Slowly, we are waking up to the enormous risk to personal privacy posed by the misuse of personal information.
Big Brother Watch’s report into the data protection breaches in the NHS highlighted a number of harrowing individual cases. However, the wider cultural question is the one which should be of greatest concern.
In an age when ever more personal information is collected as a matter of routine by both the public and private sector, how that information is held and protected is of critical importance. When that information is of the kind of sensitive details found in medical records, lax attitudes towards confidentiality and privacy are unacceptable.
Despite the much publicised decision to scrap the last Government’s NHS IT boondoggle, one element was quietly retained – the Summary Care Record.
As highlighted by our report ‘Broken Records’, this system will allow more than 100,000 non-medical staff access to patient information, with no requirement or check that they have any need to see the contents of a record.
There are clear steps that can be taken. Proper audit trails of who accesses records – assigned to individuals, not terminals – will add accountability, and much more robust training about the importance of privacy.
This kind of measures will help develop a more rigorous and respectful culture around personal information. Equally important is the work being done by a range of groups to highlight the incidents that would otherwise go unreported and to keep up the pressure for more attention to be paid to the problem.
Furthermore, there are two fundamental changes that are of a more serious nature. Firstly, infringing the privacy of someone – be they a patient, customer or marketing database entry – should be treated far more seriously. Verbal warnings and counselling appear frequently in the research we conduct, and only in a small proportion is employment terminated.
Secondly, the penalties under the Data Protection Act are clearly inadequate. The corporate penalty is of insignificance to the large organisations that hold the most information, while individuals are likely to escape with a small fine.
There is also a broader question that should be asked much more frequently – how much information is needed to provide the service in the first place? Big Brother Watch will be talking much more in future about the tendency of organisations in both the public and private sector to harvest as much information as possible. Simply, the greater the volume of information held, the greater the risk to our privacy.
There is one final, legislative step that requires urgent attention. The Justice Select Committee was the latest body to call for prison sentences to be available to judges presiding over cases involving breaches of the Data Protection Act, a move Big Brother Watch had previously said is much needed along with the Information Commissioner.
This power has already been legislated; however it remains to be enacted.
If the Coalition is serious about civil liberties and protecting privacy, delaying further on giving courts the tools to protect our personal information is unforgivable.
* Nick Pickles is Director of Big Brother Watch.