23 December 2007

After dozens of Heath Service trusts admitted “losing” the most personal information of tens of thousands of patients [1], campaigning group NO2ID [2], which has been critical of the NHS’s “Connecting for Health” programme as a danger to medical confidentiality, said that this is a predictable consequence of government policy. NO2ID urged more people to withdraw their consent for their medical records to be uploaded to the centralised “NHS Spine” database [3] and hospital doctors to fight the
bureaucratic drive to centralise all medical records.

Guy Herbert, NO2ID’s General Secretary said:

We are now starting to see the consequences of the Government obsession with information ’sharing’ and centralised IT in the NHS. If you care
about your privacy then keep your medical records between you and your doctor, and out of the hands of the Department of Health [4], if you can.

If it were really designed to help patients and clinicians, Connecting for Health would concentrate on creating secure methods of sending medical information from place to place as is was needed, giving the patient and the doctor control.[4] The technology exists. Instead it is build round feeding the information you thought was confidential into the Department of Health bureaucracy – the so called ‘secondary uses system’ – and putting it at the disposal of NHS management.

Medical understanding now stops hospital doctors from spreading disease for bureaucratic convenience as they did in earlier centuries. They wouldn’t let the Department of Health institute a needle-sharing programme on grounds of ‘efficiency’. They need to fight for data hygiene too. Or worse is yet to come.

-ENDS-

Notes for editors:

1) See, e.g. BBC News 23 Dec 2007: “Nine NHS trusts in England have admitted losing patient records in a fresh case of wholesale data loss by government services, it has emerged. Hundreds of thousands of adults and children are thought to be affected by the breaches, which emerged as part of a government-wide data security review.”
http://news.bbc.co.uk/1/hi/uk/7158019.stm

2) NO2ID is the UK-wide non-partisan campaign against ID cards and the database state. See http://www.no2id.net/dbstate.php for a list of ‘database state’ initiatives that NO2ID is actively opposing.

3) The NHS Confidentiality Campaign (an affiliate of NO2ID) explains more:
http://www.nhsconfidentiality.org/?page_id=3
Its website includes a downloadable form letter you can send to your GP insisting your records are not uploaded to the spine:
http://www.nhsconfidentiality.org/optoutletter

4) The Department of Health insists that it owns your most intimate medical details. So, for example, the sensitive records held by sexual health clinics and psychiatric units is to be centrally consolidated, even where you are entitled to withhold them from your own GP.

See The Guardian, 6 July 2006: “Patients, not the state, own medical records, says GP”
http://www.guardian.co.uk/technology/2006/jul/06/epublic.guardianweeklytechnologysection

18 December 2007

Following admissions that 3 million more people’s personal details have been compromised – this time by the DVLA [1] – civil liberties and privacy campaign NO2ID [2] last night called it a crime. The group demands an immediate freeze on all mass transfer of private information between government agencies and for the scrapping of the ID cards and ‘Transformational Government’ [3] programmes.

Phil Booth, NO2ID’s National Coordinator, said:

For all its spin about tackling identity fraud, the government is clearly the largest contributor to the problem. The HMRC and DVLA breaches to which ministers have admitted are just the most visible examples [4] of a deliberate government policy of abusing the privacy of citizens whenever it is convenient. These abuses must stop now.

The British public isn’t fooled by reviews and platitudes. ‘Trust in me’ won’t work any more. To proceed with ID cards and yet more ‘data-sharing’ in such circumstances is not just arrogant and stupid – it’s a crime.

That may be literally true. If any private body had policies that predictably made fraud and blackmail more likely, then under recent legislation it would be ‘involved in serious crime’ [4]. We don’t need a review blaming some junior or some procedural fault. We need ministers to be served with Serious Crime Prevention Orders under their own legislation.

-ENDS-

Notes for editors

1) http://news.bbc.co.uk/1/hi/uk_politics/7147715.stm – ‘Millions of L-driver details lost’, BBC, 17/12/07

2) NO2ID is the UK-wide non-partisan campaign against ID cards and the database state. Scroll down http://www.no2id.net for a list of ‘database state’ initiatives that NO2ID is actively opposing.

3) The ‘Transformational Government’ agenda, most recently articulated in the ‘Service Transformation Agreement’ published this October clearly states (paragraph A.5, p 19) that the new Ministry of Justice is to “deliver a package of measures over the next 3-5 years to overcome current barriers to information sharing within the public sector.” – http://www.hm-treasury.gov.uk/media/B/9/pbr_csr07_service.pdf

4) Serious Crime Act 2007 -
http://www.legislation.gov.uk/acts/acts2007/ukpga_20070027_en_1 (Which
paradoxically provides, among other things, for detailed financial information held by HMRC about individuals to be arbitrarily shared with organisations at home or abroad for “fraud prevention”.)

5) Since the first announcement on the HMRC scandal, serious breaches have been reported from:

HMRC – loses 2 more CDs on top of the 2 CDs containing the details of 25 million individuals, 22/11/07. Apology letters containing more personal
details were sent, some to the wrong address, others of which were not even properly sealed in their envelope.

DWP – loses the financial details of 40,000 housing benefit claimants, 2/12/07.

Sefton Primary Care Trust – mislays details of 2,000 people, 11/12/07.

CAB (NI) – loses laptop with 60,000 people’s personal details on it, 12/12/07.

Department of Health – loses personal details of 3,000 individuals, 14/12/07.

DVA (NI) – loses personal details of 7,600 individuals.

These are known and reported problems. Given that the Information Commissioner has been hearing the ‘confessions’ of departments and agencies
across government, NO2ID expects this list to grow.

11 December 2007

BARELY a fortnight after the HMRC revealed it had ‘lost’ the personal details and bank details of up to 25 million people [1], another government agency has admitted to losing discs of sensitive information.

The Driver and Vehicle Agency in Northern Ireland (DVAni) sent two compact discs containing details of 6,000 people, unencrypted, to the UK’s DVLA centre in Swansea on November 20 and 21-about the same time as Alistair Darling was announcing the previous massive data loss to the Commons [2]. They never arrived.

Phil Booth, NO2ID National Coordinator, said:

Another day, another catastrophe. The government has no idea how to treat your confidential information-or doesn’t care.

The government tells us that driving licenses are one of the primary sources of proving our identity – yet here they are handing them out by the thousand.

Unless the government gives up its headlong, unthinking rush towards information suicide, this sort of blunder is the sign of the future.

Although the loss of names and addresses, car registrations and even bank details could have disastrous consequences for those affected, if the government gets its way the details potentially being posted and lost or drawn from databases accessible to hundreds of thousands of people will contain far more consolidated information, including biometric scans. It is possible to reissue a bank card or account, but not our fingers and eyes.

Information on the two missing discs included registration number, chassis number, make, model and colour of 7,685 vehicles, and the names and addresses of more than 6,000 registered owners. Northern Ireland’s Environment Minister Arlene Foster said she was “not optimistic” of the discs being found.

Notes for editors:

[1] See http://news.bbc.co.uk/1/hi/northern_ireland/7138408.stm

[2] See http://news.bbc.co.uk/1/hi/uk_politics/7103566.stm

[3] NO2ID is the UK-wide non-partisan campaign against ID cards and the database state. See http://www.no2id.net/dbstate.php for a list of ‘database state’ initiatives that NO2ID is actively opposing.