Chapter

Data Protection and Privacy: (In)visibilities and Infrastructures

Volume 36 of the series Law, Governance and Technology Series pp 205-239

Date:

Dangers from Within? Looking Inwards at the Role of Maladministration as the Leading Cause of Health Data Breaches in the UK

  • Leslie StevensAffiliated withMason Institute, University of Edinburgh School of Law, Old College Email author 
  • , Christine DobbsAffiliated withGENCAS, Swansea University
  • , Kerina JonesAffiliated withSwansea University Medical School
  • , Graeme LaurieAffiliated withMason Institute, University of Edinburgh School of Law, Old College

* Final gross prices may vary according to local VAT.

Get Access

Abstract

Despite the continuing rise of data breaches in the United Kingdom’s health sector there remains little evidence or understanding of the key causal factors leading to the misuse of health data and therefore uncertainty remains as to the best means of prevention and mitigation. Furthermore, in light of the forthcoming General Data Protection Regulation, the stakes are higher and pressure will continue to increase for organisations to adopt more robust approaches to information governance. This chapter builds upon the authors’ 2014 report commissioned by the United Kingdom’s Nuffield Council on Bioethics and Wellcome Trust’s Expert Advisory Group on Data Access, which uncovered evidence of harm from the processing of health and biomedical data. One of the review’s key findings was identifying maladministration (characterised as the epitome of poor information governance practices) as the number one cause for data breach incidents. The chapter uses a case study approach to extend the work and provide novel analysis of maladministration and its role as a leading cause of data breaches. Through these analyses we examine the extent of avoidability of such incidents and the crucial role of good governance in the prevention of data breaches. The findings suggest a refocus of attention on insider behaviours is required, as opposed to, but not excluding, the dominant conceptualisations of data misuse characterised by more publicised (and sensationalised) incidents involving third-party hackers.

Keywords

Privacy Information governance Data breach Data security Patient data Harm