it could be done safely and for public benefit. And I stuck to mine, which was that sometimes you have to accept that a technology is not a value-free, neutral, phenomenon. Sometimes you have to accept that there is something inherently dangerous or corrupting that is integral to a particular type of technology.
I realise this may seem a somewhat overblown comparison, but I think it has some merit. We already have evidence of what bad things can be done by the accumulation and cross-tabulation of personal data by regimes of all stripes. And while we may see some limited benefits, either personally or societally, in the short term, I am not convinced that we understand the back end waste disposal issues, the avoidance of contamination, how to safely manage the substances we create, and how we prevent misuse of the potential for less beneficial ends.
So, for the time being, I’d rather personal data (particularly that held by or on behalf of the state) was collected with explicit consent, limited in nature, and only held for the purpose that the data subject was told about when they were asked to volunteer their data. Agencies involved in things like child protection can talk to each other without the lubricant of data-sharing, and hospitals and GPs can treat me without passing on my information to pharmaceutical companies.
Pingback: » Seriously, I just want to hear both sides FOI Man