Tag Archives: data security

Murphy’s Law and the NHS Spine

I am very conflicted about the NHS spine.  This is (will be) the computer system whereby all patient records are stored in a single system and available to any appropriate NHS worker in the UK.

As a cynical IT professional, I laugh in the face of quotes like this:

The NHS Care Records Service uses the strongest national and international security measures available for storing and handling your information.

Ha ha!  I chortle. Tee hee.

I am sure they do use the strongest etc, etc.  But let’s face it, it’s going to leak like a sieve. Health service staff are not particularly IT savvy. There’s professionalism and an awareness of patient confidentiality on the one hand, and there’s keeping your notes on a USB stick and having your handbag nicked on the other.  There’s IT policy mentioned in your induction day, and there’s using someone else’s log on because yours isn’t yet activated and the patient’s going to die (or the Daily Mail will dance with glee) if you make the wrong decision in the next 3 minutes.

One Nation under CCTV - Banksy, photograph by unusualimage

One Nation under CCTV – Banksy, photograph by unusualimage

But a far greater worry is the scope creep that surrounds any government technology. Of course they shouldn’t use our medical records to vet public sector job applications.  Of course they shouldn’t create an MRB check like a CRB check to ensure that people with – I dunno – chronic mental illness don’t get jobs as clowns (all that working with children and animals…)  Of course they shouldn’t let the anti-terrorist bunch trawl through to find whatever it is they look for these days.  Of course they shouldn’t. And of course they will.

So Ha ha! I say again.


A lack of joined-up medical record-keeping kills.  I don’t have the stats, I don’t even know what audited stats exist, but hospital medics of my acquaintance assure me that a lack of vital and timely medical histories is a killer. And you only have to talk to anyone with a chronic condition to glimpse the exhausting grimness of having to explain their history to whoever it is they’ve landed in front of this time.

So… do I allow this privileged position to ease me out of the data danger zone? I am relatively healthy and check No, No, No, No on life insurance forms. Not being on the database won’t kill me. If I turn up in A&E what they see is what they have to deal with because there’s nothing nasty in my medical history.  And I am very well aware of how hard security is to achieve (I’m an IT worker in the financial sector). And I am old enough and cynical enough to know that if great big databases are there, they will be used by self-serving governments. Do I opt out at no risk to myself because Big Data is Evil and Should Not Be Encouraged?

Or should I support the health service’s laudable attempt to save lives not to mention reducing wear and tear on the patients’ patience, even though that will only encourage Big Government?  It’s a nice gesture, and with my nice clean bill of health when the CID looking for a sex killer search through the database for local nutters prescribed nonutterherein there is minimal risk to precious me.

What would Pastor Neimueller do?

What would he wish he had done?

I find this a tough ethical call.

No more secretaries – no more secrets?

The UK government is stepping up the stakes and increasing its own accountability for lost data so maybe the boring, detailed and tedious work of data security will attract a bit more glory and attention-to-detail.  But I doubt it.  It is house-keeping, and there ain’t no glory there.  

In the good-old bad-old days before the PC, Secretaries took care of their boss’s information for them. (Hush, little children.  There was such a time.  Mummy and Daddy were there).  When Reggie Perrin said “take a letter Joan” because he had a mind above typing, Joan did all the boring, detailed and tedious stuff like keeping track of information and who had access to which filing cabinet.  Imagine Joan needed to distribute an org chart.  She’d type it up,  get the key to the photocopy room from the MD’s secretary, log the number of copies in the photocopy book, and walk round the building and pin them on the notice boards.  She’d also get instant feedback on the new structure for Reggie, not to mention some interesting gossip and a couple of slices of cake.

But there’s really no cheap and elegent way to automate updating information so – still going with the org chart theme – in a large business these are stored all over the place: on dozens or scores of intranet sites, in any number of induction and orientation and planning packs, scattered through email boxes and shared drives.  And those are just the electronic ones – never mind the ones that individuals have printed out and put up on notice boards and cubicle walls.  

Its not just keeping track of information like org charts.  It’s not just the just the challenge of laptops and usb sticks and CDs.  It’s secure internet sites.  It’s keeping track of who’s allowed access to what internal systems, or the applications used and the support that’s available, or whether the temp who finished his contract with HR and came back to work for Goods Inwards still has access to HR’s shared drives?

