The biggest privacy stories of 2015

Computing looks back at the most important events of 2015 that affect your privacy

Since the Snowden revelations, consumers have become increasingly wary of how their data is shared or stored - as are clients of technology storage vendors.

Earlier this year, a survey by the Information Commissioner's Office (ICO) found that 77 per cent of consumers were very or fairly concerned that organisations are not collecting and keeping personal details secure, while 67 per cent believe companies are requesting unnecessary data or collecting details they do not need.

So with privacy clearly being one of the most important topics in IT at present, here are the top privacy stories of 2015...

The biggest privacy stories of 2015

Computing looks back at the most important events of 2015 that affect your privacy

8. GPs could be breaking the law if they provide insurers with medical records - even with patient consent

In what could have a huge effect on the health insurance industry for years to come, the ICO ruled that GPs did not have to comply with requests from insurers to release patient medical records - even if a patient has given consent for them to do so.

Apparently, insurance firms who request the records under the Data Protection Act are abusing fundamental rights that are protected under EU law, and GPs who do hand over records could even be in breach of the law themselves.

The ICO had investigated the use of ‘subject access requests' (SARs) by UK insurers who were looking to obtain medical data to underwrite insurance policies. But it said that the use of SARs to access medical records is an abuse of the insurer's rights.

"Using individuals' own data protection rights to side step the current statutory arrangements designed to meet the insurance industry's needs, and including important safeguards for individuals, is not the appropriate approach," it said.

Insurers could be in breach of several of the Data Protection Act's principles around patients giving informed and explicit consent, data being kept longer than necessary and data security, while GPs who release whole patient records including data that is not relevant to the insurance request in question could also be in breach of the act.

The Association of British Insurers and the General Practitioners Committee will have to come to a new agreement which would abide by the law.

The biggest privacy stories of 2015

Computing looks back at the most important events of 2015 that affect your privacy

7. Government admits unlawful monitoring of lawyer-client conversations

Ever thought we'd get the government admitting it had been illegally monitoring data, phone calls or anything else along those lines?

Well, the rare and highly embarrassing admission did finally happen, when the government said that the UK's intelligence agencies, including MI5 and MI6, had been monitoring conversations between lawyers and their clients, unlawfully.

It said that secret policies that enabled the snooping to occur did not comply with European human rights laws.

The admission came about after an ongoing legal dispute between the government and the lawyers of two Libyan citizens and their families. The two Libyan citizens were captured by MI6 and CIA spies and sent back to Libya to be tortured by the Gaddafi regime in 2004. Lawyers representing one of the Libyan citizens, Abdul-hakim Belhaj, are suing the government in a case filed in 2012. However, they became suspicious that the likes of GCHQ, MI5 and MI6 were snooping on private conversations.

The lawyers therefore filed another case with the Investigatory Powers Tribunal - and claimed that as a result of the communications interceptions, the government had infringed on their right to a fair trial.

Unsurprisingly, a government spokesperson stopped short of admitting that there was any "deliberate wrongdoing" on the part of the security and intelligence agencies, stating that they had taken their obligations to protect legally privileged material extremely seriously. Yeah, sure.

The biggest privacy stories of 2015

Computing looks back at the most important events of 2015 that affect your privacy

6. Scotland's plan for a ‘super-database'

The Scottish National Party's (SNP) plans to create a "super database" that would capture and store data about Scottish citizens' health, and share it with other government bodies, has been criticised by privacy campaigners who believe the system could be a ploy to sneak in a national ID scheme through the back door.

The plans have been dealt with several blows - the head of ICO Scotland, Kevin Macdonald, raised concerns about the project's validity, while the plans were overwhelmingly rejected in a public consultation.

But, as with the Snooper's Charter, it doesn't mean the idea won't go away. Computing looked into the privacy, security, and legal fears earlier this year.

The biggest privacy stories of 2015

Computing looks back at the most important events of 2015 that affect your privacy

5. NHS accredited smartphone apps are leaking data

Oops.

Back in September, researchers at Imperial College London found that a number of smartphone health apps that had been accredited by the NHS did not properly secure customer data and have poor information privacy practices.

Researchers checked 79 of the 230-plus apps available in the Health Apps Library, and found that despite vetting from the NHS, some ignored privacy standards altogether, and nearly a third (29 per cent) sent out both personal and health data without encrypting it at all.

But the findings did not come as a complete surprise, as in June NHS England was put under scrutiny for its review criteria for the library - the criteria were labelled ‘weak'.

In response, NHS England has suggested that it does not formally accredit the apps, and merely ensures that they are clinically safe and compliant with the Data Protection Act.

The organisation has since claimed that it was working to "upgrade" the Health Apps Library, after it was taken offline. Perhaps it had taken notice of the research, and is looking to take a different approach to the original library for the relaunch.

