Reputational risk. Is NHS England playing a game of public confidence?

“By when will NHS England commit to respect the 700,000 objections  [1] to secondary data sharing already logged* but not enacted?” [gathered from objections to secondary uses in the care.data rollout, Feb 2014*]

Until then, can organisations continue to use health data held by HSCIC for secondary purposes, ethically and legally, or are they placing themselves at reputational risk?

If HSCIC continues to share, what harm may it do to public confidence in data sharing in the NHS?

I should have asked this explicitly of the National Information Board (NIB) June 17th board meeting [2], that rode in for the last 3 hours of the two day Digital Health and Care Congress at the King’s Fund.

But I chose to mention it only in passing, since I assumed it is already being worked on and a public communication will follow very soon. I had lots of other constructive things I wanted to hear in the time planned for ‘public discussion’.

Since then it’s been niggling at me that I should have asked more directly, as it dawned on me watching the meeting recording and more importantly when reading the NIB papers [3], it’s not otherwise mentioned. And there was no group discussion anyway.

Mark Davies. Director at UK Department of Health talked in fairly jargon-free language about transparency. [01:00] I could have asked him when we will see more of it in practice?

Importantly, he said on building and sustaining public trust, “if we do not secure public trust in the way that we collect store and use their personal confidential data, then pretty much everything we do today will not be a success.”

So why does the talk of securing trust seem at odds with the reality?

Evidence of Public Voice on Opt Out

Is the lack of action based on uncertainty over what to do?

Mark Davies also said “we have only a sense” and we don’t have “a really solid evidence base” of what the public want. He said, “people feel slightly uncomfortable about data being used for commercial gain.” Which he felt was “awkward” as commercial companies included pharma working for public good.

If he has not done so already, though I am sure he will have, he could read the NHS England own care.data listening feedback. People were strongly against commercial exploitation of data. Many were livid about its use. [see other care.data events] Not ‘slightly uncomfortable.’  And they were able to make a clear distinction between uses by commercial companies they felt in the public interest, such as bona fide pharma research and the differences with consumer market research, even if by the same company.  Risk stratification and commissioning does not need, and should not have according to the Caldicott Review [8], fully identifiable individual level data sharing.

Uses are actually not so hard to differentiate. In fact, it’s exactly what people want. To have the choice to have their data used only for direct care  or to choose to permit sharing between different users, permitting say, bona fide research.  Or at minimum, possible to exclude commercially exploitative uses and reuse. To enable this would enable more data sharing with confidence.

I’d also suggest there is a significant evidence base gathered in the data trust deficit work from the Royal Statistical Society, a poll on privacy for the Joseph Rowntree Foundation, and work done for the ADRN/ESRC. I’m sure he and the NIB are aware of these projects, and Mark Davies said himself more is currently being done with the Nuffield Trust.

Work with almost 3,000 young for the Royal Academy of Engineering people confirmed what those interested in privacy know, but is the opposite of what is often said about young people and privacy – they care and want control:

youngpeople_privacy

NHS England has itself further said it has held ‘over 180’ listening events in 2014 and feedback was consistent with public letters to papers, radio phone-ins and news reports in spring 2014.

Don’t give raw data out, exclude access to commercial companies not working in the public interest, exclude non-bona fide research use and re-use licenses, define the future purposes, improve legal protection including the opt out and provide transparency to trust.

How much more evidence does anyone need to have of public understanding and feeling, or is it simply that NHS England and the DH don’t like the answers given? Listening does not equal heard.

Here’s some of NHS England’s own slides – [4] points included a common demand from the public to give the opt out legal status:

legal

 

Opt out needs legal status

Paul Bate talked about missing pieces of understanding on secondary uses, for [56:00] [3] “Commissioners, researchers, all the different regulators.” He gave an update, which assumed secondary use of data as the norm.

But he missed out any mention of the perceived cost of loss of confidentiality, and loss of confidence since the failure to respect the 9nu4 objections made in the 2014 aborted care.data rollout. That’s not even mentioning that so many did not even recall getting a leaflet, so those 700,00K came from the most informed.

When the public sees their opt out is not respected they lose trust in the whole system of data sharing. Whether for direct care, for use by an NHS organisation, or by any one of the many organisations vying to manage their digital health interaction and interventions. If someone has been told data will not be shared with third parties and it is, why would they trust any other governance will be honoured?

By looking back on the leadership pre- care.data flawed thinking ‘no one who uses a public service should be allowed to opt out of sharing their records, nor can people rely on their record being anonymised’ and its resulting disastrous attempt to rollout without communication and then a second at fair processing, lessons learned should inform future projects. That includes care.data mark 2. This < is simply daft.

You can object and your data will not be extracted and you can make no contribution to society, Mr. Kelsey answered a critic on twitter in 2014 and revealed that his thinking really hasn’t changed very much, even if he has been forced to make concessions. I should have said at #kfdigital15, ignoring what the public wants is not your call to make.

What legal changes will be made that back up the verbal guarantees given since February? If none are forthcoming, then were the statements made to Parliament untrue? 

“people should be able to opt out from having their anonymised data used for the purposes of scientific research.” [Hunt, 2014]

We are yet to see this legal change and to date, the only publicly stated choice is only for identifiable data, not all data for secondary purposes including anonymous, as offered by the Minister in February 2014, and David Cameron in 2010.

If Mark Davies is being honest about how important he feels trust is to data sharing, implementing the objection should be a) prioritised and b) given legal footing.optout_ppt

 

Risks and benefits : need for a new social contract on Data

Simon Denegri recently wrote [5] he believes there are “probably five years to sort out a new social contract on data in the UK.”

I’d suggest less, if high profile data based projects or breaches irreparably damage public trust first, whether in the NHS or consumer world. The public will choose to share increasingly less.

But the public cannot afford to lose the social benefits that those projects may bring to the people who need them.

Big projects, such as care.data, cannot afford for everyone’s sake to continue to repeatedly set off and crash.

Smaller projects, those planned and in progress by each organisation and attendee at the King’s Fund event, cannot afford for those national mistakes to damage the trust the public may otherwise hold in the projects at local level.

I heard care.data mentioned five different times over the two-day event  in different projects as having harmed the project through trust or delays. We even heard examples of companies in Scotland going bust due to rollouts with slowed data access and austerity.

Individuals cannot afford for their reputation to be harmed through association, or by using data in ways the public finds unreasonable and get splashed across the front page of the Telegraph.

Clarity is needed for everyone using data well whether for direct care with implied consent, or secondary uses without it, and it is in the public interest to safeguard access to that data.

A new social contract on data would be good all round.

Reputational Risk

The June 6th story of the 700,000 unrespected opt outs has been and gone. But the issue has not.

Can organisations continue to use that data ethically and legally knowing it is explicitly without consent?

“When will those objections be implemented?” should be a question that organisations across the country are asking – if reputational risk is a factor in any datasharing decision making – in addition to the fundamental ethical principle: can we continue to use the data from an individual from whom we know consent was not freely given and was actively withheld?

What of projects that use HES or hospital secondary care sites’ submitted data and rely on the HSCIC POM mechanisms? How do those audits or other projects take HES secondary objections into account?

Sir Nick Partridge said in the April 2014 HSCIC HES/SUS audit there should be ‘no surprises’ in future.

That future is now. What has NHS England done since to improve?

“Consumer confidence appears to be fragile and there are concerns that future changes in how data may be collected and used (such as more passive collection via the Internet of Things) could test how far consumers are willing to continue to provide data.” [CMA Consumer report] [6]

The problem exists across both state and consumer data sharing. It is not a matter of if, but when, these surprises are revealed to the public with unpredictable degrees of surprise and revulsion, resulting in more objection to sharing for any purposes at all.

The solutions exist: meaningful transparency, excluding commercial purposes which appear exploitative, consensual choices, and no surprises. Shape communications processes by building-in future change to today’s programmes to future proof trust.

Future-proofing does not mean making a purpose and use of data so vague as to be all encompassing – exactly what the public has said at care.data listening events they do not want and will not find sufficient to trust nor I would argue, would it meet legally adequate fair processing – it must build and budget for mechanisms into every plan today, to inform patients of the future changes to use or users of data already gathered, and offer them a new choice to object or consent. And they should have a way to know who used what.

The GP who asked the first of the only three questions that were possible in 10 minutes Q&A from the room, had taken away the same as I had: the year 2020 is far too late as a public engagement goal. There must be much stronger emphasis on it now. And it is actually very simple. Do what the public has already asked for.

The overriding lesson must be, the person behind the data must come first. If they object to data being used, that must be respected.

It starts with fixing the opt outs. That must happen. And now.

Public confidence is not a game [7]. Reputational risk is not something organisations should be forced to gamble with to continue their use of data and potential benefits of data sharing.

If NHS England, the NIB or Department of Health know how and when it will be fixed they should say so. If they don’t, they better have a darn good reason why and tell us that too.

‘No surprises’, said Nick Partridge.

The question decision makers must address for data management is, do they continue to be part of the problem or offer part of the solution?

******

References:

[1]The Telegraph, June 6th 2015 http://www.telegraph.co.uk/news/health/news/11655777/Nearly-1million-patients-could-be-having-confidential-data-shared-against-their-wishes.html

[2]  June 17th NIB meeting http://www.dh-national-information-board.public-i.tv/core/portal/webcast_interactive/180408

[3] NIB papers / workstream documentation https://www.gov.uk/government/publications/plans-to-improve-digital-services-for-the-health-and-care-sector

[4] care.data listening feedback http://www.england.nhs.uk/wp-content/uploads/2015/01/care-data-presentation.pdf

[5] Simon Denegri’s blog http://simondenegri.com/2015/06/18/is-public-involvement-in-uk-health-research-a-danger-to-itself/

[6] CMA findings on commercial use of consumer data https://www.gov.uk/government/news/cma-publishes-findings-on-the-commercial-use-of-consumer-data

[7] Data trust deficit New research finds data trust deficit with lessons for policymakers: http://www.statslife.org.uk/news/1672-new-rss-research-finds-data-trust-deficit-with-lessons-for-policymakers

[8] Caldicott review: information governance in the health and care system

Off the record – a case study in NHS patient data access

Patient online medical records’ access in England was promised by April 2015.

