WRITTEN ON December 15th, 2007 BY William Heath AND STORED IN Data nitwittery, Foundation of Trust, What do we want?
Most of us now – post HMRC – don’t trust government to store our private data, says Mori research for Symantec (reported in the ZDNet):
A survey of 1,000 members of the public, which was sponsored by Symantec and conducted by IPSOS Mori, found 62 percent of respondents felt that their personal data being held by government departments was at risk. The survey was conducted in the aftermath of the data breach.
. This adds to the risk of social rejection of systems which may be seen as unnecessarily intrusive and needlessly dangerous. Even if they work, we may not take kindly to the ID System, “Connecting for Health” centralised health records, ITSO-standard travel passes and Oystercards, ContactPoint and eCAF.
Government has a long haul on its hands to win trust back, but these systems are going forwards apace. What will government have to do to regain trust? Maybe
- listen (including to critical friends, and show it is listening properly, and not telling focus groups what to think)
- show some humility
- behave as if you care about evidence and outcomes (and the easiest way is actually to care)
- stop (as Ross Anderson and FIPR have said for years) this CESG-approved “security through obscurity”, approach and start being open and transparent about risks and safety measures
- use privacy impact assessments; implement a principle of maximal anonymity and privacy-enhancing technologies
- go through a period with no cock-ups or data leaks. Ideally this would be a lifetime; failing that an electoral cycle. In reality the very minimum we need is three years, and given the systemic, near-universal cultural problem that’s a lot to ask.
Essentially it’s a good thing for people not to trust government (with private details or with anything else) unless and until government shows it has earned that trust. This is a pain for government and not a welcome message. People don’t like it when you put this to them, indeed they reject it and get cross. But that is, I fear, the way it is. The lesson of the Symantec research is that we’re now at the correct starting point for doing this properly. It just took us a long time to get here because we’re a naive and trusting lot.
6 Responses to “We now don’t trust government with our private details.”
In health and social care the time is rapidly approaching for the growth of personal health records. There are many issues with this approach. But it gets one thing right – it puts the data subject in control of their own data.
Actually I am amazed that it’s only 62% of people who think that their personal data being held by government departments is at risk. That suggests that, despite every family with children under 16 being affected, there’s a good number of people who haven’t taken in what’s happened at HMRC (and elsewhere).
Now a new contender for the private sector data mis-management award
http://newsvote.bbc.co.uk/1/hi/business/7147704.stm
2007 is shaping up to be quite a year
Perhaps there should be a ” ceremony “
Right on ! You can’t trust Government but neither can you trust hospitals and doctors offices with your personal health information.
I would like to make you aware of the
http://www.HeatlhRecordRegistry.com
This is the ONLY system where a personal health record is absolutely, totally secure.
The HealthRecordRegistry.com service is based on the Scandinavian regulations for the protection of personal information, the strictest in the world. The software has been developed here in the United States.
All the information is de-personalized. That means that no connection can be made between a personal health record and the person whose record it is.
There is no name, no address, no telephone number, social security number or any other information that can tie the record to an individual. The record is absolutely, totally secured.
Access to the personal health record over the Internet is with a 10 digit alpha-numeric code that a person who registers receives from us through the U.S. mail.
This is just a few central details about the
http://www.HealthRecordRegistry.com service.
Have a look to see how it functions, including
how emergency personnel can use it.
S. Erik Skoug
Right on, S Erik Skoug. Altho your comment is something of a commercial I’ve approved it because it’s on-topic and interesting. [Where is NH? Is that international standard notation for "not Hambledon", ie somewhere in the rest of the world?]
I’ve looked at this health record registry thingy. It seems quite sensible. Well, a load more sensible than the UK’s Connecting for Health anyway.
It costs 20 US&A dollars to register and 10 US&A dollars a year. This is sod all for those paying in a hard currency such as UK sterling (unless you pay via PayPal which exists in an ecstatic parallel universe of exchange rates based on a non-imploding dollar).
So on this basis we could have person-centric health records for 50m people in the UK for UKL500m up front and UKL250m/year. Perhaps S. Erik Skoug can do us a bulk discount?
Most of our index details are now public domain anyway, floating around on disks in NH places like Swansea and Iowa.
I also don’t believe in my government!!! They only follow their own goals not the people goals