1. Privacy and Data Protection

In today’s technologically driven world, storage and transmission of personal data is the norm. It is not unusual for data about an individual to be stored in thirty or more different places by different companies or organisations. Online retailers, media-streaming companies, social media sites, banks, insurance companies, medical services, educational establishments, and local authorities, are amongst the many organisations that store data about individuals. With a plethora of data sources, as well as a variety of different security arrangements, it is not entirely unknown for some of that data to end up in the hands of those who should not see it.

Because of some early electronic data breaches, most governments have created laws that protect an individual’s rights in terms of data access and security. In the UK, the adoption of the EU’s 2018 General Data Protection Regulation (GDPR), which replaces the UK’s Data Protection Act, is an example of such laws. These specify the rights of individuals to see the data that is stored about them and place stipulations on those storing the data. Allowing data to be accessed flagrantly, not placing data in sufficiently secure storage mechanisms, or not allowing individuals to see what is held about them, all constitute breaches of this legislation.

Despite these laws, it is not uncommon for data breaches to occur. The often-feared occurrence of hacking, which involves an outside entity breaking into a system to gather information, does happen, but is not as common as most people think. Instead, the most common reason for data loss is incompetence whereby access credentials are left exposed, private data is transmitted/given away by accident, systems left open by mistake or actual coding errors. The next most common cause is insider knowledge and misuse (i.e., ‘inside jobs’). Actual physical theft of data storage devices or computers, such as stealing laptops from cars, is the next most common reason. Viruses or malware present much smaller causes of data breach.

That said, if an individual becomes a victim of a data breach, irrespective of method, the results can be serious. Financial loss, reputational loss and loss of private and personal information can all affect an individual, sometimes disastrously.

Hypothetical Scenario

The UK’s National Health Service has recently proposed to allow third parties to access to patient medical records. The third parties comprise pharmaceutical companies, private medical research companies and big-data analysis companies. The NHS will auction one million patient records at a time, and the records will go to the highest bidder. Monies received will go back to patient care. It is envisaged that each batch of patient records will occur every three months until all records have been released.

Develop arguments for and against the auction of the medical records. You may want to consider what could happen to the data upon its release, or any laws that may be broken. Consider the likely benefits to the public. Also consider what mechanisms for data protection should be explored or stipulated by the NHS prior to the release of the records.