HSCIC_statsJust last month headlines abounded “GPs ensure 97% of patients can access summary record online“. Speeches carried the same statistics.  So what did that actually mean? The HSCIC figures released in May 2015 showed that while around 57 million patients can potentially access something of their care record only 2.5 million or 4.5% of patients had actively signed up for the service.

In that gap lies a gulf of a difference. You cannot access the patient record unless you have signed up for it, so to give the impression that 97% of patients can access a summary record online is untrue.  Only 4.5% can, and have done so. While yes, this states patients must request access, the impression is somewhat misrepresentative.

Here’s my look at what that involved and once signed up, what ‘access your medical records’ actually may mean in practice.

The process to getting access

First I wrote a note to the practice manager about a month ago, and received a phone call a few days later to pop in any time. A week later, I called to check before I would ‘pop in’ and found that the practice manager was not in every day, and it would actually have to be when she was.

I offered to call back and arrange a suitable date and time. Next call, we usefully agreed the potential date I could go in, but I’d have to wait to be sure that the paper records had first been retrieved from the external store (since another practice closed down ours had become more busy than ever and run out of space.) I was asked whether I had already received permission from the practice manager and to confirm that I knew there would be a £10 charge.

So, one letter, four phone calls and ten pounds in hard cash later, I signed a disclosure form this morning to say I was me and I had asked to see my records, and sat in a corner of the lovely practice manager’s office with a small thinly stuffed Lloyd George envelope, and a few photocopied or printed-out A4 pages  (so I didn’t get to actually look at my own on-screen record the GP uses) and a receipt.

What did my paper records look like?

My oldest notes on paper went back as far as 1998 and were for the most part handwritten. Having lived abroad since there was then a ten year gap until my new registration and notes moved onto paper prints of electronic notes.

These included referral for secondary care, correspondence between consultants and my GP and/or to and from me.

The practice manager was very supportive and tolerant of me taking up a corner of her office for half an hour. Clutching a page with my new log-in for the EMIS web for patient records access, I put the papers back, said my thank yous and set off home.

Next step: online

I logged on at home to the patient access system. Having first had it in 2009 when I registered, I hadn’t used the system since as it had very limited functionality, and I had had good health. Now I took the opportunity to try it again.

By asking the GP practice reception, I had been assigned a PIN, given the Practice ID, an Access ID and confirmation of my NHS number all needed entry in Step 1:

emis1

 

Step 2: After these on screen 2, I was asked for my name, DOB, and to create a password.

emis2

 

Step 3: the system generated a long number user ID which I noted down.

Step 4: I looked for the data sharing and privacy policy. Didn’t spot with whom data entered would be shared or for what purposes and any retention or restrictions of purposes. I’d like to see that added.

emis3
Success:

Logged on using my new long user ID and password, I could see an overview page with personal contact details, which were all accurate.  Sections for current meds, allergies, appointments, medical record, personal health record and repeats prescriptions. There was space for overview of height, BMI and basic lifestyle (alcohol and smoking) there too.

emis4c

 

A note from 2010 read: “refused consent to upload national. sharing. electronic record.” Appropriately some may perhaps think, this was recorded in the “problems” section, which was otherwise empty.

Drilling down to view the medication record,  the only data held was the single most recent top line prescription without any history.

emis4b

 

And the only other section to view was allergies, similarly and correctly empty:

emis5

The only error I noted was a line to say I was due an MMR immunization in June 2015. [I will follow up to check whether one of my children should be due for it, rather than me.]

What else was possible?

Order repeat prescription: If your practice offers this service there is a link called Make a request in the Repeat Prescriptions section of the home page after you have signed in. This was possible. Our practice already does it direct with the pharmacy.

Book an appointment: with your own GP from dates in a drop down.

Apple Health app integration: The most interesting part of the online access was this part that suggested it could upload a patient’s Apple health app data, and with active patient consent, that would be shared with the GP.

emis6

 

It claims: “You can consent to the following health data types being shared to Patient Access and added to your Personal Health Record (PHR):”

  • Height
  • Weight
  • BMI
  • Blood Glucose
  • Blood Pressure (Diastolic & Systolic)
  • Distance (walked per day)
  • Forced expired volume
  • Forced Vital capacity
  • Heart Rate
  • Oxygen Saturation
  • Peak Expiratory Flow
  • Respiratory rate
  • Steps (taken per day)

“This new feature is only available to users of IOS8 who are using the Apple Health app and the Patient Access app.”

 

With the important caveat for some: IOS 8.1 has removed the ability to manually enter Blood Glucose data via the Health app. Health will continue to support Blood Glucose measurements added via 3rd party apps such as MySugr and iHealth.

Patient Access will still be able to collect any data entered and we recommend entering Blood Glucose data via one of those free apps until Apple reinstate the capability within Health.

What was not possible:

To update contact details: The practice configures which details you are allowed to change. It may be their policy to restrict access to change some details only in person at the practice.

Viewing my primary care record: other than a current medication there was nothing of my current records in the online record. Things like test results were not in my online record at all, only on paper. Pulse noted sensible concerns about this area in 2013.

Make a correction: clearly the MMR jab note is wrong, but I’ll need to ask for help to remove it.

“Currently the Patient Access app only supports the addition of new information; however, we envisage quickly extending this functionality to delete information via the Patient Access service.” How this will ensure accuracy and avoid self editing I am unsure.

Questions: Who can access this data?

While the system stated that “the information is stored securely in our accredited data centre that deals solely with clinical data. ” there is no indication of where, who manages it and who may access it and why.

In 2014 it was announced that pharmacies would begin to have access to the summary care record.

“A total of 100 pharmacies across Somerset, Northampton, North Derbyshire, Sheffield and West Yorkshire will be able to view a patient’s summary care record (SCR), which contains information such as a patient’s current medications and allergies.”

Yet clearly in the Summary Care Record consent process in 2010 from my record, pharmacists were not mentioned.

Does the patient online access also use the Summary Care Record or not? If so, did I by asking for online access, just create a SCR without asking for one? Or is it a different subset of data? If they are different, which is the definitive record?

Overall:

From stories we read it could appear that there are broad discrepancies between what is possible in one area of the country from another, and between one practice and another.

Clearly to give the impression that 97% of patients can access summary records online is untrue to date if only 4.5% actually can get onto an electronic system, and see any part of their records, on demand today.

How much value is added to patients and practitioners in that 4.5% may vary enormously depending upon what functionality they have chosen to enable at different locations.

For me as a rare user of the practice, there is no obvious benefit right now. I can book appointments during the day by telephone and meds are ordered through the chemist. It contained no other information.

I don’t know what evidence base came from patients to decide that Patient Online should be a priority.

How many really want and need real time, online access to their records? Would patients not far rather the priority in these times of austerity, the cash and time and IT expertise be focused on IT in direct care and visible by their medics? So that when they visit hospital their records would be available to different departments within the hospital?

I know which I would rather have.

What would be good to see?

I’d like to get much clearer distinction between the data purposes we have of what data we share for direct and indirect purposes, and on what legal basis.

Not least because it needs to be understandable within the context of data protection legislation. There is often confusion in discussions of what consent can be implied for direct care and where to draw its limit.

The consultation launched in June 2014 is still to be published since it ended in August 2014, and it too blurred the lines between direct care and secondary purposes.  (https://www.gov.uk/government/consultations/protecting-personal-health-and-care-data).

Secondly, if patients start to generate potentially huge quantities of data in the Apple link and upload it to GP electronic records, we need to get this approach correct from the start. Will that data be onwardly shared by GPs through care.data for example?

But first, let’s start with tighter use of language on communications. Not only for the sake of increased accuracy, but so that as a result expectations are properly set for policy makers, practitioners and patients making future decisions.

There are many impressive visions and great ideas how data are to be used for the benefit of individuals and the public good.

We need an established,  easy to understand, legal and ethical framework about our datasharing in the NHS to build on to turn benefits into an achievable reality.

Are care.data pilots heading for a breech delivery?

Call the midwife [if you can find one free, the underpaid overworked miracle workers that they are], the care.data ‘pathfinder’ pilots are on their way! [This is under a five minute read, so there should be time to get the hot water on – and make a cup of tea.]

I’d like to be able to say I’m looking forward to a happy new arrival, but I worry care.data is set for a breech birth. Is there still time to have it turned around? I’d like to say yes, but it might need help.

The pause appears to be over as the NHS England board delegated the final approval of directions to their Chair, Sir Malcolm Grant and Chief Executive, Simon Stevens, on Thursday May 28.

Directions from NHS England which will enable the HSCIC to proceed with their pathfinder pilots’ next stage of delivery.

“this is a programme in which we have invested a great deal, of time and thought in its development.” [Sir Malcolm Grant, May 28, 2015, NHS England Board meeting]

And yet. After years of work and planning, and a 16 month pause, as long as it takes for the gestation of a walrus, it appears the directions had flaws. Technical fixes are also needed before the plan could proceed to extract GP care.data and merge it with our hospital data at HSCIC.

And there’s lots of unknowns what this will deliver.**

Groundhog Day?

The public and MPs were surprised in 2014. They may be even more surprised if 2015 sees a repeat of the same again.

We have yet to hear case studies of who received data in the past and would now be no longer eligible. Commercial data intermediaries? Can still get data, the NHS Open Day was told. And they do, as the HSCIC DARS meeting minutes in 2015 confirm.

By the time the pilots launch, the objection must actually work, communications must include an opt out form and must clearly give the programme a name.

I hope that those lessons have been learned, but I fear they have not been. There is still lack of transparency. NHS England’s communications materials and May-Oct 2014 and any 2015 programme board minutes have not been published.

We have been here before.

Back to September 2013: the GPES Advisory Committee, the ICO and Dame Fiona Caldicott, as well as campaigners and individuals could see the issues in the patient leaflet and asked for fixes.The programme went ahead anyway in February 2014 and although foreseen, failed to deliver. [For some, quite literally.]

These voices aren’t critical for fun, they call for fixes to get it right.

I would suggest that all of the issues raised since April 2014, were broadly known in February 2014 before the pause began. From the public listening exercise,  the high level summary captures some issues raised by patients, but doesn’t address their range or depth.

