Tag Archive for Data sharing

FOIMan News

FOIMan highlights some recent developments of interest.

NEWS1

Water utilities are not subject to FOI. However, they are apparently subject to the Environmental Information Regulations according to a new Upper Tribunal decision. The long and complex decision has been reproduced on the Panopticon blog.

In the perennial debate over its cost, Tim Turner has used FOI to demonstrate that one police force complaining about the expense of answering requests from the public spends over 6 times as much on public relations staffing as it does on FOI support.

On the Data Protection front, the Alzheimer’s Society has published a guide to Accessing and Sharing Information when acting on behalf of someone with dementia.

Training and other services

Over the last year I’ve been invited to deliver in-house training for a number of clients including local authorities, schools and universities. I’ve updated my Training page if you’d like to know more, and you can also download a leaflet about my services. Get in touch for a quote if you’re thinking about ways to improve your colleagues’ awareness of FOI, data protection, local government transparency or records management.

FOIMan News to 18 July 2014

FOIMan reports on the latest FOI and information rights news stories.

The Information Commissioner's Annual Report was published this week.

The Information Commissioner’s Annual Report was published this week.

Information Commissioner uses launch of Annual Report to call for more resources and powers

 

The Information Commissioner, Christopher Graham, launched his office’s Annual Report for 2013/14 on Tuesday 15 July. Following on from his reported comments at an internal meeting earlier this year, Mr Graham highlighted the state of funding of his office, saying:

…to do our job properly, to represent people properly, we need stronger powers, more sustainable funding and a clearer guarantee of independence.

Law Commission advises Government to set up a comprehensive review of data sharing law

Last year the Law Commission opened a consultation on data sharing with a view to identifying perceived hurdles to data sharing in the UK. Last week (11 July) the Commission published its report on the consultation. It recommends a “full law reform project”:

…to create a principled and clear legal structure for data sharing, which will meet the needs of society.

It suggests that the project should map, clarify and modernise statutory provisions around data sharing, as well as looking at “soft law” such as guidance, Codes of Practice and sharing of best practice. The report was made to the Secretary of State for Justice, Chris Grayling.

Schools Trust holds information says Tribunal – eventually

In a week when the Education Secretary was removed from office, scrutiny fell on the complicated arrangements behind many academies, and the implications for FOI. Geraldine Hackett, a journalist, wanted to see the employment arrangements of the Chief Executive of the United Learning Trust, a Trust behind a number of academy schools. The Trust argued that they did not hold the information as the Chief Executive was employed by the Trust’s parent body, the United Church Schools Foundation Ltd. This argument had been upheld by the Information Commissioner and the First-Tier Information Tribunal. The Upper Tribunal overturned the FTT decision on a technicality and asked for a new First-Tier Tribunal to reconsider the case.

This time, the FTT found that because the information was held in filing cabinets that the Trust’s staff had access to, the information was held. The decision is in line with the important University of Newcastle Upper Tribunal decision which stated that “[h]old…is an ordinary English word and is not used in some technical sense…”. It also confirms the overall trend of decisions around the definition of “held” since then which suggests that if there is any doubt, the public authority probably holds the information in question. Robin Hopkins has analysed the case in more depth on 11KBW’s Panopticon Blog.

Data retention emergency legislation DRIPs through Parliament

The controversial emergency Bill requiring communications providers to retain data on telephone and internet use received Royal Assent in the same week that it was introduced to Parliament. It followed the European Court of Justice’s decision in April that the existing European Directive was unlawful as it represented a disproportionate intrusion into individuals’ privacy. At the time, the court said that the Directive:

entails an interference with the fundamental rights of practically the entire European population.

DPA without the Lawyer

DPA without the Lawyer

Publication of the Week

In a slight departure, this week I’m going to highlight a new book from The Centre for Investigative Journalism called DPA without the Lawyer. This is the latest in the series of books (including FOIA without the Lawyer and EIRs without the Lawyer) put together by the team at Request Initiative. DPA without the Lawyer is written by Jenna Corderoy and Brendan Montague and explains how journalists can take advantage of the subject access requirements of the Data Protection Act in their investigations.