The biggest privacy stories of 2015

Computing looks back at the most important events of 2015 that affect your privacy

4. NHS England plans to hand over medical records to high-street retailers

NHS England finds itself on the list again - this time for drawing up plans to allow major retail chains that run pharmacies access to patients' medical records.

The organisation claimed that following a trial involving 140 pharmacies, the move to enable access to medical records would reduce pressure on GP surgeries and help improve efficiency. Pharmacies could, for example, provide repeat prescriptions for patients, bypassing GP surgeries.

The trial, furthermore, gained responses from just 15 patients, according to a report, all of which were discarded.

The British Medical Association came out against the scheme, and MedConfidential campaigner Phil Booth labelled the NHS's blasé attitude towards the confidentiality of NHS patient records as "extraordinary" and warned that the retailers involved in the scheme would find the temptation to use the information in other ways "irresistible".

But NHS England and the Health and Social Care Information Centre (HSCIC) played down the claims, claiming that patients would have to provide "explicit consent" and that patients' summary care records would only be viewable by "a regulated healthcare professional" in a pharmacy.

It added that the data would not be accessible by other means and would never be available to supermarkets for other purposes, such as marketing. Whether or not this is the case remains to be seen.

The biggest privacy stories of 2015

Computing looks back at the most important events of 2015 that affect your privacy

3. Backlash grows over privacy in ‘freemium' Windows 10

When Microsoft launched Windows 10 earlier this year, there was a backlash towards the company because of the way the new operating system would effectively be able to scoop up a wide range of user information - and sell the information, tied to unique IDs to advertisers and other organisations.

The software giant's new privacy policies would mean that data such as browsing history, bookmarks, specific passwords, saved apps, and websites would be synchronised every time a user logs in to Windows 10. And Microsoft's virtual assistant Cortana is the busiest part of the technology giant's data scooping operations - it takes in personal information such as data from a user's calendar, apps, emails, text messages, calls, contacts and the frequency of your interactions with certain contacts.

Meanwhile, unique user-IDs that are used to log-in to Windows 10 would enable advertisers to identify people personally and profile precisely their web usage.

Of course, Microsoft claimed that this is all a part of its bid to "learn" more about the user in order to tailor its services, but most alarmingly, it has given itself the right to disclose all of this data to whomsoever it likes, whenever it likes.

"We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to protect our customers or enforce the terms governing the use of the services," it said in its privacy policy.

One must remember, that nothing is ever completely 'free'.

The biggest privacy stories of 2015

Computing looks back at the most important events of 2015 that affect your privacy

2. HSCIC is sharing data of patients who opted out of care.data

Unbelievable. Even for all of the controversy that care.data has already stirred up, it was a shock to the system when last month it was revealed that patients who wanted to opt out of the programme may still have their data released by HSCIC.

Around 700,000 patients decided that they did not want their data shared with third parties after a leaflet was sent to households in England back in January 2014, explaining that they had a choice.

And despite the general awareness of the programme and its motives continually being questioned, it was thought that HSCIC would at least grant the wishes of those who wanted to opt out of data sharing. But it was revealed by a letter sent to HSCIC chair Kingsley Manning from the ICO, that the opt-outs remain on GP practice systems and details of which patients have opted out have never been sent to HSCIC.

"This means that the opt-outs have not been actioned and those patients' personal data continues to be released by HSCIC," said Dawn Monaghan, group manager of public services at the ICO.

However, it is unclear exactly where this data is being released to.

Monaghan said that based on the information provided by HSCIC, the organisation had not complied with the first principle of the Data Protection Act - and urged HSCIC to take action before it would be forced to issue an enforcement notice.

The biggest privacy stories of 2015

Computing looks back at the most important events of 2015 that affect your privacy

1. Investigatory Surveillance Powers Bill

The Investigatory Powers Bill, aka the Snooper's Charter, has made everyone in the IT industry - and outside of it - sit up and take notice. Last month, a panel of representatives from the UK IT industry suggested that the Bill risks putting British technology companies at a financial disadvantage because customers won't want to use products the government has the right to hack into, while UK mobile networks have suggested the idea of data retention is costly, complicated and time-consuming.

Apple has voiced its concerns over the Bill, and it is to be followed by other tech giants including Microsoft, Facebook, Google and Twitter.

According to one privacy expert, the surveillance powers outlined in the Bill represented a gross invasion of privacy that would create an outcry from the public if they knew what bulk collection really meant.

MPs have also slammed the draft Bill, stating that provisions to protect the public against the intrusive powers of the state are still lacking.

As has been the case with the Snooper's Charter for many years, there seems to be more questions than answers, but Home Secretary Theresa May (pictured below) seems overly keen to rush the Bill through.

But as David Davis MP said quite rightly, "in this business, speed is the enemy of wisdom".