Some of the difficult and unwanted  issues, are still there, still the same and still being ignored, at least in the public domain. [4]

A Healthy New Arrival?

How is the approach better now and what happens next to proceed?

“It seems a shame,” the Walrus said, “To play them such a trick, After we’ve brought them out so far, And made them trot so quick!” [Lewis Carroll]

When asked by a board member: What is it we seek to learn from the pathfinder approach that will guide us in the decision later if this will become a national approach? it wasn’t very clear. [full detail end of post]

First they must pass the tests asked of them by Dame Fiona [her criteria and 27 questions from before Christmas.] At least that was what the verbal background given at the board meeting explained.

If the pilots should be a dip in the water of how national rollouts will proceed, then they need to test not just for today, but at least for the known future of changing content scope and expanding users – who will pay for the communication materials’ costs each time?

If policy keeps pressing forward, will it not make these complications worse under pressure? There may be external pressure ahead as potential changes to EU data protection are expected this year as well, for which the pilot must be prepared and design in advance for the expectations of best practice.

Pushing out the pathfinder directions, before knowing the answers to these practical things and patient questions open for over 16 months, is surely backwards. A breech birth, with predictable complications.

If in Sir Malcolm Grant’s words:

“we would only do this  if we believed it was absolutely critical in the interests of patients.” [Malcom Grant, May 28, 2015, NHS England Board meeting]

then I’d like to see the critical interest of patients put first. Address the full range of patient questions from the ‘listening pause’.

In the rush to just fix the best of a bad job, we’ve not even asked are we even doing the right thing? Is the system designed to best support doctor patient needs especially with the integration “blurring the lines” that Simon Stevens seems set on.

If  focus is on the success of the programme and not the patient, consider this: there’s a real risk too many opt out due to these unknowns. And lack of real choice on how their data gets used. It could be done better to reduce that risk.

What’s the percentage of opt out that the programme deems a success to make it worthwhile?

In March 2014, at a London event, a GP told me all her patients who were opting out were the newspaper reading informed, white, middle class. She was worried that the data that would be included, would be misleading and unrepresentative of her practice in CCG decision making.

medConfidential has written a current status for pathfinder areas that make great sense to focus first on fixing care.data’s big post-election question the opt out that hasn’t been put into effect. Of course in February 2014 we had to choose between two opt outs -so how will that work for pathfinders?

In the public interest we need collectively to see this done well. Another mis-delivery will be fatal. “No artificial timelines?”

Right now, my expectations are that the result won’t be as cute as a baby walrus.

******

Notes from the NHS England Board Meeting, May 28, 2015:

TK said:  “These directions [1] relate only to the pathfinder programme and specify for the HSCIC what data we want to be extracted in the event that Dame Fiona, this board and the Secretary of State have given their approval for the extraction to proceed.

“We will be testing in this process a public opt out, a citizen’s right to opt out, which means that, and to be absolutely clear if someone does exercise their right to opt out, no clinical data will be extracted from their general practice,  just to make that point absolutely clearly.

“We have limited access to the data, should it be extracted at the end of the pathfinder phase, in the pathfinder context to just four organisations: NHS England, Public Health England, the HSCIC and CQC.”

“Those four organisations will only be able to access it for analytic purposes in a safe, a secure environment developed by the Information Centre [HSCIC], so there will be no third party hosting of the data that flows from the extraction.

“In the event that Dame Fiona, this board, the Secretary of State, the board of the Information Centre, are persuaded that there is merit in the data analysis that proceeds from the extraction, and that we’ve achieved an appropriate standard of what’s called fair processing, essentially have explained to people their rights, it may well be that we proceed to a programme of national rollout, in that case this board will have to agree a separate set of directions.”

“This is not signing off anything other than a process to test communications, and for a conditional approval on extracting data subject to the conditions I’ve just described.”

CD said: “This is new territory, precedent, this is something we have to get right, not only for the pathfinders but generically as well.”

“One of the consequences of having a pathfinder approach, is as Tim was describing, is that directions will change in the future. So if we are going to have a truly fair process , one of the things we have to get right, is that for the pathfinders, people understand that the set of data that is extracted and who can use it in the pathfinders, will both be a subset of, the data that is extracted and who can use it in the future. If we are going to be true to this fair process, we have to make sure in the pathfinders that we do that.

“For example, at the advisory group last week, is that in the communication going forward we have to make sure that we flag the fact there will be further directions, and they will be changed, that we are overt in saying, subject to what Fiona Caldicott decides, that process itself will be transparent.”

Questions from Board members:
Q: What is it we seek to learn from the pathfinder approach that will guide us in the decision later if this will become a national approach?
What are the top three objectives we seek to achieve?

TK: So, Dame Fiona has set a series of standards she expects the pathfinders to demonstrate, in supporting GPs to be able to discharge this rather complex communication responsibility, that they have under the law  in any case.

“On another level how we can demonstrate that people have adequately understood their right to opt out [..]

“and how do we make sure that populations who are relatively hard to reach, although listed with GPs, are also made aware of their opportunity to opt out.

Perhaps it may help if I forward this to the board, It is in the public domain. But I will forward the letter to the board.”

“So that lays out quite a number of specific tangible objectives that we then have to evaluate in light of the pathfinder experience. “

Chair: “this is a programme in which we have invested a great deal, of time and thought in its development, we would only do this  if we believed it was absolutely critical in the interests of patients, it was something that would give us the information the intelligence that we need to more finely attune our commissioning practice, but also to get real time intelligence about how patients lives are lived, how treatments work and how we can better provide for their care.

“I don’t think this is any longer a matter of huge controversy, but how do we sensitively attune ourselves to patient confidentiality.”

“I propose that […] you will approve in principle the directions before you and also delegate to the Chief Executive and to myself to do final approval on behalf of the board, once we have taken into account the comments from medConfidential and any other issues, but the substance will remain unchanged.”

******

[4] request for the release of June 2014 Open House feedback still to be published in the hope that the range and depth of public questions can be addressed.

care.data comms letter

******
“The time has come,” the walrus said, “to talk of many things.”
[From ‘The Walrus* and the Carpenter’ in Through the Looking-Glass by Lewis Carroll]

*A walrus has a gestation period of about 16 months.
The same amount of time which the pause in the care.data programme has taken to give birth to the pathfinder sites.

references:
[1] NHS England Directions to HSCIC: May 28 2015 – http://www.england.nhs.uk/wp-content/uploads/2015/05/item6-board-280515.pdf
[2] Notes from care.data advisory group meeting on 27th February 2015
[3] Patient questions: https://jenpersson.com/pathfinder/
[4] Letter from NHS England in response to request from September, and November 2014 to request that public questions be released and addressed


15 Jan 2024: Image section in header replaced at the request of likely image tracing scammers who don’t own the rights and since it and this blog is non-commercial would fall under fair use anyway. However not worth the hassle. All other artwork on this site is mine.

The Economic Value of Data vs the Public Good? [1] care.data, Concerns and the cost of Consent

They say ‘every little helps’.  care.data needs every little it can get.

In my new lay member role on the ADRN panel, I read submissions for research requests for any ethical concerns that may be reflected in wider public opinion.

The driving force for sharing administrative data research is non-commercial, with benefits to be gained for the public good.

So how do we quantify the public good, and ‘in the public interest’?

Is there alignment between the ideology of government, the drivers of policy [for health, such as the commissioning body NHS England] and the citizens of the country on what constitutes ‘the public good’?

There is public good to be gained for example, from social and health data seen as a knowledge base,  by using it using in ‘bona fide’ research, often through linking with other data to broaden insights.

Insight that might result in improving medicines, health applications, and services. Social benefits that should help improve lives, to benefit society.

Although social benefits may be less tangible, they are no harder for the public to grasp than the economic. And often a no brainer as long as confidentiality and personal control are not disregarded.

When it comes to money making from our data the public is less happy. The economic value of data raises more questions on use.

There is economic benefit to extract from data as a knowledge base to inform decision making, being cost efficient and investing wisely. Saving money.

And there is measurable economic public good in terms of income tax from individuals and corporations who by using the data make a profit, using data as a basis from which to create tools or other knowledge. Making money for the public good through indirect sales.

Then there is economic benefit from data trading as a commodity. Direct sales.

In all of these considerations, how does what the public feels and their range of opinions, get taken into account in the public good cost and benefit accounting?

Do we have a consistent and developed understanding of ‘the public interest’ and how it is shifting to fit public expectation and use?

Public concern

“The importance of building and maintaining trust and confidence among all stakeholder groups concerned – including researchers, institutions, ethical review boards and research participants – as a basis for effective data sharing cannot be overstated.”  [Wellcome blog, April 2015]

If something is jeopardising that public good it is in the public interest to say so, and for the right reasons.

The loss of public trust in data sharing measured by public feeling in 2014 is a threat to data used in the public interest, so what are we doing to fix it and are care.data lessons being learned?

The three biggest concerns voiced by the public at care.data listening events[1] were repeatedly about commercial companies’ use, and re-use of data, third parties accessing data for unknown purposes and the resultant loss of confidentiality.

 Question from Leicester: “Are we saying there will be only clinical use of the data – no marketing, no insurance, no profit making? This is our data.” [NHS Open Day, June 2014]

While people are happy for the state to use their data without active consent for bona fide research, they are not for commercial purposes.

Much of the debate and upset caused by the revelations of how our hospital episode statistics were managed in the past centred on the sense of loss of ownership. And with that, the inability to consent to who uses it. This despite acknowledgment that patients own their data.

Significant concern centres on use of the information gleaned from data that patients consider commercial exploitation. For use segmenting the insurance markets. For consumer market research. Using data for individual targeting. And its utter lack of governance.

There is also concern about data being directly sold or exchanged as a commodity.

These concerns were raised meeting after meeting in the 2014 care.data “listening process.”

To read in Private Eye that commercially sensitive projects were discussed in various meetings between NHS England and supermarket giant Tesco throughout 2014 [2] by the Patients and Information Director, responsible for care.data, is therefore all the more surprising.

They may of course be quite unrelated.

