There are many hundreds of thousands of people who use internet banking. And of that number, there will be many thousands who have had the security of that banking beaten; they may have lost nothing more than data, but many will have lost considerable amounts of money as well. But the businesses that had their security broken will have lost, at the very least, their reputation. Often, they will lose money directly.
There are many millions of people who use eBay; data from it has, on occasion, been vulnerable to hacking. But eBay has lost reputation points because of it, and they have been out of pocket as well.
Basically, the amount of data that private organisations hold about people is immense. But those organisations have a very real incentive to keep that data safe: they can be sued if they don’t. And if they repeatedly ‘lose’ data, people will choose not to do business with them.
No so when it’s a public organisation. Special caveats are put in place; compensation is limited; laws are built with exceptions. And if it’s a large public organisation with a near total monopoly, well, whadda you gonna do?
Not being one to jump to conclusions, but that was the question that sprung to mind when I read a quite in this article. Said article is about the wonderful new electronic care record, and how it’s going to be put online in several trial areas.
Yes, they’re going to put the medical records of a shitload of people online. Securely, apparently. And it’s opt out, not opt in. The plan is to use the concept of ‘implied consent’, wherein the government assumes, without asking you or informing you, that they have your permission to use your data as you see fit. If you do not wish to have your data (ab)used, you have to jump through many, many hoops.
‘implied consent’, by the way, is against the spirit, and letter, of various Data Protection Acts. And any company that has used it has been crucified by the government and the consumer press. Not so the government; they just rewrite the rules to suit. Or plain ignore the rules and carry on regardless.
But, really, how secure do you think it will be?
Connecting for Health say the site will be highly secure, and will have far more protection than websites such as those which offer online banking.
Bear in mind, if you will, that CfH is so successful at keeping its promises that its old name – NPfIT, National Programme for IT – had become such a byword for abject failure that it was dropped. So I’m sure they’ll forgive me for doubting that they’ll put any commercial enterprise to shame. Unless said enterprise was the Brooklyn Bridge Sales Co, and even then it would be quite close.
NPfIT Connecting for Health has no incentive for pushing the boat out on security; if there is a breech, it would be local health authorities, individual GP practices, and Trusts that would be sued. CfH would have nothing to lose. So why, exactly, would they spend money on buying porn quality security1 when they’d never feel the effects of buying l33t hax0r5 INC Security System?
There is plenty of cause, and there would be plenty of effect. But the two are not connected in the usual fashion. Those effected would be the patient, and the care provider. While those causing would be remote and untouchable.
All the more reason to opt out, really…
1 – All the cutting edge internet developments have been driven by porn; they seem to have a history of making money and then using it to pay the best and brightest to make them more money. The beautiful cycle of capitalism, as demonstrated by the basest of human desires.