Security concerns are in the headlines again. Fortunately not the 9/11 type but serious nonetheless.
Take for example the attempts by Google to photograph every street in the country and to post the results online. House owners fear the information will turn into a burglars’ charter.
Or the report that government backed hackers from Russia and China are targeting companies with a view to obtaining government defence and technology information. Not particularly reassuring, if true.
Sadly, we are all to conscious of reports that supposedly secure and confidential information has been lost, has been hacked into or has been found blowing in the wind down a street or waiting to become seagull fodder on a waste tip.
Possibly the most infamous recent “loss” was when HMRC inexplicably mislaid millions of names and addresses as a result of which the Chancellor of the Exchequer was forced to set up an inquiry under the chairmanship of PWC’s former senior partner, Kieran Poynter.
Now the NHS is seeking to change the way our health information is stored. It is no great surprise that millions of pounds of our money have already been spent on a project to create what are called NHS Summary Care Records for up to 50 million patients. Regardless whether you think the idea is a good one in principle, there are already serious concerns being voiced by the BMA and recently we have heard that, surprise, surprise health officials (they never name anyone do they?) have admitted that many of the letters sent out to some 9 million people giving them the details of the system and telling them how they can opt out if they wish, have gone missing. Letters to some people in three North East counties have been sent to the wrong addresses!! Better than being given someone else’s medication I suppose, but it hardly inspires confidence.
Why anyone would want to have their medical records on the new system, I cannot imagine. There have been a number of reports of medical staff leaving their computers unlocked and switched on overnight and the cleaners then accessing medical records!!
It is difficult to see how it can work unless everyone is capable of being identified uniquely and the system will be worse than useless unless it is kept ruthlessly up to date. Also, we should remember that the one time when a national system might assist a particular individual is when that person is in need of care somewhere other than when they are at a familiar surgery or hospital and surrounded by friends and family; and in those circumstances you must not be unconscious because, if you are, no one will be able to ask you who you are and access the correct records!!
In the e-discovery world, security is hugely important. Millnet has recently begun to compile an A-Z of the terms used by the technology industry. It comes in response to the many and varied questions asked by our clients. It seems that we are now engaged in a perpetual process of completing it but for the time being, my musings on the question of security were prompted by proof reading the first imprint and reading and re-reading sections such as the one headed “encrypted”.
The A-Z is worth keeping to hand in any event and I commend it to all readers. However, in the context of security, I recommend all readers to glance at the section on two factor authentication. As well has having a specialised biometric entry controlled secure suite at our Scrutton Street premises, we regularly use two factor authentication so that users have to have not only a log in and a password but also need to swipe their fingerprint before being able to access to the system.
While you would not want to have to rely on such a system in Accident & Emergency departments of major hospitals, it is a useful and effective additional safeguard when dealing with sensitive or confidential material.
Pingback: Tweets that mention Who goes there? « the smart e-discovery blog -- Topsy.com