The Business think of this as an IT problem, but IT don’t know what individuals should be prevented from doing, so they say it’s a Business problem.  And the Business are too busy doing their day job selling widgets to care.  And data is now so friction free it’s no wonder it keeps on sliding out of control.

This isn’t the Daily Mail.  I’m not saying “bring back the secretary”.  Legislation is the only way.  The speed of business is so great and data security so complex, that organisations won’t do it for themselves.  

Joan retired long ago.  David’s growing organic cress on the Isle of Arran.  Super.  But Tony is European Strategic Development Director of an IT consultancy with a contract with the government.  Sure, he’s got a PA but he shares her with the rest of the Leaderhip Team and she says “oh I’m not technical” when IT Services call.  He’s a high powered business-orientated guy who’s always on.  

So Tony’s sitting there using an unsecured laptop on Starbucks’ wifi while someone nicks the Blackberry from his jacket slung over his chair.  


Now you CD it, now you don’t

Bank Account DataIt is good to see that Paul Gray resigned from his position as chairman of Revenue and Customs. (It was even better to see Alistair Darling squirm, but that was a more vindictive delight). I’m wary of gratuitous scape-goating with this business of the CDs that have gone missing containing the details of 25m people and 13m bank accounts. However, whatever way I look at it I come back to the thought that there are two ways to secure data, and both start right to the top.

The first way to secure data is physical: you make it physically impossible for your staff to export data. You install PCs without CD drives and disable the CD drives on the PCs which have them. While you are at it you disable the USB ports and impose limits on sending emails with attachments. You place limits on the changes that most people can make to their PCs, and provide them with a help desk and an audited order process to use when they want to do something outwith their permissions. None of this is hard and none of it is particularly expensive, though all of it makes things inconvenient for your staff. Not as inconvenient as having to clear up the mess when the details of 13,000,000 bank accounts get into the wrong hands, of course, particularly when the banks turn sulky and say “we’ve done nothing wrong and we aren’t paying for your mistake Mr Darling”. The banks have every right to be irritated since they do make sure that it is very hard for any member of their staff to steal data. This approach does require that those at the top take security seriously and ensure that adequate security policies are written and that the technology is configured to support those policies. Not rocket science, more a question of those at the top prioritising security, employing competent staff and saying “Make it so”.

The second way to secure data is through cultural norms. You make it impossible for someone to think it’s ok to copy personal data on to CDs and bung them in the post. Likewise you make it impossible for someone to think it’s ok to use real data as test data for new systems, or to dispose of confidential waste other than by shredding it, or to walk away from their desk without activating a password controlled screensaver, or to write passwords on post-it notes, or to look up someone’s personal data without a valid reason, or to leave a laptop in a car or an unlocked cupboard. You make it socially acceptable for someone to say “no, I’m sorry, I’m not swiping you in to the building with my card” or “no, you can’t use my account if you’ve forgotten your password”. This sort of security-focused culture is hard to create where it does not exist already, but it is relatively easy to maintain. The code-breaking at Bletchley Park remained a secret until the 1970s despite the fact that over 10,000 people worked there. A culture of treating data security responsibly is, without a shadow of doubt, down to the leaders to create, take seriously, pay for and maintain.

Slackness about data appears to be endemic at HMRC, which is the point that I am making. According to the Guardian “The chancellor explained that in September the records of 15,000 Standard Life customers had been lost in transit from HMRC offices in Newcastle; in the same month a laptop and other materials were also lost.” The article also mentions 41 missing laptops.

So no matter how I slice and dice this one, I cannot let Gordie off the hook. HMRC was his bailiwick before it was Darling’s. This is the government who’s attitude to security was sufficiently cavalier for the personal details including names, addresses, religious beliefs and sexual orientation of tens of thousand of doctors to be posted unsecured on the internet. This is the government who wants to put you full medical history on the NHS spine. This is the government who want to impose ID cards on us all.

Data is incredibly powerful when it gets into the wrong hands.

The problem is, it’s already in the wrong hands.