But when transparency is the mother of trust, it’s perhaps a surprising liason while ‘listening’ to care.data concerns.

It could appear that greater confidentiality was given to the sensitivity of commercial meetings than citizens’ sensitive data.

Consent package deals may be a costly mistake

People are much more aware since care.data a year ago, that unknown third parties may access data without our consent.

Consent around secondary NHS data sharing and in wider fora is no longer an inconvenient ethical dilemma best left on the shelf, as it has been for the last 25 years in secondary use, dusted off in the care.data crisis. [3]

Consent is front and centre in the latest EU data protection discussions [4] in which consent may become a requirement for all research purposes.

How that may affect social science and health research use, its pros and cons [5] remain to be seen.

However, in principle consent has always been required and good practice in applied medicine, despite the caveat for data used in medical research. As a general rule: “An intervention in the health field may only be carried out after the person concerned has given free and informed consent to it”. But this is consent for your care. Assuming that information is shared when looking after you, for direct care, during medical treatment itself is not causes concerns.

The idea is becoming increasingly assumed in discussions I have heard, [at CCG and other public meetings] that because patients have given implied consent to sharing their information for their care, that the same data may be shared for other purposes. It is not, and it is those secondary purposes that the public has asked at care.data events, to see split up, and differentiated.

Research uses are secondary uses, and those purposes cannot ethically be assumed. However, legal gateways, access to that data which makes it possible to uses for clearly defined secondary purposes by law, may make that data sharing legal.

That legal assumption, for the majority of people polls and dialogue show [though not for everyone 6b], comes  a degree of automatic support for bona fide research in the public interest. But it’s not a blanket for all secondary uses by any means, and it is this blanket assumption which has damaged trust.

So if data use in research assumes consent, and any panel is the proxy for personal decision making, the panel must consider the public voice and public interest in its decision making.

So what does the public want?

In those cases where there is no practicable alternative [to consent], there is still pressure to respect patient privacy and to meet reasonable expectations regarding use. The stated ambition of the CAG, for example, is to only advise disclosure in those circumstances where there is reason to think patients would agree it to be reasonable.

Whether active not implied consent does or does not become a requirement for research purposes without differentiation between kinds, the public already has different expectations and trust around different users.

The biggest challenge for championing the benefits of research in the public good, may be to avoid being lumped in with commercial marketing research for private profit.

The latter’s misuse of data is an underlying cause of the mistrust now around data sharing [6]. It’s been a high price to pay for public health research and others delayed since the Partridge audit.

Consent package deals mean that the public cannot choose how data are used in what kids of research and if not happy with one kind, may refuse permission for the other.

By denying any differentiation between direct, indirect, economic and social vale derived from data uses, the public may choose to deny all researchers access to their all personal data.

That may be costly to the public good, for public health and in broader research.

A public good which takes profit into account for private companies and the state, must not be at the expense of public feeling, reasonable expectations and ethical good practice.

A state which allows profit for private companies to harm the perception of  good practice by research in the public interest has lost its principles and priorities. And lost sight of the public interest.

Understanding if the public, the research community and government have differing views on what role economic value plays in the public good matters.

It matters when we discuss how we should best protect and approach it moving towards a changing EU legal framework.

“If the law relating to health research is to be better harmonised through the passing of a Regulation (rather than the existing Directive 95/46/EC), then we need a much better developed understanding of ‘the public interest’ than is currently offered by law.”  [M Taylor, “Information Governance as a Force for Good? Lessons to be Learnt from Care.data”, (2014) 11:1 SCRIPTed 1]

In the words of Dr Mark Taylor, “we need to do this better.”

How? I took a look at some of this in more detail:

Part two: The Economic Value of Data vs the Public Good? [2] Pay-for-privacy and Defining Purposes.

Part three: The Economic Value of Data vs the Public Good? [3] The value of public voice.

Update note: A version of these three posts was combined into an opinion piece – care.data: ‘The Value of Data versus the Public Interest?’ published on StatsLife on June 3rd 2015.

****

image via Tesco media

 

[1] care.data listening event questions: https://jenpersson.com/pathfinder/

[2] Private Eye – on Tesco / NHS England commercial meetings https://twitter.com/medConfidential/status/593819474807148546

[3] HSCIC audit and programme for change www.hscic.gov.uk/article/4780/HSCIC-learns-lessons-of-the-past-with-immediate-programme-for-change

[4] EU data protection discussion http://www.digitalhealth.net/news/EHI/9934/eu-ministers-back-data-privacy-changes

[5] Joint statement on EU Data Protection proposals http://www.wellcome.ac.uk/stellent/groups/corporatesite/@policy_communications/documents/web_document/WTP055584.pdf

[6] Ipsos MORI research with the Royal Statistical Society into the Trust deficit with lessons for policy makers https://www.ipsos-mori.com/researchpublications/researcharchive/3422/New-research-finds-data-trust-deficit-with-lessons-for-policymakers.aspx

[6b] The ‘Dialogue on Data’ Ipsos MORI research 2014 https://www.ipsos-mori.com/researchpublications/publications/1652/Dialogue-on-Data.aspx – commissioned by the Economic and Social Research Council (ESRC) and the Office for National Statistics (ONS) to conduct a public dialogue examining the public’s views on using linked administrative data for research purposes,

[7] AdExchanger Janaury 2015 http://adexchanger.com/data-driven-thinking/the-newest-asset-class-data/

[8] Tesco clubcard data sale https://jenpersson.com/public_data_in_private_hands/  / Computing 14.01.2015 – article by Sooraj Shah: http://www.computing.co.uk/ctg/feature/2390197/what-does-tescos-sale-of-dunnhumby-mean-for-its-data-strategy

[9] Direct Marketing 2013 http://www.dmnews.com/tesco-every-little-bit-of-customer-data-helps/article/317823/

[10] Personalisation in health data plans http://www.england.nhs.uk/iscg/wp-content/uploads/sites/4/2014/01/ISCG-Paper-Ref-ISCG-009-002-Adult-Social-Care-Informatics.pdf

[11] Tim Kelsey Keynote speech at Strata November 2013 https://www.youtube.com/watch?v=s8HCbXsC4z8

[12] Forbes: Illumina CEO on the US$20bn DNA market http://www.forbes.com/sites/luketimmerman/2015/04/29/qa-with-jay-flatley-ceo-of-illumina-the-genomics-company-pursuing-a-20b-market/

 

The Economic Value of Data vs the Public Good? [2] Pay-for-privacy, defining purposes

Differentiation. Telling customers apart and grouping them by similarities is what commercial data managers want.

It enables them to target customers with advertising and sales promotion most effectively. They segment the market into chunks and treat one group differently from another.

They use market research data, our loyalty card data, to get that detailed information about customers, and decide how to target each group for what purposes.

As the EU states debate how research data should be used and how individuals should be both enabled and protected through it, they might consider separating research purposes by type.

While people are happy for the state to use their data without active consent for bona fide research, they are not for commercial consumer research purposes. [ref part 1].

Separating consumer and commercial market research from the definition of research purposes for the public good by the state, could be key to rebuilding people’s trust in government data use.

Having separate purposes would permit separate consent and control procedures to govern them.

But what role will profit make in the state’s definition of ‘in the public interest’ – is it in the public interest if the UK plc makes money from its citizens? and how far along any gauge of public feeling will a government be prepared to go to push making money for the UK plc at our own personal cost?

Pay-for-privacy?

In January this year, the Executive Vice President at Dunnhumby, Nishat Mehta, wrote in this article [7], about how he sees the future of data sharing between consumers and commercial traders:

“Imagine a world where data and services that are currently free had a price tag. You could choose to use Google or Facebook freely if you allowed them to monetize your expressed data through third-party advertisers […]. Alternatively, you could choose to pay a fair price for these services, but use of the data would be forbidden or limited to internal purposes.”

He too, talked about health data. Specifically about its value when accurate expressed and consensual:

“As consumers create and own even more data from health and fitness wearables, connected devices and offline social interactions, market dynamics would set the fair price that would compel customers to share that data. The data is more accurate, and therefore valuable, because it is expressed, rather than inferred, unable to be collected any other way and comes with clear permission from the user for its use.”

What his pay-for-privacy model appears to have forgotten, is that this future consensual sharing is based on the understanding that privacy has a monetary value. And that depends on understanding the status quo.

It is based on the individual realising that there is money made from their personal data by third parties today, and that there is a choice.

The extent of this commercial sharing and re-selling will be a surprise to most loyalty card holders.

“For years, market research firms and retailers have used loyalty cards to offer money back schemes or discounts in return for customer data.”

However despite being signed up for years, I believe most in the public are unaware of the implied deal. It may be in the small print. But everyone knows that few read it, in the rush to sign up to save money.

Most shoppers believe the supermarket is buying our loyalty. We return to spend more cash because of the points. Points mean prizes, petrol coupons, or pounds off.

We don’t realise our personal identity and habits are being invisibly analysed to the nth degree and sold by supermarkets as part of those sweet deals.

But is pay-for-privacy discriminatory? By creating the freedom to choose privacy as a pay-for option, it excludes those who cannot afford it.

Privacy should be seen as a human right, not as a pay-only privilege.

Today we use free services online but our data is used behind the scenes to target sales and ads often with no choice and without our awareness.

Today we can choose to opt in to loyalty schemes and trade our personal data for points and with it we accept marketing emails, and flyers through the door, and unwanted calls in our private time.

The free option is to never sign up at all, but by doing so customers pay a premium by not getting the vouchers and discounts.  Or trading convenience of online shopping.

There is a personal cost in all three cases, albeit in a rather opaque trade off.

 

Does the consumer really benefit in any of these scenarios or does the commercial company get a better deal?

In the sustainable future, only a consensual system based on understanding and trust will work well. That’s assuming by well, we mean organisations wish to prevent PR disasters and practical disruption as resulted for example to NHS data in the last year, through care.data.

For some people the personal cost to the infringement of privacy by commercial firms is great. Others care less. But once informed, there is a choice on offer even today to pay for privacy from commercial business, whether one pays the price by paying a premium for goods if not signed up for loyalty schemes or paying with our privacy.

In future we may see a more direct pay-for-privacy offering along  the lines of Nishat Mehta.

