The protection of personal data has been back in the news in the UK over the last month due to the government bungling plans to make anonymized NHS patient data available for research. The scheme gives NHS patients the option to opt-out of sharing their data: why? NHS care in the UK is mostly provided free at the point of delivery funded by general taxation (and/or government borrowing), so why should we not all give something back for the greater good, if the government can provide the necessary reassurances?
Anyway, who would be interested in our health records, other those researching better healthcare? Providers of healthcare insurance and life assurance maybe; but we have to disclose even quite mild problems to them to make sure policies are valid. And imagine the damage to the reputation of an insurance provider that was exposed as having misused healthcare records – Is it worth their risk? Celebrities and politicians may have a case; in some cases their health history may make interesting headlines. Perhaps they should consider paying the private sector to deal with embarrassing issues?
It is worth asking why any given data set is of interest to people who would put it to unauthorized and nefarious use. Payment card details hacked by cyber-thieves are pretty obvious, they can be readily monetized. Identity data and account access credentials are worth having, and in some cases they can be used to gain direct access to our financial assets or be used to dupe us or others into given enough extra information to gain that access. When it comes to personal data (not to be muddled with intellectual property), unless a cybercriminal can see a way to monetize it, then it is of little interest, so that ultimately the main target will be payment information.
Hacktivists may see opportunities for bribery in health records, but this is a tricky and highly illegal business for the potential perpetrator, and most of us would be of little interest to them anyway. Journalists may seek out headlines, but again this does not apply to most of us. The phone hacking scandal that bought down the News of the World and is currently making its way through the UK courts is a case in point. The targets were nearly all celebrities who had failed to take the simple step of password protecting their voicemail. That is not to condone anything illegal, but just to point out how easy it would have been to prevent (for example, automating the setting up of voicemail passkeys during initial device set up). One feels most sympathy for the victims of crime whose phones were hacked, who had become of interest to the press more or less overnight.
In the IT industry there is much talk about Big Data and all the benefits it can provide. Big Data processing needs access to big data sets, and for pharmaceutical and healthcare research that means patient data. The NHS has one of the largest such data sets in the world, and it has tremendous potential value if handled in the right way. The government needs to do a better job of getting its case across, but its motives are good. Those protesting about the use of anonymised NHS data need to better explain why this valuable resource should be wasted when it can be used for the benefit of all.