Striking the Right Balance between Privacy and Public Protection

[Ross Anderson]

> I still feel that there's some way to go before one can say that
> "telling people after the fact that their privacy was invaded so that
> that there is oversight of the procedures" meets the rather important
> test of practicality :(

Well, this was the argument used by the Department of Health to get out
of notifying NHS patients of research access, and administrative access,
to their records. I've never bought it. I've always believed that by
creating a culture of promiscuous access to data whose subjects expect
it to be private, the NHS is taking a risk that will blow up in their
faces someday. Remember Alder Hey. Everyone knew for years that 
researchers helped themselves to all sorts of chunks from patients,
living and dead, without bothering to ask; research was clearly so much
more important than manners, and the bloody patients might object, which
might stop you getting your FRS (pardon me, cost thousands of lives by
preventing medical advances :-)

> However, it is apparently the scheme in The Netherlands (albeit for the
> rather more serious (and lower volume) privacy invasion of actual
> interception); so it must be possible to make it work !

I'd like to see it extended even to the PNC. if someone looks up my name
and address from my car numberplate I'd like to be notified

Ross