Government Data Sharing

Cabinet Minister Francis Maude has recently unveiled his initiative to increase the ability for Government departments to share public data.

The plans, if passed, will make it easier for government and public sector organisations to share confidential public information. The plans will also make it possible to license the sharing of data where it is currently prohibited, subject to privacy safe guards.

According to the ICO, data sharing is currently seen as the disclosure of data from one or more organisations to a third party organisation or organisations, or the sharing of data between different parts of a single organisation, which can take many forms.

The initiative proposes to put in place  fixed guidelines which look set to aide good practice – enabling organisations to collect and share personal data in a way that is fair, transparent and in-line with the expectations of those whose information they are sharing.

Data sharing has been discussed in detail since 2007, with Tony Blair proposing amendments to the Data Protection Act to allow greater data sharing between departments within the government – but this was met by opposition from those who stated that this would affect data privacy.

Government departments, if they choose to data share, need to have a secure and reliable system in place with which to store sensitive information. Through removing the manual files and replacing the process with a secure, electronic system data protection is adhered to, and only those who are privy to reviewing certain information have access to it securely. This reduces the likelihood of sensitive information being lost, stolen or falling into the hands of those who should not have access to it.

We would be naive to believe that data sharing currently does not exist – what should be concerning is the way in which this sharing may occur. With many files being paper, surely the manual processes associated with sharing the information should be cause for alarm?

NHS Trust fined £90,000 for serious data breach

A recent news story has highlighted how a Central London Community Healthcare (CLCH) NHS Trust has been fined £90,000 after a serious breach of the Data Protection Act.

The breach occurred in March 2011, following on from patient lists being faxed to the wrong recipient, around 45 faxes over a three month period. The lists had contained sensitive personal data relating to 59 individuals.

An investigation from the ICO into the data breach found that neither member of staff involved with the breach had received data protection training and that the organisation did not have adequate checks in place when sending information.

The handling of public data has been a popular news topic recently with various government officials being penalised for not providing the necessary care in handling such information. But surely all organisations handling such data should be putting vigorous processes and robust systems in place to manage all corporate information, especially that of a sensitive nature, if not because of the media furore that ensues after a breach is found then certainly for operational reasons?

Through the use – and regular review – of such processes and systems, fines such as those imposed by the ICO can be avoided.

This case has highlighted that organisations are not only failing to protect their clients’ or patients’ data, but are also failing to protect themselves when it comes to the data which they handle and the systems which support them.

By not having a reliable system in place – both in terms of IT infrastructure and internal practises – organisations are letting down their clients, customers and indeed anyone whose information that they hold, and ultimately undermining their own long-term stability.