NHS Summary Care record

Dear Dr W.

I’ve just had two leaflets from DoH about “Care record guarantee” and “Your health information”.

I said to you when you first took me on a a patient I do not consent to my health record, or indeed any of my personal data, being uploaded to a central NHS system. My work with computer scientists and lawyers leaves me in no doubt this is an ill-conceived project doomed to security breaches. I also understand that making my personal data in this way accessible to people who have no direct role in my care is under applicable European law illegal without my explicit and informed consent.

For the avoidance of any doubt: I do not give my consent. Nor does my partner give consent for the uploading of her pesonal data, and we do not give consent for the uploading of our daughter’spersonal data.

We regard our health records as safe in our GPs hands, and shared in confidence with you and beyond that only with NHS medical staff directly concerned with our care.

We look forward to making best possible use of electronic patient records when the NHS supports properly designed patient-centric records.

I’d be grateful if you could confirm again that our records have not been and wont be uploaded.

The start point was Sabrina, a vibrant single Mum in Croydon. Mydex asked what she thought her personal data was worth to others; she thought maybe a pound? No – less than that: 50p? As we explored it further and the scale of what was happening with her personal data dawned on her she was horrified: “I’ve given it away, and it’s just spreading out there…like an STD!!”

The Mydex research suggests most people believe their personal data has only modest financial value. At the same time, most are somewhere between depressed and in denial about about what happens to it.

To me the issue isn’t about identity. It’s about dignity, power, control and value – specifically the value of personal data and who should benefit from it. The future which Ctrl-Shift is researching and advising on, and which Mydex is working flat out to help create is one where people use new personal data tools to manage and control their personal data to a far greater extent than is possible today (see VRM). They can have it independently verified or authenticated, and can share it under their control.

We call this “volunteered personal information”. Ctrl-Shift estimates flows of such data will overtake display advertising by value within seven years and and by 2020 earn ten times what Google does today (all estimates UK only).

This isn’t just about “identity”. Nor is it about “consumers”. As individuals we may consume food or energy, but we don’t consume fitness or education, we don’t consume when we manage our lives, make decisions, give permissions or help each other. As we take control of our lives and recast our relationship with the state (as the new UK Coalition believes we should) we will increasingly need control over our personal data. We might use Facebook, Google, Amazon or the Royal Bank of Scotland along the way. But we’d be ill-advised to give them control.

It takes a change in mindset to recognise and accept the individual as the only feasible and logical point of integration for the exponentially growing quantities of personal data we need to manage our lives. But once you do, you see immense advantages. We know ourselves better than outside organisations can. We can account for our own peculiarities (and then again, we may choose not to). We know our own intentions in ways external organisations cannot. We operate closest to the deeper beliefs and principles that really drive us.

There are a number of types of concern are coming to a head around this issue. One set is the diminishing returns on CRM. Another is low and diminishing responses and increasing opt-outs from direct marketing. There are a swathe of issues connected with the ineffective, expensive and intrusive “Database State” set of public-service and law-enforcement policies on health, education, transport, census and welfare.

We’ve poured too much money down the drain already, and now the government is broke. Meanwhile householders spend one and a half weeks a year (IIRC – I seem to have lost the original reference for this; think it was Consumer Focus) dealing with customer services, sorting out details and changes.

It’s a win-win-win for people, business and public services if people regain control of their personal data and can do more to manage their relationships online in a structured and scalable way. It’s every bit as important as the open/public data agenda. That’s why I’m a founder, investor and non-exec in two new enterprises:

- the research and advisory firm Ctrl-Shift, with Liz Brandt, Alan Mitchell and Paul Smith which has already worked on personal portable education records, personalisation for business services or fashio retail, and the rise and value of “volunteered personal information” and

- Mydex Community Interest Company with Iain Henderson, Alan Mitchell, David Alexander and others which has a personal data store which lets users invoke external authentication/verification and then do selective disclosure with other people and organisations.

