Edinburgh Research Explorer

Dangers from within?: Looking inwards at the role of maladministration as the leading cause of health data breaches in the UK

Research output: Chapter in Book/Report/Conference proceedingChapter (peer-reviewed)

Related Edinburgh Organisations

Original languageEnglish
Title of host publicationData Protection and Privacy
Subtitle of host publication(In)visibilities and Infrastructures
PublisherSpringer
Pages1-29
Number of pages29
Volume36
ISBN (Electronic)978-3-319-50796-5
ISBN (Print)978-3-319-50795-8
DOIs
StatePublished - 2017
EventComputers, Privacy & Data Protection 2016 - Brussels, Belgium

Publication series

NameLaw, Governance and Technology Series
Volume36

Conference

ConferenceComputers, Privacy & Data Protection 2016
CountryBelgium
CityBrussels
Period27/01/1629/01/16

Abstract

Despite the continuing rise of data breaches in the United Kingdom’s health sector there remains little evidence or understanding of the key causal factors leading to the misuse of health data and therefore uncertainty remains as to the best means of prevention and mitigation. Furthermore, in light of the forthcoming General Data Protection Regulation, the stakes are higher and pressure will continue to increase for organisations to adopt more robust approaches to information governance. This chapter builds upon the authors’ 2014 report commissioned by the United Kingdom’s Nuffield Council on Bioethics and Wellcome Trust’s Expert Advisory Group on Data Access, which uncovered evidence of harm from the processing of health and biomedical data. One of the review’s key findings was identifying maladministration (characterised as the epitome of poor information governance practices) as the number one cause for data breach incidents. The chapter uses a case study approach to extend the work and provide novel analysis of maladministration and its role as a leading cause of data breaches. Through these analyses we examine the extent of avoidability of such incidents and the crucial role of good governance in the prevention of data breaches. The findings suggest a refocus of attention on insider behaviours is required, as opposed to, but not excluding, the dominant conceptualisations of data misuse characterised by more publicised (and sensationalised) incidents involving third-party hackers.

Research areas

  • privacy, information governance, data breach, data security, patient data, harm

Event

Computers, Privacy & Data Protection 2016

27/01/1629/01/16

Brussels, Belgium

Event: Conference

ID: 25500499