DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

UK: Patient data-sharing may not take account of anonymisation concerns

Posted on December 9, 2011 by Dissent

Earlier this week the Government announced proposals (40-page / 2.1MB PDF) to change the NHS Constitution so that information stored about patients would be automatically shared with life sciences researchers via a new anonymised database unless patients elect for their details not to be included.

While welcomed by the life sciences industry as a boost to research, the proposals raised concerns about the use of patient data.

[…]

“Let me be clear, this does not threaten privacy, it doesn’t mean anyone can look at your health records, but it does mean using anonymous data to make new medical breakthroughs,” Cameron said in a speech detailing the Government’s plans, according to a report by the BBC.

Mr. Cameron may firmly believe that, but studies on re-identifying supposedly “anonymized” data make it clear that data are often not as “anonymized” as one might think or home when the data are combined with other data often readily available in public databases.

The article also quotes Paul Ohm, who has been instrumental of increasing awareness about the risks of relying on “anonymization:”

Academic Paul Ohm, Associate Professor at University of Colorado Law School, told Out-Law.com in 2009 that research had shown that it is possible to use anonymised data to identify individuals. He said at the time that misplaced trust in anonymisation had been enshrined in privacy legislation.

“Virtually every privacy law allows you to escape the strictures and requirements of the privacy law completely once you’ve anonymised your data,” he said. “Every policy maker who has ever encountered a privacy law, and that’s in every country on earth, will need to re-examine the core assumptions they made when they wrote that law.”

Ohm said at the time that, in some fields of research such as health, it would be possible to open up much more data than is currently permitted as long as access to the information was controlled.

“We can’t trust technology any more but at the same time we don’t want to keep this information from researchers. So my solution is that we shift our trust from the technology to the people,” he said. “We write down the rules of trust among health researchers … [we say] you can get my data but only on a need to know basis,” he said.

Read more on Out-Law.com

Part of determining trustworthiness of a research clearly needs to be assessing their security and privacy protections, as the researcher may be professionally trustworthy, but if they outsource their database security to another party, well….

Category: Uncategorized

Post navigation

← Breaches without details (updated)
Huge amount of email accounts from past 24hrs →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.