Quote Of The Year

Quote Of The Year - Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

Tuesday, May 08, 2018

I Think The Public View On What We Should Do With Our Data Is Shifting Fast And I Believe The Government Is Not On Top Of It.

This appeared last week:

Tom Burton: Canberra creates a brave new data world

By Tom Burton • 03/05/2018
It is hard to overstate the importance of the federal government’s decision to create a consumer right over the data created about them.
Spurred by various inquiries calling for measures to enable consumers to more easily shop around for their financial and utility providers, federal cabinet has created a right designed to give citizens control over the data that is collected about them. The right will enable consumers to send their usage data to a competitor, to get a better deal based on their actual spending, usage and saving patterns.
The new right is predicated on the view there are enormous economic and societal benefits to better understanding the modern world through shared data. Better competition has been called out, but the benefits in collating and integrating administrative and personal data across virtually every sector in the community, are now obvious to everyone.
The Productivity Commission (rightly) convinced Cabinet that to seize these benefits it is imperative to build a national framework that gives citizens confidence in the governance of data and their ability to control the data created about them.
How much actual mobility and better consumer outcomes this will really lead to, is a leap of faith by Canberra’s econocrats. In the much-maligned finance sector, the competition regulators think giving consumers “control” over what in essence is their credit rating, will spur innovation and competition through the fintech sector. How much this reduces the well-documented premiums Australian bank customers pay for core services, is frankly anyone’s guess.

What value data?

Data is often touted as the currency of the so-called gig economy, but as the Facebook-Cambridge Analytica data leakage fiasco reveals, we are really only at the silent movie phase when it comes to considering data, its real value to the economy and society, and how to govern and manage the inevitable sharing of data across the economy and society.
At its highest, data is a slippery concept. Economists and accountants still can’t agree on how to even value it. This means you won’t see on any company’s balance sheet any precise valuation around its data holdings. The entire business model of companies like Uber and AirBnB is based on manipulating data for commercial gain, but yet we have no agreed way of valuing that data. Modern banks derive major returns through their management of transactional and other data, but again there is no dollar value associated with these holdings.
“We are really only at the silent movie phase when it comes to considering data, its real value to the economy and society, and how to manage the inevitable sharing of data.”
Data gains value through its application and linkages and, to date, we haven’t found a way to slot it into commonly understood accounting and economic frameworks. This makes it difficult to measure, for example, how much is the right amount to invest in cyber security. And suggests much of the enormous economic value created through two decades of digitisation is currently built on sand.
Which makes this week’s announcement of a consumer data right very brave, especially for a country that has been a major laggard around digital rights and privacy.

Australia plays catch-up

The new European data right (known as GDPR) begins this month and is light years ahead of anything Australia could possibly design and will have a significant impact on any Australian business with European data holdings or digital processes. The public policy debate in Australia about GDPR has been nought.
Basic digital policy issues, such as cookie management, do not follow, and the right to be forgotten are not even on the regulatory horizon in Australia and, in any case, which regulator has the skills and clear mandate to consider how to apply them?
For a country that does not even have a privacy right, we have just created a whole new statutory right around data that goes to the heart of our modern economy and society. This is not to criticise the data right initiative, but to be realistic about our capabilities to drive a mature and sophisticated whole of economy approach to the many issues it raises.
“Basic digital policy issues, such as cookie management, do not follow, and the right to be forgotten are not even on the regulatory horizon in Australia.”
Legally, the creation of a sophisticated right over the data created about you, is a major regulatory change and will have profound impact on many industries, ranging from e-commerce and marketing to sensitive data areas like health care and public safety. It could also be a significant measure to help break down the global platform dominance that worries many economists (and market incumbents, most notably Rupert Murdoch’s News Corp).
The right will initially apply to the banking, energy and telecommunications sectors, and “will be rolled out to other sectors over time.” What data the right applies to is mired in legal and technical complexity. The sheer volume of structured and unstructured data being generated through digital commerce, not to mention social media and common, everyday events, like catching the train or driving, is huge. And growing exponentially.
And that is before we really fire up our networks with billions of internet-connected beacons and devices, powered up by ultra-fast, low-latency, fixed and wireless broadband.
This data ranges from core “transactional” data to enormous amounts of metadata, including location and time, and a raft of tags, pixels, scripts and personal identifiers. This is more than enough data for experts to agree that advances in computing means that, for at least the next decade, citizens should be wary of any claims of complete anonymity.
Big transactional businesses, like banking and telcos, argue the business intelligence that gets thrown from their systems goes to the heart of their competitive advantage and are very wary of sharing anything but the most elementary account data. Where that line gets drawn, is going to be a major battleground for every serious industry lobbyist in Canberra.
Lots more great stuff here:
This step is intimately tied up with the Government’s attempts to make much more of our data available for use by researchers and commerce to do all sorts of things that will be great for us personally.
The trouble with all this optimism is that right now a large segment of the population is not so sure about data sharing.
Facebook / Cambridge Analytica and the mishandling of de-identified data by the Department of Health have seen to that.
A brief reminder of the second:

Health data governance enforceable undertaking for reidentification of MBS/PBS data

Australia, USA  May 3 2018
In brief
The Australian Information Commissioner has concluded an investigation into the re-identification of Medicare service provider data within the de-identified Medicare Benefits Schedule and Pharmaceutical Benefits Schedule data published by the Commonwealth Department of Health on data.gov.au in 2016. Background and further information about the data published can be found in a LegalTalk Alert which was distributed on 11 May 2017. In the investigation, the Commissioner found that the Department of Health failed to take reasonable steps to protect personal information and to implement practices, procedures and systems to ensure compliance with Australian privacy laws.
The Department of Health provided the Commissioner with an undertaking, which included a requirement to establish an external review and audit into departmental policies and procedures for the release of data based on personal information.
The incident in 2016 has provided a valuable learning experience for Government agencies as they explore how to best realise the value of public data sets. Importantly, the Commissioner observed that the risk of re-identification may require limiting the sharing of some types of data to trusted recipients, and/or using secured environments to share information, rather than simply relying on de-identification techniques.
More here:
More recently we have also had this little exercise sprung on us.