 

FOIMan can deliver training in Freedom of Information, Data Protection and other information rights issues in your own premises. Get in touch for further details.

Wanting to get data sharing right is not time-wasting

FOIMan is concerned that legitimate questions and concerns about data sharing are too often dismissed by those in a rush to exploit big data. And explains that this is nothing new.

Ambulances at A&E

Ambulances outside A&E

Years ago I worked for a hospital NHS Trust. Soon after I started, I was invited to a meeting with local police, council officers, a representative from the Department of Health and a manager from our own A&E department. The meeting was to discuss sharing A&E data with the police and local council.

This was part of a national programme sponsored by the Home Office. Academic research had found that where police had access to certain A&E data, crime – and particularly violent crime – dropped as they could target hotspots. A&E admissions also dropped. So win-win. The Home Office was obviously very interested in this and was pushing for all hospitals with an A&E department to share data in this way.

I was new to the job, and to data sharing, so I needed to know a few things. One of the key questions any DP Officer worth their salt needs to know in this situation is what legal power they have to share the data. So I asked, and nobody knew (which was interesting in itself, given this was supposedly a national project). They said they’d ask the doctor who’d done the original research to contact me and let me know.

So one afternoon I received a call from him. Initially he was very pleasant but he didn’t actually tell me what I needed to know. When I pushed him on this, his response was to angrily tell me that people were dying because I was delaying the project.

Eventually (and with no thanks to the researcher or the Home Office) I reached agreement with the community team. We would share some of the data they wanted (but not all), and the agreement stated that the police were not allowed to put the data together with their own to enable reidentification of individuals who may have been in contact with both organisations.

There seems to be an attitude from NHS England at the moment that is reminiscent of this episode. Reasonable questions about safeguards are being dismissed. Rational concerns about privacy are portrayed as preventing progress. I’m not someone who is blind to the benefits of care.data or other big data projects. But I want them to be handled properly and to have confidence in those looking after the data.

When concerns like these are dismissed as time-wasting or a failure to understand, it bothers me. And I suspect it bothers lots of other people too, whatever their views on the benefits of the individual project. It feels high-handed, as though the medical establishment doesn’t really care about the views or privacy of the public as long as they get their precious data. I’m sure that isn’t the case, but a continued failure to acknowledge legitimate concerns allows this impression to grow.

Photograph by D-G-Seamon [CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Wikimedia Commons

Care:crash

IMG_0337FOIMan despairs of the way the care:data project is being handled.

Care:data has literally kept me awake at night. Six months ago I wrote a piece which referenced care:data as an example of what I perceived to be a knee jerk reaction to any proposal to share personal data. That was a mistake. But that’s only part of the reason for my angst.

I still think that data protection practitioners need to be careful not to be known as “Doctor No”. I do worry that often, through a polarisation of views on these issues, there is a risk that “the baby is thrown out with the bathwater” in projects that involve personal data processing. And I also worry that because of the polarisation that happens, the debate – or argument, as too often it can be categorised – becomes bitter and often personal.

I have been concerned, and remain concerned, that it has been impossible for patients, practitioners and others to get to the bottom of what is happening with care:data. This is not just because of the failings of NHS England, who of course bear the primary responsibility for the problems that have emerged. But I have also felt uneasy about the information coming from opponents of care:data which has been one-sided, often verging on propaganda (for example, posters for GPs to place in their surgeries explaining only why patients should opt out are not really “informing patients” in my view). I also question whether activity that verges on trolling of NHS representatives on Twitter and elsewhere is the best way to make the case for privacy. These activities have alienated me, and perhaps many others who might have been persuaded by a more balanced approach (though I was pleasantly surprised to find that Phil Booth of MedConfidential and Nick Pickles of Big Brother Watch came over as measured during today’s committee hearing, and didn’t respond to the bait laid by some MPs asking them if they were insisting that care:data be made “opt-in” only).

