Thought for the day: Set stronger privacy boundaries

The Data Protection Act may not be enough to protect people's privacy - new rules must be made about access to electronic...

New Asset  
The Data Protection Act may not be enough to protect people's privacy - new rules must be made about access to electronic records, says Ian Gibson.



Rapid advances in IT hold immeasurable benefits for society, but suspicions about new technologies and the potential ways in which they might be used are both inevitable and often quite valid.

As access to information becomes increasingly immediate, there is a growing sense of vulnerability regarding the right to confidentiality and privacy.

Figures from the Office of the Information Commissioner, published last year, showed that there had been a threefold increase in enquiries about data protection over the previous two years.

In June last year, the home secretary sought to extend the Regulation of Investigatory Powers Act to allow private e-mail and telephone records to be shared among more than 1,000 government agencies.

Although this proposal was withdrawn following strong protests, legislation that is rushed through at times of urgent security concerns could have long-term detrimental effects regarding trust in the government and the protection of privacy.

Failure to address this issue could also hinder the success of the government's aim of making all its services available electronically by 2005.

In the field of medical research, the increasing use of databases has immense potential for spreading and generating knowledge and increasing the scope and efficiency of healthcare.

The government aims to have created an NHS Direct national patient database by summer 2004, which will enable healthcare professionals to handle calls from different parts of the country.

More specialist databases are also being set up, such as a database for bone marrow donors, which will provide a life-saving resource for people in need.

The UK Biobank is also being established, which is a database detailing the genotype, lifestyle and environmental exposures of up to half a million people, which will help researchers uncover what contribution these factors make to common disorders.

But there are understandable concerns regarding the ownership and confidentiality of such information. What if, for example, insurance companies or employers were able to access someone's genetic information?

The government has promised to ensure that the regulatory framework around genetics and health continues to anticipate and address public concerns.

In the case of the Biobank, only anonymised genetic information and clinical data will be released to third parties and information from the NHS Direct database cannot be disclosed to third parties without patient consent.

However, the Data Protection Act contains exemptions which allow the police to gain access to personal data to prevent or detect crime, or to apprehend or prosecute offenders. The police can access research samples by means of a search warrant and genetic research databases cannot guarantee personal information will not be divulged to the police or other law enforcement agencies.

Last year, a Privacy International survey of human rights in 53 countries revealed a widespread watering down of data protection. The UK was singled out for its "pathology of antagonism towards privacy".

If we are to collect and use information with a view to a socially and scientifically progressive end, it is imperative that we also set and enforce the limits of our activities with transparency and care.

What do you think?

Do you think the boundaries of data protection should be strengthened?  Tell us in an e-mail >> reserves the right to edit and publish answers on the website. Please state if your answer is not for publication.

Ian Gibson MP is chair of the House of Commons Science and Technology Select Committee

Read more on IT strategy