Tuesday, 19 October 2010

Another Ministerial Data Breach?

Most of us know what it’s like when we are asked to provide advice on reducing the likelihood of data breaches. “Encrypt your electronic files”, we say. And “always take proper care of your paper files too. After all, the Information Commissioner’s Office is pretty hot on data breaches these days. Just take a look at the Commissioner’s latest press release, which castigates a doctor at North West London Hospitals NHS Trust who left medical information about 56 patients on the tube in May of this year.

Apparently, the doctor printed out personal and diagnostic information about patients to use in audit work, undertaken at home outside normal working hours. Shortly after leaving the tube station, the doctor realised the information had been left on the train and returned to inform the station supervisor. The documents were subsequently found by London Transport at the train’s termination point, and were retrieved by the doctor. There is no indication that anyone had accessed these highly confidential and sensitive papers, detailing people’s medical history, while they were left unattended on the train.

However, the Commissioner has still managed to get the Chief Executive of The North West London Hospitals NHS Trust to sign a formal undertaking outlining that the organisation will ensure that personal data is processed in accordance with the Data Protection Act. In particular the Trust has agreed to adopt pseudonymisation techniques, meaning that personal details like patient’s names, will not be contained in print outs.

Nice one.

But, what does the image above show? It's copied from today’s on-line edition of The Daily Telegraph – and is a photograph of Danny Alexander, the Chief Secretary to the Treasury, being driven into Whitehall with an open copy of the Comprehensive Spending Review on his lap.

This is the review that is supposed to be unveiled before Parliament tomorrow. The parliamentarians will be mightily miffed that photographers have been able to snap away at some of the confidential details before they were made known to them. We’re not supposed to know until tomorrow that there is to be a reduction in public sector workforce numbers of 490,000 by 2014-2015. In accorfdance with Parliamnary tradition, our Parliamentary lords and mastters are supposed to be told before we, the great unwashed.

Will Danny Alexander be among those who will lose his job over this gaffe? I think that’s unlikely – after all, he is, as The Telegraph helpfully reminds us, “just the latest minister to be caught out by photographers carrying documents in Whitehall.

The Housing Minister Caroline Flint revealed forecasts of a 10 per cent plunge in property prices when she carried confidential briefing papers into Downing Street in a clear plastic folder in May 2008.

In 2009, the Met Assistant Commissioner Bob Quick had to resign after displaying secret notes that led to a suspected Al-Qaeda operation being brought forward."

I do hope David Cameron reads that lot the riot act at the beginning of the next Cabinet meeting. If Christopher Graham can get the Chief Executive of The North West London Hospitals NHS Trust to sign a formal undertaking when the personal details of 56 people were not seen by anyone other than the people who were actually supposed to see them, then surely the Prime Minister can provide us all with a formal undertaking that the Government will do its best to protect the plans that will siginficantly affect the livelihoods of half a million people.

It’s a pity the document didn’t name them all. The ICO would have had a field day, then!

Who needs to worry about cybercriminals when we let Ministers be driven around in cars reading confidential paper documents? And if Ministers can't be bothered to feel accountable for breaches of this nature, then why should Chief Executives consider signing undertakings for lesser mishaps?