When people are kitted out in this way, with Mydex-based or similar tools, and organisations can start to rely on authorised feeds of information from individuals there will be first immense reduction in administrative hassle and then a far larger release of entrepreneurial value. This creates new roles for identification, authentication and verification services which will compete on efficacy, design, ease of use and cost. Above all it creates a platform on which people can build new added-value “fourth-party” service providers on the side of the individual.

We had a great discussion. Some points: it’s not about ownership of data; it’s about rights and what you can do with the personal data. It isn’t about privacy (or rather there’s a limit to how far you can get by framing this as about privacy). If you say it’s about protecting value then a whole load of extra people start to understand. But beyond that it’s about dignity, control and power. At that stage you stir up a deeper sort of reaction.

Not for nothing is the WEF looking at this issue very carefully with a view to including it in the next Davos agenda. None of us yet knows whether this is in a supportive or rather more lixed light. And even as we meet the Bilderberg group is trying to get its head around issues of cybertech. But to judge by the Bilderberg guest list I very much doubt their conversation on this area was a fraction as well informed as ours in London SW1. Kim Cameron was in our group: ’nuff said.

We will explore how to give citizens direct access to the data held on them by public agencies, so that people can use and control their own personal data in their interaction with service providers.” Labour Party Manifesto, 12 April 2010

And then on Tuesday we had

“Wherever possible, we believe that personal data should be controlled by individual citizens themselves.” Conservative Party Manifesto, 13 April 2010

I feel emotionally drained. These potent sentences are the result of so much work by so many people in the US and over here, going back at least 11 years.

Does this really provide a basis of political commitment to start to get online relationships right at last? Or are they just words?

I hope and believe that they herald the huge task of starting to equip individuals with the tools to realise the value of their own data, to “give them their data back” and then as far as possible of going forward on a fully permissioned basis with the individual’s consent. This manageable technical step has vast cultural, legal and economic implications. It heralds online relationships in which personal data of individuals is no longer abused and taken for granted. It would allow the Internet (which Doc Searls memorably describes as “too young to drink”) to grow up into being as a platform for mature and mutually respectful interaction.

I hope that my own participation in this journey will be rightly guided. It’s based in two fast-growing new businesses: Mydex CIC, a social enterprise which develops tools to make this possible, and Ctrl-Shift Ltd which provides large organisations with research and advice about how to work most effectively with empowered customers. Let’s see how this plays out. But we’re all involved in this; it affects everyone. So if you’re interested too, do stay in touch.

targeted, strategic action by government…to bring super-fast connections to households and businesses to every corner of the country

Of course we want better broadband in our village. But – hang on – we didn’t have any power here for last two days, and so no heating. The trains aren’t running. The road isn’t gritted; only tractors and 4×4s cab make it through. The country isn’t fit for weird weather.

And even when the snow clears, the nearest school won’t take children from our side of the parish boundary (and is overcrowded anyway). You’d have to go miles and miles to find a state school place, or an NHS dentist. And the country’s broke: massively in debt. It makes you yearn for “back to basics”.

MIAP was rated “amber” in the JRRT “Database State” report, meaning it has significant problems and may be unlawful under European human rights or data protection law.

The MIAP web site has a link called Privacy & copyright which would seem the place to find out what MIAP thinks it’s doing about our privacy and who owns our personal data. But no – the link is only about the privacy of the MIAP web site. Who cares about the web site (which contacts no personal data)? It’s MIAP itself we’re worrined about.

Happily, there’s a link to a help desk info@lsc.gov.uk. So I mail them:

Sent: 08 October 2009 12:41
To: info@lsc.gov.uk
Subject: MIAP privacy policy

The MIAP web site has a page called privacy policy which says “The MIAP website, with the exception of registration for the newsletter, does not capture or store personal information.”

But where does it tell us about the privacy policy of the MIAP database itself? What data does it carry, and with whom does it share learners’ personal details?

They reply from an address called lsc@bss.org:

Dear William,

Thank you for contacting the Learning and Skills Council Helpdesk (LSC).

We are the General Helpdesk for the LSC.

In regards to your enquiry you would need to contact the dedicated team for MIAP directly who would be able to assist you further.

You may contact them here: Email: lrssupport@miap.gov.uk or Telephone: 0845 602 2589

If you require any further information please e-mail us again at info@lsc.gov.uk or call our helpline on 0870 900 6800 Monday-Friday 8am-7pm.

