Ross Anderson Cambridge

Slides:



Advertisements
Similar presentations
Health Information Supplier Forum ‘Open data, a platform for change’ Garry Coleman, Health & Social Care Information Centre.
Advertisements

Confidentiality new guidance from the GMC. Statutory power to advise The Medical Act 1983 gives the GMC power to provide, in such manner as the Council.
Data Linkage Service Garry Coleman, Health and Social Care Information Centre.
1 The Engineer as a Professional Privacy. 2 After reading the articles please answer the following questions. 1) Is privacy a concern that engineers have.
The Nuffield Council on Bioethics Report : The collection, linking and use of data in biomedical research and health care: ethical issues. Martin Richards.
Why anonymity fails Ross Anderson Cambridge University Open Data Institute, 4/4/2014.
Dealing with confidential research information and consent agreements in research Louise Corti Associate Director UK Data Archive University of Glamorgan.
1 Identity and Transparency ( Bridging the GAPS of Governance Bridging the GAPS of Governance in eGov Initiatives in eGov Initiatives )‏ Badri Sriraman.
Making the information revolution come true: THE ROLE OF PSEUDONYMISATION Ian Herbert Vice chair (Partnerships), BCS Health.
OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.
Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.
Access to data for local authority public health AGW Public Health Network Training Event: Public Health Data, Information and Intelligence 11 th November.
John McGeagh, PhD | NIHR CLAHRC West Collaboration for Leadership in Applied Health Research and Care The power and potential pitfalls of working with.
Privacy, data protection and connected cars Lilian Edwards, Professor of Internet Law University of Strathclyde Researcher in Residence, Digital Catapult.
Principles of medical ethics Lecture (4) Dr. HANA OMER.
Presentation on Mechanisms for Reducing Corruption through Private Sector Monitoring and Enforcement by Essa Faal / Thomas F. McInerney General Counsel.
PD233: Design of Biomedical Devices and Systems (Lecture 3 - Bioethics) Dr. Manish Arora CPDM, IISc Course Website:
ETHICAL ISSUES IN HEALTH AND NURSING PRACTICE CODE OF ETHICS, STANDARDS OF CONDUCT, PERFORMANCE AND ETHICS FOR NURSES AND MIDWIVES.
Dr.Amira Yahia, Ph.D (N), M.Sc (N), B.Sc (N).  By the end of this session the student will be able to:  Define some terms related to ethic  Explain.
Page 1 Procurement and Probity Issues that Impact on the School Environment Presentation to the Tasmanian Schools Administrators’ Association (TSAA) Hobart.
Information Governance A refresher for all staff who have previously gone through the full course.
How Prepared are Nordic CIOs for GDPR Compliance?
Screening for Patients’ Health Insurance and Confidentiality Needs
IGA Conference Tuesday 22 November 2016
Healthcare data Robin Burgess, Regional Head of Intelligence, London region 17/9/2014.
Researching (with) social media: ethical challenges
Privacy and Public Policy Implications of IoT
The Protection of Confidential Commercial or Industrial Information in Environmental Law: Analysis and Call for a Graded Concept of Protection Prof. Dr.
Surveillance around the world
Anonymisation – a promise now broken?
Big Data Considerations
What’s going wrong in the UK
Ethical, Social, and Political Issues in E-commerce
Level 2 Diploma in Customer Service
Challenges in Implementing Data Sharing Principles
Privacy and Confidentiality in Research
The National Data Guardian review & Government response
About the national data opt-out
Medical Imaging Data Access and Sharing Meeting
GENERAL DATA PROTECTION REGULATION (GDPR)
Component 4: Introduction to Information and Computer Science Unit 2: Internet and the World Wide Web Lecture 4 This material was developed by Oregon.
Richard Purcell Corporate Privacy Officer Microsoft Corporation
What is Administrative Data?
Big Data Considerations
Collaborative Working & Best Practice
is not secure is not secure..
Appropriate Data Sharing in Health and Social Care
Ethical questions on the use of big data in official statistics
A Patient has the Right to…..
Data Protection principles
Social and Ethical Responsibility
Data Access and Stewardship
How we use Your Health Records
D3 Confidentiality.
Discussion of Values and Personal Codes of Conduct
Clinical Information System Security Policy (CISS Policy)
Data Management Ethical considerations for educational research
Introduction to Health Privacy
Data protection, new tech and privacy
Collaborative Working & Best Practice
SPIRE Project Scottish Primary Care Information Resource
HIPAA Privacy and Security Update - 5 Years After Implementation
Ethics & Laws.
Advocacy Standards Events
About the national data opt-out
The National Data Guardian review & Government response
Great North Care Record: What people say about data
Getting Ready For GDPR Simon Marks Director
GDPR what do we need to do?
School of Medicine Orientation Information Security Training
Presentation transcript:

Ross Anderson Cambridge Big Conflicts: The ethics and economics of privacy in a world of Big Data Ross Anderson Cambridge OII Feb 27 2015

The Nuffield Biodata report What happens to medical ethics in a world of cloud-based health records and pervasive genomics? 12 authors: from IT, medicine, ethics, insurance, pharma … OII Feb 27 2015

‘Big Data’ comes to the NHS Cameron policy announced January 2011: make ‘anonymised’ data available to researchers, both academic and commercial, but with opt-out We’d already had a laptop stolen in London with 8.63m people’s ‘anonymised’ records on it In September 2012, CPRD went live – a gateway for making anonymised data available from secondary care, run by the MHRA (the regulator) They refused to answer a FOI request about anonymisation mechanisms! OII Feb 27 2015

Can an NHS patient opt out? Cameron had promised in 2011 that our records would be anonymised, and we’d have an opt out The Secretary of State for Health, Jeremy Hunt, assured us in March 2013 that existing opt-outs would be respected In July this was reversed by the NHS England CIO NHS opt-out defaults are wrong; the privacy mechanisms are obscure; and they get changed whenever too many people learn to use them OII Feb 27 2015

The care.data scandal Hospital Episode Statistics (HES) has records going back 15 years (about a billion in total) Apr 2014: HSCIC reveals that HES data sold to 1200 universities, firms and others since 2013 HESID usually contains postcode, dob Even if the HESID were encrypted, what about cardioversion, Hammersmith, Mar 19 2003? Yet the DoH described pseudonymised HES data as “non-sensitive” and the ICO agreed! OII Feb 27 2015

Advocating anonymisation OII Feb 27 2015

… and transparency OII Feb 27 2015

Now add DNA The UK Department of Health is launching a ‘100,000 genomes’ project to use genetic analysis in both direct care and research All sequence data centralised; consent to unlimited research use (including sharing with 23andme) or you can’t join The FDA just stopped 23andme from offering health advice to new customers After the election: 50 million genomes! OII Feb 27 2015

The PCAST report Presidential Council of Advisers on Science and Technology (Craig Mundie, Eric Schmidt…) Big data has three components, they say Collection (e.g. your kid’s teddy bear) Aggregation (Microsoft / Facebook / Google) Use (the firms that buy ads) Claim: only the third should be regulated! ECJ response in González, the very same week OII Feb 27 2015

An ethical approach It’s long been accepted in medicine that the law’s boundaries are way too wide If you do everything you can’t be jailed or sued for, you’ll quickly lose patients’ trust So what is an ethical approach to medical practice, and medical research, in a world of cloud-based health records and genomics? Nuffield Bioethics Council set up a project … OII Feb 27 2015

Problem (1) There’s lots more data Cloud-based primary and secondary care records Genomics: from 100,000 patients to 50 million? Patient-generated stuff like fitbit Comms data, lab data, all sorts of other stuff … And lots more capability to store & process it This leads to all sorts of initiatives that mash up data from previously siloed applications OII Feb 27 2015

Problem (2) Huge ‘Big Data’ hype bubble – policymakers terrified of looking technophobic Shortage of money drives innovation in public sector, just as plentiful VC in the private sector Centralising tendency of every bureaucracy ‘Open data’ promise to big pharma and to nonprofit research communities Anonymisation – a ‘broken promise of privacy’ (see my book and ODI, RSS talks) OII Feb 27 2015

