Data Sharing Review
Ian Mason
ukcrypto at chiark.greenend.org.uk
Sat, 19 Jul 2008 10:36:36 +0100
On 17 Jul 2008, at 10:29, Michael Simpson wrote:
>> Except the senior A&E docs would delegate their authority to
>> junior staff,
>> who would delegate it to the receptionists.
>
> How, by giving them their finger or eye. I believe that there are
> fingerprint devices with pulse oximeters built in to stop this.
> Make it a clinical governance issue and tell them that each time they
> do delegate it they will lose a discretionary point.
I spent quite a bit of time recently looking at the issue of delegation
from both an information security and business point of view for a
system design of my own.
After much cogitation I came to the conclusion that limiting delegation
of powers was, except in very limited situation such as keys-to-the-
world
scenarios, was a bad idea.
Typical example: MD goes on holiday, delegates power X to senior
manager.
Senior manager is taken ill, delegates power to alternate. Alternate
has to
deal with family crisis at kid's school, other senior managers are
out for
the rest of the day and so needs to delegate power to a junior. I've had
days exactly like that.
A system that limits delegation to a particular rank (senior managers)
fails in this situation. A system that limits delegation to n-removed
(say n=2) fails in this situation.
The only reasonable course of action is to not limit delegation but to
limit transfer of blame if a delegation is abused. I.e. you attribute
blame at every level in the chain. This obviously only works if there
is a sufficiently good chance that an abuse is detected so you need
to build effective audit into such a design.
Ian