Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Medical privacy threatened by loophole in draft EU data protection law, professor warns

Loek Essers | Oct. 9, 2012
A "huge loophole" is being carved in the European Union's upcoming data protection regulation, according Ross Anderson, a professor of security engineering at the University of Cambridge in England.

Anderson, though, wants to go further: he proposes notifying people in advance that their data will be used for research or other purposes, allowing them to opt out.

"Most people don't want wide sharing of information and most people don't want research without consent," he said.

If the articles are not amended, Anderson said, he could picture a situation in which a professor of psychiatry conducting research might lose a file containing 10 million patient records -- with them subsequently being posted to Pastebin, a site often used by hackers to leak stolen personal data. Such losses have already happened, said Anderson, referring to a case in which a laptop containing the health records for almost 8 million Britons was stolen.

And if such a database were posted to Pastebin, he said, then it's also easy to imagine someone comparing the data to what's known about the U.K.'s members of parliament. "And then things blow up," he said, "a scandal leading to public revolt."

While this scenario is of course fictional, it should be anticipated, Anderson said.

"I want to push back on what the E.U. is trying to do here," he said. "If civil society can get its voice heard there is every chance we can get these sections amended."

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.