And if so, citizens will be asking ever more about how their data is used in all sorts of places beyond the supermarket.

So how can the state profit from the economic value of our data but not exploit citizens?

‘Every little bit of data’ may help consumer marketing companies.  Gaining it or using it in ways which are unethical and knowingly continue bad practices won’t win back consumers and citizens’ trust.

And whether it is a commercial consumer company or the state, people feel exploited when their information is used to make money without their knowledge and for purposes with which they disagree.

Consumer commercial use and use in bona fide research are separate in the average citizen’s mind and understood in theory.

Achieving differentiation in practice in the definition of research purposes could be key to rebuilding consumers’ trust.

And that would be valid for all their data, not only what data protection labels as ‘personal’. For the average citizen, all data about them is personal.

Separating in practice how consumer businesses are using data about customers to the benefit of company profits, how the benefits are shared on an individual basis in terms of a trade in our privacy, and how bona fide public research benefits us all, would be beneficial to win continued access to our data.

Citizens need and want to be offered paths to see how our data are used in ways which are transparent and easy to access.

Cutting away purposes which appear exploitative from purposes in the public interest could benefit commerce, industry and science.

By reducing the private cost to individuals of the loss of control and privacy of our data, citizens will be more willing to share.

That will create more opportunity for data to be used in the public interest, which will increase the public good; both economic and social which the government hopes to see expand.

And that could mean a happy ending for everyone.

The Economic Value of Data vs the Public Good?  They need not be mutually exclusive. But if one exploits the other, it has the potential to continue be corrosive. The UK plc cannot continue to assume its subjects are willing creators and repositories of information to be used for making money. [ref 1] To do so has lost trust in all uses, not only those in which citizens felt exploited.[6]

The economic value of data used in science and health, whether to individual app creators, big business or the commissioning state in planning and purchasing is clear. Perhaps not quantified or often discussed in the public domain perhaps, but it clearly exists.

Those uses can co-exist with good practices to help people understand what they are signed up to.

By defining ‘research purposes’, by making how data are used transparent, and by giving real choice in practice to consent to differentiated data for secondary uses, both commercial and state will secure their long term access to data.

Privacy, consent and separation of purposes will be wise investments for its growth across commercial and state sectors.

Let’s hope they are part of the coming ‘long-term economic plan’.

****

Related to this:

Part one: The Economic Value of Data vs the Public Good? [1] Concerns and the cost of Consent

Part two: The Economic Value of Data vs the Public Good? [2] Pay-for-privacy and Defining Purposes.

Part three: The Economic Value of Data vs the Public Good? [3] The value of public voice.

****

image via Tesco media

[6] Ipsos MORI research with the Royal Statistical Society into the Trust deficit with lessons for policy makers https://www.ipsos-mori.com/researchpublications/researcharchive/3422/New-research-finds-data-trust-deficit-with-lessons-for-policymakers.aspx

[7] AdExchanger Janaury 2015 http://adexchanger.com/data-driven-thinking/the-newest-asset-class-data/

[8] Tesco clubcard data sale https://jenpersson.com/public_data_in_private_hands/  / Computing 14.01.2015 – article by Sooraj Shah: http://www.computing.co.uk/ctg/feature/2390197/what-does-tescos-sale-of-dunnhumby-mean-for-its-data-strategy

[9] Direct Marketing 2013 http://www.dmnews.com/tesco-every-little-bit-of-customer-data-helps/article/317823/

 

The Economic Value of Data vs the Public Good? [3] The value of public voice.

Demonstrable value of public research to the public good, while abstract, is a concept quite clearly understood.

Demonstrating the economic value of data for private consumer companies like major supermarkets is even easier to understand.

What is less obvious is the harm that the commercial misuse of data can do to the public’s perception of all research for the public good.[6]

The personal cost of consumer data exploitation, whether through the loss of, or through paid-for privacy, must be limited to reduce the perceived personal cost of the public good.

By reducing the personal cost, we increase the value of the perceived public benefit of sharing and overall public good.

The public good may mean many things: benefits from public health research like understanding how disease travels, or good financial planning, derived from knowing what needs communities have and what services to provide.

By reducing the private cost to individuals of the loss of control and privacy of our data, citizens will be more willing to share.

It will create more opportunity for data to be used in the public interest, for both economic and social gain.

As I outlined in the previous linked blog posts, consent [part 1] and privacy [part 2] would be wise investments for its growth.

So how are consumer businesses and the state taking this into account?

Where is the dialogue we need to keep expectations and practices aligned in a changing environment and legal framework?

Personalisation: the economic value of data for companies

Any projects under discussion or in progress without adequate public consultation and real involvement, that ignore public voice,  risk their own success and with it the public good they should create.

The same is true for commercial projects.  For example, back to Tesco.

Whether the clubcard data management and processing [8] is directly or indirectly connected to Tesco, its customer data are important to the supermarket chain and are valuable.

Former Tesco executive, spoke about that value in a 2013 interview:

“These are slow-growing industries,” Leahy said. “The difference was in the use of data, in the way Tesco learned about its customers. And from that, everything flowed.”[9]

By knowing who, how and when citizens shop, it allows them to target the sales offering to make people buy more or differently. The so-called ‘nudge’ moving citizens in the direction the company wants.

He explained how, through the Clubcard loyalty program, the supermarket was able to transition from mass marketing to personalized marketing and that it works in other areas too:

“You can already see in some areas where customers are content to be priced as customers: risk pricing with insurance and so on.

“It makes a lot of sense in health pricing, but there will be certain social policy restriction in terms of fair access and so on.”

NHS patient data and commercial supermarket data may be coming closer in their use than we might think.

Not only closer in their similar desire to move towards personalisation [10] but for similar reasons, in the desire to use all the data to know all about people as health consumers and from that, to plan and purchase, best and cheapest…”in reducing overall cost.”

It is worth thinking about in an economy driven by ideological austerity, how reducing overall cost will be applied, by cutting services or reducing to whom services are offered.

What ‘nudge’ may be applied through NHS policies, to move citizens in the direction the drivers in government or civil service want to see?

What will push those who can afford it, into private care and out of those who the state has to spend money on, if they are prepared to spend their own, for example.

What is the data that citizens provide through schemes like care.data designed to achieve?

“Demonstrating The Actual Economic Value of Data”

Tim Kelsey, speaking at Strata in 2013 [11] talked about: “Demonstrating The Actual Economic Value of Data”. Our NHS data are valuable in both economic and social terms.

[From 12:17] “It will help put the UK on the map in terms of genomic research. The PM has already committed to the UK developing 100K gene sequences very rapidly. But those sequences on their own will have very limited value without the reference data that lies out there in the real world of the NHS, the data we’ll start making available form next June […]. The name of the programme by the way is care dot data.”

The long since delayed care.data programme plans to provide medical records for secondary use, as reference data for the 100K genomics programme. The programme has the intent to “create a lasting legacy for patients, the NHS and the UK economy.”

With consent.

When the CEO of Illumina talks about winning a US $20bn market [12] perhaps it also sounds economically appealing for the UK plc and the austerity-lean NHS. Illumina is the company which won the contract for the Genomics England project sequencing of course.

“The notion here is that it’s really a precursor to understand the health economics of why sequencing helps improve healthcare, both in quality of outcome, and in reducing overall cost. Presuming we meet the objectives of this three-year study–and it’s truly a pilot–then the program will expand substantially and sequence many more people in the U.K.” [Jay Flatley, CEO]

The idea of it being a precursor leaves me asking, to what?
“Will expand substantially” to whom?

As more and more becomes possible in science, there will be an ever greater need for understanding between how and why we should advance medicine, and how to protect human dignity. Because it becomes possible may not always mean it should be done.

Article 21 of the Convention for the Protection of Human Rights and Dignity of the Human Being with regard to the application of biology and medicine, also says:  “The human body and its parts shall not, as such, give rise to financial gain.”

How close is profit making from DNA sequencing getting to that line?

These are questions that raise ethical questions and questions of social and economic value. The social legitimacy of these programmes will depend on trust. Trust based on no surprises.

Commercial market research or real research for the public good?

Meanwhile all consenting patients can in theory now choose to access their own record [GP online].  Mr Kelsey expressed hopes in 2013 that developers would use that to help patients:

“to mash it up with other data sources to get their local retailers to tell them about their purchasing habits [16:05] so they can mash it up with their health data.”

This despite the 67% of the public concerned around health data use by commercial companies.

So what were the commercially sensitive projects discussed by NHS England and Tesco throughout 2014? It would be interesting to know whether loyalty cards and mashing up our data was part of it – or did they discuss market segmentation, personalisation and health pricing? Will we hear the ‘Transparency Tsar‘ tell NHS citizens their engagement is valued, but in reality find the public is not involved?

To do so would risk another care.data style fiasco in other fields.

Who might any plans offer most value to – the customer, the company or the country plc? Will the Goliaths focus on short term profit or fair processing and future benefits?

In the long run, ignoring public voice won’t help the UK plc or the public interest.

A balanced and sustainable research future will not centre on a consumer pay-for-privacy basis, or commercial alliances, but on a robust ethical framework for the public good.

A public good which takes profit into account for private companies and the state, but not at the expense of public feeling and ethical good practice.

A public good which we can understand in terms of social, direct and indirect economic value.

While we strive for the economic and public good in scientific and medical advances we must also champion human dignity and values.

This dialogue needs to be continued.

“The commitment must be an ongoing one to continue to consult with people, to continue to work to optimally protect both privacy and the public interest in the uses of health data. We need to use data but we need to use it in ways that people have reason to accept. Use ‘in the public interest’ must respect individual privacy. The current law of data protection, with its opposed concepts of ‘privacy’ and ‘public interest’, does not do enough to recognise the dependencies or promote the synergies between these concepts.”

[M Taylor, “Information Governance as a Force for Good? Lessons to be Learnt from Care.data”, (2014) 11:1 SCRIPTed 1]

The public voice from care.data listening and beyond, could positively help shape the developing consensual model if given genuine adequate opportunity to do so in much needed dialogue.

As they say, every little helps.

****

Part one: The Economic Value of Data vs the Public Good? [1] Concerns and the cost of Consent

Part two: The Economic Value of Data vs the Public Good? [2] Pay-for-privacy and Defining Purposes.

Part three: The Economic Value of Data vs the Public Good? [3] The value of public voice.

****

[1] care.data listening event questions: https://jenpersson.com/pathfinder/

[2] Private Eye – on Tesco / NHS England commercial meetings https://twitter.com/medConfidential/status/593819474807148546

[3] HSCIC audit and programme for change www.hscic.gov.uk/article/4780/HSCIC-learns-lessons-of-the-past-with-immediate-programme-for-change

[4] EU data protection discussion http://www.digitalhealth.net/news/EHI/9934/eu-ministers-back-data-privacy-changes

[5] Joint statement on EU Data Protection proposals http://www.wellcome.ac.uk/stellent/groups/corporatesite/@policy_communications/documents/web_document/WTP055584.pdf

[6] Ipsos MORI research with the Royal Statistical Society into the Trust deficit with lessons for policy makers https://www.ipsos-mori.com/researchpublications/researcharchive/3422/New-research-finds-data-trust-deficit-with-lessons-for-policymakers.aspx

[7] AdExchanger Janaury 2015 http://adexchanger.com/data-driven-thinking/the-newest-asset-class-data/

[8] Tesco clubcard data sale https://jenpersson.com/public_data_in_private_hands/  / Computing 14.01.2015 – article by Sooraj Shah: http://www.computing.co.uk/ctg/feature/2390197/what-does-tescos-sale-of-dunnhumby-mean-for-its-data-strategy

[9] Direct Marketing 2013 http://www.dmnews.com/tesco-every-little-bit-of-customer-data-helps/article/317823/

[10] Personalisation in health data plans http://www.england.nhs.uk/iscg/wp-content/uploads/sites/4/2014/01/ISCG-Paper-Ref-ISCG-009-002-Adult-Social-Care-Informatics.pdf

[11] Tim Kelsey Keynote speech at Strata November 2013 https://www.youtube.com/watch?v=s8HCbXsC4z8

[12] Forbes: Illumina CEO on the US$20bn DNA market http://www.forbes.com/sites/luketimmerman/2015/04/29/qa-with-jay-flatley-ceo-of-illumina-the-genomics-company-pursuing-a-20b-market/

Sophie Scholl – post election protest, the press and public

Had she not been executed in Munich aged 21, Sophie Scholl would have celebrated her 94th birthday today.

Had she been alive, I would like to have invited her for the German tradition of afternoon coffee and cake in an artisan cafe in the student quarter of Schwabing, in the north side of central Munich. One we both once knew well and liked. One opposite a bookshop.

She famously wrote in a letter: ’Send me more new books, I’m dying of hunger!’

We might have talked of Heine’s poetry that she loved and was banned. Of Hemingway or Mann. When she was at school there was a long list of books removed which weren’t by Nazi approved authors.

I’m sure she would have approved of the literary prize – won by Glen Greenwald in 2014 – named after Sophie and her brother.

We may have strolled past the space where the Wittelsbach Palace in the Brienner Strasse once stood, Munich’s former Gestapo headquarters, where she was questioned for four days in 1943. It was torn down in 1964. She didn’t live to see that happen.

She was convicted of high treason and executed on February 22 after being caught distributing homemade anti-war and anti-Hitler leaflets at the University of Munich (LMU), with her brother Hans.

She was a courageous, bright young woman who stood up for peace, criticised the Nazi leader and government, and died for her ideals, embodied in the group the ‘White Rose’.

The media then was controlled and wrote little of what protest there was.

Some media outlets today in the UK and America have been criticised for their poor coverage of recent peaceful protests. But set fire to a police van or deface a monument and your cause might make the front page. Albeit for all the wrong reasons.

It is time for journalists to reconsider their role and responsibilities. In a world of change which may include losing the right to free speech and equality for women and minorities in the Human Rights Act, it seems odd editors of all people, would choose to be so biased.

The White Rose group called for students to fight against the party. The Nazi party. To leave the party organizations in which they saw students politically muzzled and protest contained.

Post UK General Election 2015 I wonder if there are people who are doubting their own political involvement with parties who lost seats.

Some may be joining political groups or marching under campaign groups’ banners. What will they achieve?

Post Election Protests

Of the two thirds who did not vote for the winning GE2015 party, how many people turned out in protests today?

There was more of a widespread rally reported on the stock market than on the streets since Friday morning.

“Centrica, the owner of British Gas and one of the UK’s main energy providers rose 7.4 per cent to 276.5p. Royal Bank of Scotland was one of the best-performing financial stocks, up 6 per cent at 352p.”  [FT May 9, 2015]

This week after the election, parties and large member campaign groups may be thinking hard about their messages and their audience.  If their message on the NHS for example, has hundreds of concrete case studies of moves towards outsourcing under the last five years of government, and millions of online signatures, yet they cannot convince the voting public that the state NHS as we know it is at risk, something is wrong with the message, their delivery or finding the audience they need to engage.

What matters to the majority of people everyday is more palpable than policies or protest campaigns; shelter, water, food, power, transport, our digital infrastructure and freedom of communication and travel. The protection of human dignity. To feel safe.  To have access to justice and education and health. To have freedom to love and live as you choose.

There is also another possibility. That not enough people care enough to stand up with the courage of their convictions. But perhaps it is rather that the majority are just too busy managing daily life?

Perhaps there is also an argument for campaign groups with millions of members to stop national protest and start delivery of grassroots local change. To provide the services and solutions that strengthen individuals. Their big campaigns did not turn into great electoral power.  Perhaps like twitter, there is a tendency for the message to only reach already like minded folk. Small concrete changes for individuals may have more impact on everyday lives. Through those could come cohesion. And instead of telling their already convinced supporters to sign yet another petition, they should share stories, with consent, of everyday lives.

Stories of what real life is like when you are affected by policies in practice, stories whose ripples will reach further. Show, don’t tell. Don’t tell us the NHS is in danger, show us the service rationing.

The Access to Work cuts consultation affecting the disabled has already been announced, picked up by twitter and in the Independent.

But how effective any ensuing protests may be, may depend on the press and wider public for enough support.

The Press and the Public

In the 2015 General Election campaign, many felt the biggest winner was spin.

There was the Telegraph’s last minute email to readers, and a letter so misleading reportedly from business owners that even big name companies distanced themselves from it.

Now after the result and seeing the first cuts to the disabled and threats to free speech, I really think the Telegraph editor(s) should go and sit in a corner and think about what they have done.

When on Friday I spoke with an experienced investigative journalist, his reaction to the election result was disappointment the campaign had been so bland on content yet strongly partisan.

For people who blame Scots for the outcome of the election, the political press did its job. Not only have cuts in compassionate welfare been successfully justified by blaming the demand for it on laziness, employment market failures have been left squarely at the feet of foreigners, and the press front pages managed to drive a wedge between the nations and parties.

‘Divide and conquer’ is an ancient but perhaps forgotton meme. Pushing living issues we struggle with in society back into our own hands so that we criticised each other and not the failings of parties’ policies to deal with them, was an effective tactic.

The created fear of anything foreign became not just about mugs, not just about people crossing the channel, but fear of the unknown.

So we voted for what we knew or against what we could no longer trust.

So what would Sophie have been like today?

She would no doubt find the injustice of our recent changes in the legal system abhorrent.

Solicitors tell me of rumors that people on probation in Sussex are no longer being met face-to-face since the service was privatised. She may also have had fears that an increase in juvenile behaviour legislation as was implemented in her youth in Germany, will come into Britain. Powers to search pupils, issue same day detention, exclusions & use reasonable force began in 2010. What will be next for our young people under the same leader now in charge of directly punitive services? A fan of long custodial sentences.

She would perhaps have been pretty sharp on twitter. She may have supported Millifandom. She would have stood up to the press. She would have become a pretty indomitable woman. Exactly what the judge, state and its supporters saw in her at 21.

I will not be able to indulge Sophie on her 94th birthday, as she lies buried in a tiny grave, in the Perlach cemetery on the south side of Munich next to the Stadelheim prison where she spent her final days.

It is still one of the largest prison complexes in Germany today.

She reminds us that well used peaceful protest, and print, can prick the conscience of citizens and those in power to achieve justice, fairness and a future society open to all who want to live in it.

“We will not be quiet. We are your bad conscience. The White Rose will not leave you in peace.”[Flugblatt 4]

The world is better for Sophie Scholl and friends having been there. She would have been 94 today. It wasn’t long ago she was 21.

Herzlichen Glückwunsch Sophie, meine Liebe.

*****

*****

The White Rose background:

In 1943 open protest was impossible.

Their sixth and final leaflet produced by the movement was titled: “To fellow freedom fighters in the resistance”.

Its last lines are quite hard to translate: “Frisch auf mein Volk, die Flammenzeichen rauchen!” But the spirit is this. “Wake up people, where there is smoke there is fire.”

Would the White Rose flyers have fanned the sparks of protest in Munich had she not been killed?

The state wasn’t prepared to find out.

She was convicted of high treason on February 22 after being caught distributing homemade anti-war and anti-Hitler leaflets at the University of Munich (LMU) four days earlier, with her brother Hans.

The judge, Freisler, who became later known for his ideology of the  ‘pernicious juvenile’ which helped shape Nazi law, condemned six people to death from the group the ‘White Rose’: all three defendants of the first trial of February 22, 1943: Hans and Sophie Scholl and Christoph Probst; as well as Alexander Schmorell, Willi Graf and Professor Kurt Huber in the second trial on April 19, 1943.

Sophie Scholl believed she could change things. In life or death.

“It is such a splendid sunny day, and I have to go. But how many have to die on the battlefield in these days, how many young, promising lives? What does my death matter if by our acts thousands are warned and alerted? Among the student body there will certainly be a revolt.”

She was given a written copy of the charges against her. In her cell she wrote one word on the back of the page. “Freedom.”

But she did not get the student revolt or the freedom she hoped for.

Of about 8,000 Munich students a maximum of 50 ever stood up for them. Neither the leaflets left in the university or the White Rose deaths sparked great protest against the Nazi regime.