Thank you for your enquiry

Regards

LSC Helpdesk

For further information please visit our website at:
www.lsc.gov.u

They’re meant to be a help desk. This is the address given for help on the web site. WTF is bss.org? Answer: “one of the UK’s leading providers of outsourced multi-channel contact centre, fulfilment and mailing services. We provide the vital link between our clients and their customers.” It sounds like a business, but claims to be a charity “accredited under ISO 9001:2000 Accreditation, the Customer Contact Association (CCA) process, the Direct Marketing Association (DMA) Code of Conduct and Response Management Commitment Scheme as well as Response Management Specialist accreditation.” Cool. But why dont they just help, instead of fobbing me off?

Anyway, I email the dedicated MIAP team. Their reply is even more bizarre. It comes from someone called OS Service Management, who appears to work for Logica. And they seem to treat me as an Incident:

From: OS Service Management
Date: 9 October 2009 11:59:29 BST
Subject: Incident INC000000326125 has been Assigned.
Reply-To: OS Service Management

Dear William Heath,

Your Incident INC000000326125 has been Assigned.

Details:-
Incident: INC000000326125
Priority: Medium
Summary: MIAP privacy policy

It has been assigned with a priority of Medium in accordance with the service levels. If you have any information or questions please contact your Service Desk. It would be helpful if you could quote the reference number.

Thank you.
—————————

WTF??? We pay tax to set up public services. My kids’ details are forced into a database which, it seems, may be illegal. When I try to ask about it, it’s like dealing with a series of demented robots working for weird organisations. I get fobbed off and assigned code numbers. Bring back John Major’s Citizens’ Charter, name badges, cones hotline and all. Get your greedy mittens off my tax. And get your greedy mittens off my data.

Let’s see what happens next.

“We have pulled it because we believe it’s the right thing to do. Our customers’ views are important to us”

Indeed it is, and indeed they are. Next: stop stocking “West Bank” produce grown on illegally-settled farms for the same reasons.

Dear Helen Bray

Thank you for your letter. I’m still uneasy about this and have sought advice.

The immediate advice is that that your letter is disingenuous, in that it refers to the duty of confidentiality but fails to mention the extensive loopholes available in the Statistics & Registration Service Act 2007. I was unaware of these. I’m sure you know them well; they are set out in s.39 copied below.

What they appear to say is that personally-identifiable census data can be made available, inter alia:

- if *any* law either expressly allows the disclosure, or even just *permits* it. This is extremely wide: there is no balancing of the privacy rights of the individual against whatever purpose any law may serve, and no requirement that the disclosure is “necessary” to serve an important public interest under such a law.

- if the disclosure is “made for the purposes of a criminal investigation or criminal proceedings (whether or not in the United Kingdom)”. This is separate from the previous exemption, so the police (and, no doubt others – HMRC? DWP? local authorities) dont even need a law to point to in relying on this exemption. Again there is no balancing at all: the disclosure need not be “necessary” for the investigation; it is enough that (the authority claims that) the data are to be used/useable for this purpose.

- if the disclosure is to the intelligence services, “in the interests of national security” (again, as defined by them, and without any “necessity” test).

- if the disclosure is to an “approved researcher” (subject to “criteria” to be drawn up by the board). Who are these people?

These rules do not seem to stand in the way of – indeed, almost seem to invite – the use of the census data for “profiling” purposes, by the police and the intelligence services.

I cannot see how surrendering the amount of sensitive data you will ask for in the census can be compatible with my right under European data protection law and the human rights act to private life, given these wide exemptions to your duty to confidentiality. I shall seek further advice on the matter but would glad of your comments.

Do you think the public are aware of these massive confidentiality loopholes? Will you make them aware, or is the plan simply to keep quiet about them (which seems to be the policy your letter to me follows) until someone makes a fuss?

I am copying this correspondence to the Foundation for Information Policy Research advisory council (to whom I’m grateful for expert advice) to the Open Rights Group, to a solicitor specialised in data protection matters and to the Quaker Civil Liberties Network (who raised the original concern about census work being outsourced to a weapons manufacturer). I propose to write to my MP and to the Information Commissioner when I have your further reaction and have received further advice.

