The revelation that NHS trusts are routinely sending personal records for processing in a nation with no data protection legislation reminds me of when a former Inland Revenue CIO suggested (at a PITCOM meeting) that it be made a criminal offence to send data collected under statutory powers off-shore for processing. He had discovered that, despite a prohibition in the contract, one of their suppliers had sent a file containing current records to the USA for testing they had been told was being done in the UK.
He was angry not only at what had happened but that it appeared there was no real means of ensuring that it would not happen again. More-over he was concerned that a future government might allow routine processing to be moved off-shore.
That was over a decade ago.
Today major data centres (whether they call themselves Cloud computing operations or not) routinely time-shift their work loads around the world. But the problem is not the location of the data centre. It is the location of the administrative staff entering and accessing the records and running the call centre support operations.
Over the next couple of weeks you have an opportunity to do something about it.
Have you thought of asking your local parliamentary candidates what they think?
It needs a succinct question that cannot be waffled away by reference to “safe harbours” and “contractual safeguards” – as per the official party line – if there is one. These are meaningless unless back up by enforceable (and enforced) penalty clause, as in the global information governance regimes of the financial services industry.
I rather like: “Should it be legal for your personal data, e.g. medical, tax or benefit records, to be sent to Africa, Asia or the Americas without your explicit permission?”
I think this over-rules an answer that we have no choice over it being processed elsewhere within the EU.
At this point I have to say that I am not certain what my own answer would be.
There are some operations in India that have very much better security that some of the current NHS operations in the UK. And most are probably no worse that the UK average.
But I personally remain more concerned over the accuracy of my medical records rather than their security. The summary report of the recent workshop , Uncovering the Truth organised by the Audit Commission and the Information Society Alliance is now available – as well as the tapes. Read, listen, be very afraid – and consider the consequences.
Opening up the files of govrnment to public scrutiny is likely to lead to a series of scandals as the scale of inaccuracy is revealed.
Central Government will then have to rebuild its information management skills, from the top down, before we once again (as in the pre-Internet age) give it the benefit of any doubt when questions arise over trust in the “evidence” it uses to support policy decisions and resource allocations, let alone its treatment of individual cases.