Experts call for GPs to be more educated about data sharing

Call for more initiatives to educate GPs on tech literacy and avoid accidental data sharing
27th April 2018
Medical Director says it's being as “open as possible” about its plan to share GPs' de-identified patient data, after some doctors complained they had signed up without realising.
The company, which provides practice software to 45% of Australia's GPs, is asking for permission to extract information — including prescriptions and immunisation records of all their patients — as part of its latest program update.
Dubbed MD Heart, the scheme will allow GPs who agree to the handover to compare their activity with other doctors.
While it is strictly opt-in, some GPs say they missed the significance of the consent form because it was obscured among the dozens of ‘click-through’ boxes in the installation of Medical Director’s latest edition.
Canberra GP Dr Thinus Van Rensburg took to Twitter to complain that the new feature had been “snuck in without much fanfare or warning.”

So who would trust datamining being done by a large multinational company? If the tech clicks "yes" when prompted during the server upgrade all users, clinical & admin, start contributing. Snuck in without much fanfare and warning #datamining pic.twitter.com/WYIi5W25kB
— Thinus van Rensburg (@tvren) March 20, 2018

More here:
Concern with the apparent free for all with data has led to the GDPR in Europe and similar moves in the US.
This little stuff up has also not helped!

Be alert but not alarmed about mammoth CBA breach, say experts

By Ben Grubb
3 May 2018 — 5:10pm
Commonwealth Bank customers should be “alert but not alarmed” about a mammoth data breach in 2016, which the bank chose to keep private, Australia’s former privacy commissioner, Malcolm Crompton, says.
As the scandal-plagued bank faces the fallout from this latest incident — which has prompted the privacy regulator to re-look at how the bank handled it — privacy experts said even if a similar breach happened again, the bank might not be required to disclose it under new notification laws.
Yet another scandal plagues Australia's largest bank, with the Prime Minister Malcolm Turnbull labeling it an "extraordinary blunder".
Lots more here:
And to cap it off the ADHA is going opt-out to hoover up as much health information as it can as well as unveil some business friendly (you can be sure) Secondary Use rules on the myHR Data.
I really think this is all happening too fast and we all need to slow down, get our breath and, with attitudes to many established institutions changing and trust levels moving (mostly down) it is time for a pause.
None of this is data sharing stuff is super urgent – and I think should be subjected to a lot more scrutiny and decent policy formulation before moving forward (The Productivity Commission’s view noted).
It would be interesting to know what the ADHA thinks of this proposed right to personal data control?
Here is a link:
And what does the Government says to the idea of a Consumer Data Right:

The Australian Government's response

The Australian Government will introduce a Consumer Data Right to allow consumers to access particular data, including transaction, usage, and product data, in a useful digital format. Consumers will also be able to direct a business to transfer that data to a data recipient.
Implementation of the Consumer Data Right will begin in the banking, energy and telecommunications sectors, and will be rolled out to other sectors over time. Before rolling out reforms in a particular sector, the Government will work with that sector and consumers to determine the kind of data consumers require to achieve the intended choice and competition benefits.
The Consumer Data Right will be designed to ensure strong privacy protections and security safeguards. Government and industry will develop appropriate data standards for the protection, access and transfer of data.
To ensure appropriate oversight and regulation of the Consumer Data Right, the Office of the Australian Information Commissioner and the Australian Competition and Consumer Commission will have separate but complementary enforcement roles. The Office of the Australian Information Commissioner will have primary responsibility for individual consumer complaints, and the Australian Competition and Consumer Commission will focus on ensuring the system as a whole operates as intended, including supporting competition and good consumer outcomes. There will be robust information sharing arrangements between the two. Consumers will be able to direct complaints to a single contact point, run by the OAIC, who will handle complaints using a 'no wrong door' approach.
The Consumer Data Right will be introduced primarily through changes to the Competition and Consumer Act 2010.
The Treasurer will lead implementation of the Consumer Data Right.
---- End Extract.
What do you think are the implications and consequences for Health, the Health System and your health data of all this?
Additionally how do you feel about about the National Data Commissioner and their role:
See here:
https://www.itnews.com.au/news/australia-to-get-national-data-commissioner-489988

David.

Postscript:

After this was initially written I noticed this:

Security fears over impending national bank customer database




A massive breach of Commonweath Bank data exposed last week has raised security fears around a new national database of Australian bank customers, as Labor pushes for a delay to part of the scheme's scheduled introduction in less than two months.

The database - set to go live on July 1 - will include the details of every person who has taken out a loan or a credit card, along with their repayment history.

The Mandatory Comprehensive Credit Reporting scheme was a recommendation of the 2014 financial system inquiry and is designed to give lenders access to a deeper, richer set of data to ensure loans are only being approved for people who can afford to repay them.

Lots more here:

https://www.smh.com.au/politics/federal/security-fears-over-impending-national-bank-customer-database-20180504-p4zdd4.html

 So there really is almost daily reporting of additional concerns. Time for a serious review I reckon as people's views change.

D.

No comments: