BMJ - PKI and signinng slight confusion
David Howe
ukcrypto at maillist.ox.ac.uk
Mon, 11 Sep 2000 15:22:43 +0100
> Each & every health professional has a legal (Data Protection Act),
> contractual & ethical obligation to protect privacy & get appropriate
> informed consent for disclosure.
I must admit to not being entirely familiar with the DPA (98) - but can't
find any provision that requires you to protect the data adequately in
transit. Principle 7 gives:
7. Appropriate technical and organisational measures shall be taken against
unauthorised or unlawful processing of personal data and against accidental
loss or destruction of, or damage to, personal data.
Which seems to make it a duty to prevent anyone using YOUR system to
access the data, but doesn't seem to require you to protect it in transit.
I would also be interested in the contractual requirements (I assume we can
take the ethical obligations as a given for qualified doctors)