The ‘seditious’ leaflet promoted peace and pointed out how many young men were losing their lives on the Russian front.  It decried gagging laws and limits to freedom of expression. It called for people, in particular students, to be individual conscious citizens with responsibility to freedom, and honour for their future.

Fatally, it also said that Hitler’s regime must fall to ensure the survival of Germany: “Hitler und seine Regime müssen fallen, damit Deutschland weiterlebt.”

 

References:
The White Rose papers: 1, 2, 3, 4, 5, 6.

http://www.bpb.de/geschichte/nationalsozialismus/weisse-rose/61035/zeitzeugin

Spiegel: http://www.spiegel.de/einestages/widerstandskaempferin-sophie-scholl-jetzt-werde-ich-etwas-tun-a-948731.html

Michael C. Schneider/ Winfried Süß: “Keine Volksgenossen. Studentischer Widerstand der Weißen Rose”LMU Müchen 1993 ISBN 3-922480-08-X

Barbara Leisner: ‘Ich würde es genauso wieder machen’. Sophie Scholl, ISBN: 3-612-65059-9

Public data in private hands – should we know who manages our data?

When Tesco reportedly planned to sell off its data arm Dunnhumby [1] in January this year, it was a big deal.

Clubcard and the data which deliver customer insights – telling the company who we are, what we buy and how and when we shop using ‘billions of lines of code’ – will clearly continue to play a vital role in the supermarket customer relations strategy, whether its further processing and analysis is in-house or outsourced.

Assuming the business is sold,  clubcard shoppers might wonder who will then own their personal data, if not the shoppers themselves? Who is the data controller and processor? Who will inform customers of any change in its management?

“Dunnhumby has functioned as a standalone outfit in the past few years, offering customer information services to other retailers around the world, and could operate in a similar way for Tesco post-acquisition.”

I haven’t seen in the same media that the Dunnhumby speculation turned into a sale. At least not yet.

In contrast to the commercial company managing customer data for those who choose to take part, the company which manages the public’s data for many state owned services, was sold in December.

For an undisclosed value, Northgate Public Services [2] part of NIS was sold in Dec 2014 to Cinven, a European private equity firm.

What value I wondered does the company have of itself, or what value is viewed intrinsic to the data it works with – health screening, the National Joint Registry and more? It formerly managed HES data. What was part of the deal? Are the data part of the package?

Does the public have transparency of who manages our data?

Northgate has, according to their website, worked with public data, national and local government administrative data since 1969, including the development and management of the NNADC, “the mission critical solution providing continuous surveillance of the UK’s road network. The NADC is integrated with other databases, including the Police National Computer, and supports more than 3 million reads a day across the country.”

Northgate manages welfare support payments for many local authorities and the Welsh Assembly Government.

Data are entrusted to these third parties by the commercial or public body, largely without informing the public.

One could argue that a ‘named owner and processor’ is irrelevant to the public, which is probably true when things are done well.

But when things go wrong or are changed, should ‘the supplier’ of the data, or rather the public whose data it is, not be told?

If so, citizens would be informed and know who now accesses or even owns our public data that Northgate had in the past. Different firms will have different levels of experience, security measures and oversight of their practices than others. To understand how this works could be an opportunity for transparency to create trust.

Trust which is badly needed to ensure consensual data sharing continues.

So what will the future hold for these systems now owned by a private equity firm?

The buyer of Northgate Public Services, Cinven, has experience making a profit in healthcare.

We hear few details of plans available in the public domain about the NHS vision for data management and its future in public research.

We generally hear even less about the current management of the public’s data unless it is in a crisis, as front page stories will testify to over the last year. care.data has been in good company generating anger, with HMRC, the electoral register and other stories of legal, but unexpected data use of citizens’ data.

As a result we don’t know what of our public data is held by whom.

The latest news reported by the DM [3] will not be popular either given that 2/3rds of people asked in research into public trust over the governance of data [4] have concerns about public data in the hands of private firms:

Controversial plans to give private companies such as Google responsibility for storing people’s private personal health data could be revived, a minister has suggested.”

Could there ever be privatisation plans afoot for HSCIC?

It’s going to be interesting to see what happens next, whoever is making these decisions on our behalf after May 7th.

Certainly the roadmap, business plan, SIAM goals, and framework agreement [5] have given me cause to consider this before. The framework agreement specifically says change to its core functions or duties would require further primary legislation.”
[HSCIC DH framework agreement]

hscic_DH_framework

 

Changes to the HSCIC core remit, such as privatising the service, would require a change in legislation which would by default inform parliament.

Should there not be the same onus to inform the public whose data they are? Especially with “protection of patients being paramount”.  One could say protections should apply to our consumer data too.

Regardless of whether data are managed in-house or by another third party, by the state or commercial enterprise, if third parties can be outsourced or even sold, should consumers not always know who owns our data and of any changes in that guardianship?

Taking into account the public mistrust of commercial companies’ data management I would like to think so.

Further privatising the workings of our state data without involving the public in the process would certainly be a roadmap to driving public confidence on data sharing into the ground.

So too, when it comes to public trust, we might find when the commercial sale of consumer Clubcard data goes ahead, every little does not help.

****

Refs:

[1] Computing 14.01.2015 – article by Sooraj Shah: http://www.computing.co.uk/ctg/feature/2390197/what-does-tescos-sale-of-dunnhumby-mean-for-its-data-strategy

[2] Northgate sale to Cinven http://www.northgate-is.com/press-release-nps.html / http://www.northgatepublicservices.co.uk/

[3]  On the future of data handling http://www.dailymail.co.uk/news/article-3066758/Could-Google-look-NHS-data-Controversial-plans-revived-minister-says-technology-firms-best-placed-look-information-securely.html

[4] Ipsos MORI research with the Royal Statistical Society into the Trust deficit with lessons for policy makers https://www.ipsos-mori.com/researchpublications/researcharchive/3422/New-research-finds-data-trust-deficit-with-lessons-for-policymakers.aspx

[5] HSCIC DH Framework agreement http://www.hscic.gov.uk/media/13866/Framework-Agreement-between-the-Department-of-Health-and-the-HSCIC/pdf/Framework_Agreement_between_the_Department_of_Health_and_the_Health_and_Social_Care_Information_Cent.pdf

Refusing refugees – a modern genocide?

I am ashamed  that our government will not accept more asylum seekers into the UK.

From the comfort of my warm dry living room that is easy, while I watch the hardship and efforts of others as cold, drowned people are pulled from the Med.

Easy but for the fact that I see each one as somebody’s daughter or somebody’s son. I am also sad and angered by our collective UK government response, because we could do better.

It’s “genocide — nothing less than genocide, really,” Maltese Prime Minister Muscat told CNN this week.

Genocide is not word we should use lightly, and many still associate with WWII.

Back in 1943, seventy two years ago, the British Cabinet also debated what to do with wartime refugees, mainly Jews and Czechs but including a wide spectrum of persecuted minorities. At the time the Cabinet did not recognise genocide in progress. Their conversations appear not to have recognised any humanitarian crisis, so much as much as a political inconvenience. Yet the same minutes suggest they were aware of massacres. [source: National Archives]

Just like today, the 1943 politicians focussed the problem of what to do with ‘refugees’ on themselves and their response.  It was a problem for them, the British cabinet, not the refugees at risk.

They discussed how it would look and what anti-semitism / racism may occur at home to accept more. What language to use. And how difficult they suggest it was to rally international support. They discussed which departments would take the criticism and how to pretend that political discussions were taking place that weren’t. They wonder if they cancontinue to pretend in the H/C [House of Commons?] to be holding international conversations.” [p.93] Other meetings were to be held in secret.

They seem  little concerned how to solve the problems of people whose lives they would forever alter and many more  indirectly besides.

They seem more concerned to ensure that the refugees will get sent back where they came from than in their welfare.

They made decisions which would have far reaching consequences into the future, for example on Palestine.

Today’s British politicians and media tend towards using migrant rather than refugee, and often conflate the terms immigrant, refugee and asylum seekers. Usually centred on a problem real or imagined that immigration poses in the UK.

I wish we could start talking about solving the problems of these ‘people’ instead.

Politicians blame each other for lack of action. Blame the traffickers for unseaworthy boats and exploitation. Blame helps no one.

Part of the solution lies in not creating the problems to start with.
Afghanistan, Libya, Palestine. Syria. Yemen. So many places in Africa. The list is long of places to whom we sell arms and fund violence.

Yet our pre-election government could not find funds for the humanitarian needs of children and adults who needed our help until voters saw enough coffins on the evening news, a political embarrassment which forced action.

Camps will be built for internment on arrival – but is that a way to solve the problems of people who have fled their homes under duress?

Nations will now unite in yet another new war. A war on traffickers.

The well organised merchants in manslaughter expect to lose their vessels to the waves or have them confiscated. Most of these open caskets are navigated by a non-culpable refugee and the traffickers don’t care if they founder.

‘Let them drown’ has not been a policy exclusive to European leaders.

What effective difference will destroying more boats make?

This is a refugee’s only option in the last leg of a long journey from war; torture, rape and harassment. How will it stop them leaving or wanting a safe and better life for their children? Why should it? Will this policy not simply push up the price of every place on a remaining boat and drive more unworthy ones into service?

Will sending arrivals back solve anything or create some sort of game of Risk in which they can ‘play again’ until they die trying? How will they be treated if they refuse to go?

The failure of governments to listen and the resulting deaths, is indefensible when organisations and individuals predicted and publicised the effect of withdrawing search and rescue months ago.

I wondered in the interim how big the number had to become to be embarrassing. Turns out it was 900. And that’s not the total, but the one incident on one night.

The only good thing to have come from that night is some return to rescue work. But the decision to take no asylum seekers is wrong.

The right to seek asylum is set out in the Universal Declaration on Human Rights. It is one of the most important obligations in international law.

People in the UK care about the callous ‘let them drown’ policy affecting would-be asylum seekers and refugees. We see through hyped-up threats of  ‘immigration’ voiced by right-wing minorities or pandered to in party mugs.  Sadly the pandering has become passivity towards the real needs of real people. It is shaping a political discourse the majority in the UK do not want, with real consequences at home and abroad.

The fear of loss  of political face is costing lives in the Mediterranean. It is making British politicians of all colours too quiet. The 7th May may see the inconvenient batten handed over to a new government.

How many will perish in the mean time?

One child drowned is one child too many. How long will our leaders focus on what they perceive as protecting our own interests and borders, and not on the people who need our help?

These people have no future if they don’t leave. They have no future if they don’t arrive alive. And no future if not welcomed when they do.

I will never forget that ten o’clock news picture of a dead  boy being carried onto the craggy Greek shore. I can imagine his mother putting that patterned warm hat on his head in the hope it would protect him from the cold weather on a rough crossing.

I see his lifeless hands hanging free in the fisherman’s arms.

And I wonder how today’s Cabinet Office minutes will read in the years to come.

photo: twitter adapted from a poster of the Italian Red Cross. #WhereisEurope

****

1943 Cabinet Office minutes.

February. Refugees.

A.E. Rpt. on recent mtg. re Jews. No progress with U.S.A. No immed. chance of direct conversns. Can we continue to pretend in H/C. tht. we are holding internat. conversns. We here can do so little tht. difficult for us to take it up internationally unless U.S. co-operate.

H.O. I cd. take 1.000 or so as part of U. Nations move – but only to bring the others on. Rathbone & Co. all pressing us to admit some to encourage other A. Nations. My feeling is we’ve done too much already w’out guarantee tht. other Nations will help. Danger of anti-Semitic troubles here.

S/Doms. Advantages of explaing. diffies. in Debate – what we have done, and diffy. of doing more.

W.O. Risk of provoking discussion of Jewish Army.

A.E. Agree advantages. Trouble is disclosure of U.S. delay.

H.O. Arrange Parly. Ques. to P.M. askg. what contribn. we and Empire have made – and give it publicity.

M/L. Can Cab. Sec draft Answer to show what we have done.

Agreed: Have Ques. subject to Cab. seeing answer. Otherwise, stand firm. Have put to U.S. Chargé d’Affaires last week-end 3 points a) mtg. here. b) Agreed – await replies to these points. Ch. Whips to be asked to discourage undue interest.

****

Reception and Accommodation of Refugees.

A.E. Shd. we take line “done all poss. nil more” or “This is for U. Nations. We will try more, if others do their share”.

We favour second course. This is apart fr. what C.O. can do in Pal. for women and children. (Limited nos. give priority to w. and children)

Amendment of para 4 of telegram – agreed.

****

March 1943 Refugees.

L.P.S. Debate in H/Lds. Tomorrow. Can I use some of these figures?

P.M. Yes: don’t use ‘em all.

H.O. M/I. to seek publicity for this statement. Law. “Czecho-slovak nationals” vice Czechs”

M.A.P. Cd. a total be put in: small gobbets don’t give impn of large total.

K.W. Only if the total is really impressive.

P.M. Consider this point.

****

April 1943

A.E. U.S. have asked if we cd. take few hundred Stateless refugees. ? Say we’ll take a few more if U.S. will take a few.

*****

Refugees: Bermuda Conference. May 1943

A.E. Neutral countries to take more. Camp in N. Africa to relieve immed. pressure on Spain. Revival of inter-Govt. Cttee. These are the 3 main points. Encouraging tht. we & U.S. delegates (not all easy) got on v. well together.

G.Hall. a) Diffy of U.S. doing anything: for 2 days: then they came along v. nicely

L.P.S. Anti-Semitic letters: put it on basis of all refugees, not Jewish refugees – i.e. by describing them by nationality not race.

L.S.A. P.5. India has taken 11.000 not 5.000. para. 14. 185 W.O. Para. 15. Arabs have already got the farms. We have now asked them to put up camps H.O. Minor corrections – notify to applic. Authy. for record?

A.E. Debate. Peake to open qua Conference. Senior Minister to wind up (? Member of War Cabinet)

L.P. Giving assurance to neutrals tht. they won’t have to keep them indefinitely. Does this mean they will go back whence they came?

H.O. This is the understanding. Our only undertaking is to see tht. they get back.

****

July 1943

P.M. I’m committed to creation of a Jewish National Home in Palestine. Let us go on with that […]

S/Doms. Don’t dissent. But what I want is to face up to formulation of a proper post-war policy.

P.M. Not a good time for statements on long-term policy.

 

____

Minutes source: National Archives

Chinese whispers, modern weapons #fiction

When you play the party game as children, what starts off said into the ear of one player, becomes something quite unintelligible by the time it reaches full circle.

It can cause chaos and it’s quite fun. Unless it ends up something hurtful the hosts would rather hadn’t been shared.

Not so fun, is the potential for the chaos caused by technology with the capability to spread information from one place to another, sufficiently damaging to bring business to a standstill. Or security. Or utilities. Or our medical devices.

In my spare time, I write fiction. [I have a long work-in-progress set against stories of post World War II emigration.] Here’s some flash fiction from today.

###

December 2015 in London.

After an apathetic  run up to the election, when few concrete policies emerged with detail that could be pinned down publicly and become humiliating in case of coalition concessions, the election was decided. A weak power sharing was agreed. Conservative and right wingers, with the dash of yellow that had survived.

Admitting another poor win, the party have ousted Cameron, and elected a new leadership. Boris and Nigel have already had a few laughs and a few run-ins.

On her way home, twenty-eight year old Kate grabs a copy of the Evening Express with their garish grins on the front cover. Again.

Barely 100 days into a winter government, May is long gone. Little of substance has changed save some minor screwing down on the rights to welfare access for foreigners or those ‘fit-to-work’.  Legacy policies remain.

One of those was on cybersecurity;  technology that protects online communications, banking, shopping, health data and more.

Kate reads the page 3 article:

“In a knee jerk reaction to recent violent attacks, the cyber security ban first proposed in the last parliament has been rushed through.

Campaigners claim the MPs understand so little of what they are legislating that they “believe it would be possible to stop terrorists communicating privately without astonishing collateral damage to Britain’s economy, freedom, and security.”

Businesses and government bodies that have security affected under the new laws, consider what to do.

Kate working in her finance IT admin job, spent the day running reports on what software and historical data she needs in the system. Some sort of internal review.

Banking has IT still in place from the seventies. Building anything from the ground up is hard work. Patches are added on for as long as they’ll work. They’ll get round to fixing it. Soon.

Curled up on the sofa  she uses her single log-on for government agencies, for identity, administration and payments. Finally submits her passport renewal and thinks about visiting her cousin in San Francisco in February.

She books the bargain deal seen in an ad on Facebook that suited exactly what she wanted.

Her cousin joked ‘please bring wine’, theirs has run out. His last post mentioned the price of bottled water.  And China extracting it from the sea. Crazy.

Kate decides to catch up with that BBC Radio 4 IT podcast she missed. “There’s a good bit on banking,” her colleague Dan had said,  “and bring-your-own-device at airports.”  He was cute, and she was interested. Earphones, PJs and slippers on.

She worries shes turning into her mother.

Finishing her popcorn, Kate’s half way up before remembers she need do nothing. She isn’t yet used to the clinic’s networked library system administering her insulin dose. [Something else she’d inherited.]

Medical devices have expanded exponentially. Thousands of people have insulin pumps or heart monitors installed, running citizens on invisible software. The transport system for data, the life blood for humans and high-tech.

Kate’s delighted to get independence from appointments.  Her consultant delighted to cut running costs. Teleheath permits datasharing . Algorithms flag warning reports for abnormal statistics.

The individual products are pre-integrated and powered by central backbone systems. The clinic has an overview of everyone it manages remotely.

Kate’s numbers are usually fine, and ignored with a normal label, somewhere in the system.  But they have started to show she needs a greater dose. She’ll get a call in the morning to discuss a change in her meds, to be adjusted remotely.

Thirsty, she gets up and fills her glass from the tap. That reminds her. She should check her bill online.

Utilities across the UK, power and water, many owned by one Chinese conglomerate, have replaced old mainframe customer billing systems with these integrated modern software. Behind the scenes too, its distribution has interoperable compliance permitted by deregulation and required for globalisation.

Checking her alarm before she puts out the light, Kate smiles at the perfect step count for the day. Her fitapp makes her think of Dan.

She dreams of him. Somehow he’s landed with her in San Francisco. They won’t let him through immigration as he doesn’t want to give up his work laptop. Or phone. The flight can’t take off again and every staff member is using their own device to try and control airspace which is filled with pac man eating the planes.

While she travels in her sleep in the small hours, an organisation in a country she’s never been to, starts sending massive amounts of data into systems around the world. Some with bugs.

Overloaded, her hospital system shuts down, spewing out warning reports including Kate’s into the nighttime corridor. It doesn’t report exactly how her own device is affected because they haven’t researched it. 

Still tired, she gets up and hears the radio news in drips through the shower.

“A military coup in China, thousands of private business owners rounded up.”

“Concern is growing after what appears to be a mass cyber attack spreading malware to banks…”

She wonders if hers is affected.  It’s going to snow says the forecaster just as the water stops. And the lights and radio cut off.

Kate curses the landlord, towelling soap suds from her hair. She picks up her phone but can’t call out as there’s no network – either down or just as after 7/7 perhaps it’s overloaded.

She swears again.

She hopes no one is trying to call her.

It looks like today is going to be very inconvenient.

In the tube queue Kate starts contemplating a duvet day, she’s squashed in an impatient mass of people. Ticket machines are down and it’s bedlam. She picks up a paper from the stand.

Water cannon are back on the front page.  The story is about the role of government, state security and how to keep control.

The headline asks:

“Is London’s newest weapon out of date?”

****

 

“Alongside the Great Firewall, China has been developing a new way to intercept and redirect internet traffic, according to a new report from Citizen Lab.” [The Verge, April 2015]

When the intelligence services knows states have infiltrated commercial company systems, and governments have these tools, how will they be used for good, and who defines those purposes?

How do citizens of all nations make sure that our commercial businesses, our everyday life support systems & legislation are well designed?

Do MPs in government understand what it should and can control and is it investing in the right tools to do so? Are our MPs sufficiently skilled for the requirements in the realm of cyber security and digital rights?

Has water potential to be the next weapon of mass destruction?

[image: Telegraph]

Thinking to some purpose