WH

SECTION 39 OF THE STATISTICS & REGISTRATION SERVICE ACT 2007:
Confidentiality of personal information
(1) Subject to this section, personal information held by the Board in relation to the exercise of any of its functions must not be disclosed by—
(a) any member or employee of the Board,
(b) a member of any committee of the Board, or
(c) any other person who has received it directly or indirectly from the Board.
(2) In this Part “personal information” means information which relates to and identifies a particular person (including a body corporate); but it does not include information about the internal administrative arrangements of the Board (whether relating to its members, employees or other persons).
(3) For the purposes of subsection (2) information identifies a particular person if the identity of that person—
(a) is specified in the information,
(b) can be deduced from the information, or
(c) can be deduced from the information taken together with any other published information.
(4) Subsection (1) does not apply to a disclosure which—
(a) is required or permitted by any enactment,
(b) is required by a Community obligation,
(c) is necessary for the purpose of enabling or assisting the Board to exercise any of its functions,
(d) has already lawfully been made available to the public,
(e) is made in pursuance of an order of a court,
(f) is made for the purposes of a criminal investigation or criminal proceedings (whether or not in the United Kingdom),
(g) is made, in the interests of national security, to an Intelligence Service,
(h) is made with the consent of the person to whom it relates, or
(i) is made to an approved researcher.

Man, ONS appears for decades to have been the best government department at respecting the privacy of personal data. Now every department is data-grabbing and data sharing (not to mention losing it left right and centre) and ONS’ principles, enshrined in the latest law, are looking pretty flaky. Too flaky to trust, I’d say. Let’s see what Helen comes back with.

But once we lose trust in parts of government to deal wisely with our data (and who trusts Home Office, HMRC, the NHS, DCSF or the police now? Cabinet Office and CESG’s stewardship of this agenda in the last 15 years is disastrous) I suspect we just lose trust with the whole lot. If they want my trust back they’re going to have to earn it pretty much starting from scratch.

Please find enclosed a cheque for £300.00 in full and final settlement of your claim. Yours sincerely

Orange UK Legal Department

No signature, not even on the cheque which has a mutli-coloured bubbly stamp. No apology, of course. I reserve my right to continue to grumble. But on a more positive note:

- the new Nokia E75 works fine, goes on the web, and tethers. I just need to spend a moment working out how to do the things to make it “mine”. And
- Mydex and other services like it will tackle this false ID problem and put customers back in control. So I feel affirmed and encouraged in what we’re doing. One day Orange will get round to using it before giving out phones and contracts willy-nilly.

It excludes location data, but has all the contractual and customer-service data for my real account, and also the phoney account impersonated in my name. It must be some 800 pages. The phoney signature is clearly fake to me, but might fool a shop assistant. There’s a worrying note that “customer says he hasn’t had anything stolen” which I don’t recall saying. But perhaps when first asked I didnt immediately recall having lost a wallet.

Cancel the iPhone. My reasoning is:

- Orange didn’t initiate this whole saga
- they’re been ripped off by persons unknown
- my grief came from intransigence and poor procedures, not malevolence
- their last-chance-saloon people, when I rang to leave and get my O2 iPhone, were human and apologetic
- they offered £15/month for 18 months for unlimited data
- the legal people have offered £300 and confirmation my credit reputation will not be affected
- Orange offers half-decent coverage where I live; the rest are quarter-decent

Nothing says other service-providers’ customer service is any better. Meanwhile Apple extract maximum rent for iPhones, and are unco-operative about Google apps.

It occurs to me that if I were Orange I might find me-as-customer a bit irritating.

So, onwards and upwards with new E75 on new contract.

If any data-protection obsessive want to go through a massive subject access request result I’m more than happy to share it. In the middle of the whole pile I found my £10 cheque, returned uncashed. This process works, and lets you see both sides of the story. Wdn’t it be better if (Wibbi) it were an easy, automated routine? Roll on VRM, VPI and Mydex….