The Data Protection Act may not be enough to protect
people's privacy - new rules must be made about access to
electronic records, says Ian Gibson.
Rapid advances in IT hold immeasurable benefits for
society, but suspicions about new technologies and the potential
ways in which they might be used are both inevitable and often
quite valid.
As access to information becomes increasingly immediate, there is a
growing sense of vulnerability regarding the right to
confidentiality and privacy.
Figures from the Office of the Information Commissioner, published
last year, showed that there had been a threefold increase in
enquiries about data protection over the previous two years.
In June last year, the home secretary sought to extend the
Regulation of Investigatory Powers Act to allow private e-mail and
telephone records to be shared among more than 1,000 government
agencies.
Although this proposal was withdrawn following strong protests,
legislation that is rushed through at times of urgent security
concerns could have long-term detrimental effects regarding trust
in the government and the protection of privacy.
Failure to address this issue could also hinder the success of the
government's aim of making all its services available
electronically by 2005.
In the field of medical research, the increasing use of databases
has immense potential for spreading and generating knowledge and
increasing the scope and efficiency of healthcare.
The government aims to have created an NHS Direct national patient
database by summer 2004, which will enable healthcare professionals
to handle calls from different parts of the country.
More specialist databases are also being set up, such as a database
for bone marrow donors, which will provide a life-saving resource
for people in need.
The UK Biobank is also being established, which is a database
detailing the genotype, lifestyle and environmental exposures of up
to half a million people, which will help researchers uncover what
contribution these factors make to common disorders.
But there are understandable concerns regarding the ownership and
confidentiality of such information. What if, for example,
insurance companies or employers were able to access someone's
genetic information?
The government has promised to ensure that the regulatory framework
around genetics and health continues to anticipate and address
public concerns.
In the case of the Biobank, only anonymised genetic information and
clinical data will be released to third parties and information
from the NHS Direct database cannot be disclosed to third parties
without patient consent.
However, the Data Protection Act contains exemptions which allow
the police to gain access to personal data to prevent or detect
crime, or to apprehend or prosecute offenders. The police can
access research samples by means of a search warrant and genetic
research databases cannot guarantee personal information will not
be divulged to the police or other law enforcement agencies.
Last year, a Privacy International survey of human rights in 53
countries revealed a widespread watering down of data protection.
The UK was singled out for its "pathology of antagonism towards
privacy".
If we are to collect and use information with a view to a socially
and scientifically progressive end, it is imperative that we also
set and enforce the limits of our activities with transparency and
care.
What do you think?
Do you think the boundaries of data protection should be
strengthened?
Tell us in an e-mail >>
ComputerWeekly.com reserves the right to edit and publish
answers on the website. Please state if your answer is not for
publication.
Ian Gibson MP is chair of the House of Commons
Science and Technology Select Committee