West Lothian and email

ukcrypto@chiark.greenend.org.uk ukcrypto at chiark.greenend.org.uk
Thu, 15 Jan 2009 19:23:20 +0000 

Quoting Roland Perry <lists@internetpolicyagency.com>:

> In article <20090113205556.xew5dvolcw8sgs0g@webmail01.purplecloud.com>,
> signup@bealoid.co.uk writes
>> BBC Radio Four's "InTouch" programme had an interesting piece about =20
>>  'data protection paranoia', and a blind woman who was told by her  =20
>> Mental Health trust that they could not email appointment details  =20
>> to her because of data protection laws.
>
> Was that specifically due to their perception that email was
> susceptible to eavesdropping? (and other forms of notification weren't).

Sort of. They were saying that email could be "misdelivered" to the =20
wrong person, even though they (the key worker) had several emails to =20
and from the service user.

> It might also fit the "withheld phone number" scenario, where health
> professionals generally refuse to allow other household members to even
> know the patient is being treated by a specific clinic, and many email
> facilities are shared (and you might even expect that a blind person's
> email would be routinely read out to them by someone else - but the
> same goes for the post, I didn't say this was argument was watertight!).

Some NHS places have 'fine grain' privacy protocols.  =B2gether NHS =20
Foundation Trust (That's not a typo, they *really* do have a =20
superscript 2 to start their name) allow service users to specify who =20
can and can't get information, and how much information can be given.  =20
("Don't tell my brother anything.  You can tell my wife everything.  =20
You can tell my sister if I'm in hospital or at home, but not how I'm =20
doing or what my diagnosis is".)  Other places have a blunt (easy to =20
use) policy - They won't tell anyone anything.

[snip]

>> With an IT overhaul costing billions hasn't anyone heard of encrypted ema=
il?
>
> The problem always has been: whose format of encrypted email (not much
> interoperability, afaik), and is there any format that doesn't require
> at least "A level" computer science qualifications to operate?

Suite B?

As far as ease of use goes I used to think that it couldn't be too =20
hard to set up some easy to use system.  But then I look at the mess =20
that many people make with SSL browser encryption and realise that =20
it's probably harder.