Wednesday, December 19, 2007

The NHS can do data protection

Kim Cameron has pointed out that some UK government bodies do understand secure data management:

"Scotland’s eCare has been recognised at an international awards ceremony on good practice in data protection. On Tuesday, 11 December, the Data Protection Agency of the Region of Madrid awarded the eCare framework one of two “special mention” awards. The aim of the annual prize is to expand the awareness of best practices in data protection by government bodies across Europe.

I’m really pleased to see the authors of eCare recognized. They have created a system for sharing health information that concretely embodies the kind of thinking set out in the Laws of Identity...

Ken Macdonald, Assistant Commissioner (Information Commissioner’s Office, which provided a note of support for the eCare application) has commented:

It is wonderful to see UK expertise in data protection being officially recognised in Europe for the second year running. Recent events have highlighted the need to comply with the principles of the Data Protection Act and I am delighted to see the eCare Framework and the Scottish Government setting such a fine example to others not just in the UK but throughout Europe.

I hope the work is published more broadly. From seeing presentations on the system, it partitions information for safety. It employs encrypted data, not simply network encryption. It favors local administration, and leaves information control close to those responsible for it. It puts information sharing under the control of the data subjects. It consistently enforces “need to know” as well as user consent prior to information release. In fact it strikes me as being everything you would expect from a system built after wide consultation with citizens and thought leaders - as happened in this case. And not surprisingly with such a quality project, it uses innovative new technologies and approaches to achieve its goals."

No comments: