Oh joy

[Krazeh]

Not imaginitive. Straight-up straightforward reading.

No, it's imaginative to read that their T&Cs give Google the ability to sell (or give away) confidential data by simply creating a new service using that confidential data in order to sell that data. It also doesn't take into account that the T&Cs you're referring to are different to the ones for the cloud services that would have been used by PA Consulting.

It's not "fucking over" anyone. You use google's services you grant them those rights. Don't like it, don't use them. Simple.

It's google's business model. You give them data, they use it.

If you tell businesses they can upload their data to your servers and use your services to manipulate that data, and that the only use you'll make of any uploaded data is for very limited purposes related to ensuring your services continue to work properly, and also agree to safeguards for the data while it's in your possession, but then breach all of that to sell data that has been uploaded then I'd argue you're fucking someone over. Including yourself because no one is going to use you after you do something like that, not when there's plenty of competition around.

Have/haven't breached the DPA is immaterial. Who gives a shit (other than you)? This is personal medical data being transported outside the NHS, never mind outside the UK to a company with form for poor data handling, a stated desire to abolish privacy and a legal grey area.

Actually it is material. If PA Consulting have complied with the DPA then the data (if it is indeed personal data) will still be covered by the DPA and have appropriate measures in place to safeguard it. Even if it is on Google's servers. As for personal medical data being transported outside the NHS or outside the UK, I hate to break it to you but this isn't the first time that's happened. For example, transcription services in India have been used to transcribe recordings of consultant notes. Should we panic about that as well?

A number of reasons, but we'll leave the betrayal of trust in the doctor-patient relationship (you know, the really obvious one) out of it and simply state that anonymised data clearly isn't. Especially when it comes to medical records - which by their nature are as about as personal as they get - and, by admission, it's the "entire start-to-finish HES dataset across all three areas of collection".

Don't know about you Krazeh, but I want my doctor to be able to look at my medical records. Not anyone else.[/quote]

If the data has been anonymised or pseudonymised (which contrary to your belief can be done with medical records) then it doesn't identify the individual it relates to. If you can't tell if a record belongs to Joe Bloggs or Jack Bloggs or any other Bloggs what trust has been betrayed? If I tell my doctor something it's on the basis he doesn't tell anyone else that it's about me. If he wants to release the same information but in a fashion that doesn't allow me to be identified then why should I care? As for your desire to only have your medical records looked at by your doctor, that stopped being the case quite a while ago. Access to, and the use of, your medical records for secondary purposes is not something new. Your medical data has probably been to a variety of places, in one form or another, without you ever being made aware of it.

 

[DaGaffer]

This is all a bit of a storm in a teacup tbh; individuals can't be identified and if anything, this is showing how to use big data cheaply (rather than the usual ridiculous NHS IT procurement processes) to get benefits from aggregate data. Even if Google did "sell" it (and actually Google don't sell personal information; they use personal information to sell you stuff, but they don't sell it on, ever.), its got nothing to identify an individual in it.

What you should be getting wound up about is the fact that the NHS are using dodgy tactics to allow them to sell your data directly to insurance companies and the like, in true HHGTTG "beware of the leopard" style:
http://www.theregister.co.uk/2014/0...portant_enough_exceptional_circumstances_tag/

 

[Himse]

the cunts who proposed the whole selling of personal details should be the ones held responsible as well as whoever leaked it all, not the NHS directly, pretty sure it was some Tory toss pot that's responsible overall.

Agree - but lol at 'Tory toss pot' - quick to blame the Tory party when it could be any random Joe.

 

[BloodOmen]

Agree - but lol at 'Tory toss pot' - quick to blame the Tory party when it could be any random Joe.

Quick to blame the Tories? it was their idea in the first place, so yes, they get the blame.

 

[DaGaffer]

Quick to blame the Tories? it was their idea in the first place, so yes, they get the blame.

No it wasn't. The whole thing was kicked off under Labour with the aborted "NHS Connecting For Health" project. Not that the Tories would have done anything different if they'd have been in power at the time; but knee-jerk "Tories are cunts" rhetoric should be modified to "UK Government are cunts, no matter who they are" rhetoric.

 

[Himse]

No it wasn't. The whole thing was kicked off under Labour with the aborted "NHS Connecting For Health" project. Not that the Tories would have done anything different if they'd have been in power at the time; but knee-jerk "Tories are cunts" rhetoric should be modified to "UK Government are cunts, no matter who they are" rhetoric.

This. No matter what party they claim to be a part of, they're all of the same breed and all have Cuntyitus.