Moral values and interests Distinction between public and private evolved over millennia – before history Norms of disclosure are important for formation and maintenance of identity and relationships Consent is how patient relationships work Public interests exist such as public health and research but these are not just in opposition to private interests in confidentiality OII Feb 27 2015

Law and governance Laws reflect emerging social consensus (albeit with a time lag and a big lobbying bias) Common law duty of confidence Data protection law Human-rights law: s8 ECHR, I v Finland Usual take: ‘consent or anonymise’ But anonymisation doesn’t work, and consent is becoming steadily harder! What should an ethical researcher do? OII Feb 27 2015

Principle 1 – Respect for persons The set of expectations about how data will be used in a data initiative should be grounded in the principle of respect for persons This includes recognition of a person’s profound moral interest in controlling others’ access to, and disclosure of, information relating to them held in circumstances they regard as confidential OII Feb 27 2015

Principle 2 – Human rights The set of expectations about how data will be used in a data initiative should be determined with regard to established human rights This will include limitations on the power of states and others to interfere with the privacy of individual citizens in the public interest (including to protect the interests of others) OII Feb 27 2015

Principle 3 – Participation The set of expectations about how data will be used (or re-used) in a data initiative, and the appropriate measures and procedures for ensuring that those expectations are met, should be determined with the participation of people with morally relevant interests Where it is not feasible to engage all those with relevant interests, the full range of relevant interests and values should nevertheless be fairly represented OII Feb 27 2015

Principle 4 – Accounting for decisions A data initiative should be subject to effective systems of governance and accountability that are themselves morally justified This should include both structures of accountability that invoke legitimate judicial and political authority, and social accountability arising from engagement of people in a society Maintaining effective accountability must include effective measures for communicating expectations and failures of governance, execution and control to people affected and to society more widely OII Feb 27 2015

How do existing initiatives add up? HES/care.data – treating data as an industrial raw material, for sale to all, and available with commercial reuse licenses CPRD – won’t say how data are ‘anonymised’ and push it for all sorts of research purposes 100,000 Genomes – at least GeL keep custody of the data but allow secret uses by firms Scotland – links local datasets using a central `safe haven’; some public engagement OII Feb 27 2015

Application to security research? Started thinking about this following Facebook app from our psychology department Our Device Analyzer runs on 23,000 Androids For user: personal analytics (best phone plan) For us: understanding smartphone use, energy consumption and much else See https://deviceanalyzer.cl.cam.ac.uk/ which has research papers etc OII Feb 27 2015

Application to law enforcement? Law enforcement at least has some focus on respect for persons (even if intel doesn’t) It’s bound by human-rights law ( ditto ) Thanks to Edward Snowden, we have a more truthful account of state surveillance capabilities but are still not really consulted (see DRIP Bill, ISC mess, …) In an ideal world, we’d have an international treaty on warrants, transparency, jurisidiction OII Feb 27 2015

Today’s ‘Economist’ “If citizens aren’t protected from prying eyes, some will suffer and others turn their backs. Societies will have to develop new norms and companies learn how to balance privacy and profit. Governments will have to define what is acceptable. But in eight short years smartphones have changed the world—and they have hardly begun.” OII Feb 27 2015

Where’s it going? “The Ood, it is worth remembering, did not just have two brains, one in the head and one in the hand—they had a third, planetary brain, telepathically shared by all. It may yet be to such a world that, with phones in hand, pocket and purse, humanity makes its way.” OII Feb 27 2015

Where’s it going? “The Ood, it is worth remembering, did not just have two brains, one in the head and one in the hand—they had a third, planetary brain, telepathically shared by all. It may yet be to such a world that, with phones in hand, pocket and purse, humanity makes its way.” “Democracies may be able to find acceptable solutions to some of the problems posed.” OII Feb 27 2015

More … The report: see our blog or my website Our blog http://www.lightbluetouchpaper.org My website http://www.ross-anderson.com/ Workshop on the Economics of Information Security, Delft, June 22–3 http://weis2015.econinfosec.org/ OII Feb 27 2015

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.