But the truth is that just from watching this afternoon’s Health Select Committee session on care:data, it is clear to see that there are major problems with the project. They go way beyond communication – though that has been lamentable (no, I didn’t get the leaflet either). The witnesses from NHS England and the Health and Social Care Information Centre in particular were very poor. It was not unexpected that the MPs would want to ask about the disclosure to the Actuaries society reported in the Telegraph. So why wasn’t Max Jones of HSCIC better briefed beforehand? It is simply incredible to claim not to have any information on it because it happened when the organisation was in a previous form. There was time to establish the facts before the hearing. Tim Kelsey and Daniel Poulter appear to be in denial about problems, and despite promising to listen seem to have wax in their ears. “I don’t trust the performances I’ve seen here today” said one MP and I’m with her on that.

Agonising is the appropriate word to describe my attempts to make sense of care:data, so God help patients who haven’t been reading about it. Today’s committee wouldn’t have helped, with both MPs and witnesses appearing confused. Even the Information Commissioner’s Office has given conflicting statements on the project (within 48 hours they went from being satisfied with the communication of the project to dissatisfied, somewhat incredibly). My gut instinct is that I want my data to be used for medical research for the reasons articulated by Ben Goldacre in his brilliant article for The Guardian at the weekend. But unless NHS England, HSCIC and the Department of Health get their acts together, even I’ll be wanting to opt out. And that’s if it doesn’t get axed, which based on today’s performance is increasingly likely. It could well lead to this baby being pitched right out on its ear.

Seriously, I just want to hear both sides

FOI Man wants a balanced and calm debate on sharing of personal data. Is that really too much to ask?

At the end of last week I posed two questions. Firstly, are we assuming the worst of any proposal to share data? And secondly, if this is the case, is it damaging to society?

I was aiming to start a debate, and to an extent I was successful. It generated a lot of heat, but for me at least, not much light.

Let me just reiterate what I was not saying. I wasn’t saying that it should be easier for organisations to share data. I wasn’t saying that the Data Protection Act or confidentiality law should be weakened. I wasn’t saying – necessarily – that I agree with any of the examples I gave, including the care:data programme (the plan that will allow a central NHS body to extract data about patients from GPs’ patient records, and then share that data with other approved bodies). My mind is open on this, which is why I wanted the debate – I wanted to be persuaded one way or the other.

The problem I have is that whilst there are lots of blog posts and newspaper articles telling us to opt out of care:data and describing the risks in emotive terms, I’ve seen very little explaining why, therefore, it is being done. Presumably if NHS England are pressing ahead with this, somebody is giving them alternative advice. Somebody thinks this sharing is legitimate. But I can’t find anything about this. I get told to opt out or my data will be sold to companies (though NHS England deny this, so what am I to believe?), and if I want to know more, I’m given a link to Mail Online (which obviously has a reputation for balanced reporting of these matters). Interestingly, none of these articles or posts appear to link to the relevant website provided by the Health & Social Care Information Centre. They all point to other articles which subscribe to the same view.

This is exactly what I was referring to in my last post – the debate about sharing of personal data is marked by hyperbole and polarised opinions. That’s not how I want to make my mind up about important issues.

A lot of the fault – probably most of the fault – for this lies with NHS England, who could, as has been pointed out, have communicated the aims and implications of this project far better. But a lot is down to the tone of the debate. Just raising the possibility that there is another side to the argument attracted pretty strong criticism.

I have friends outside the information rights profession (if there is such a thing) who don’t understand why there is such opposition to this proposal. Scientists in particular who can see the potential for life saving discoveries through analysis of data. To them this looks like scaremongering. These are not stupid people. They can be persuaded by reason and evidence. They’re not going to be persuaded by just telling them there are risks. They, like me, want to know all the arguments for and against, see the evidence, and then reach a reasoned decision.

At the start of next month I hope to attend a meeting of the National Association of Data Protection (and FOI) Officers. One of the speakers is a representative of MedConfidential who have been vocal in opposing care:data. I’ll be interested to hear what they have to say, but I’d really like to hear someone from NHS England or the Health & Social Care Information Centre give the other side before deciding whether to opt out and encourage others to do the same.