View all newsletters
Receive our newsletter – data, insights and analysis delivered to you
  1. Technology
  2. Data
May 28, 2020

The NHS Will Hold Test and Trace Data for 20 Years: Questions Abound

"Specific and legitimate role' is one of the most vaguely defined terms I’ve ever seen in a privacy notice..."

By CBR Staff Writer

NHS Test and Trace ran into headwinds today as it launched, as the Health Secretary urged people to do their “civic duty” to participate in the scheme — which in the absence of a working app will require those who have tested positive to provide call centre staff with details of their recent contacts.

Amid a growing uproar over how the government has handled the outbreak, and the news that the UK has the world’s highest rate of excess deaths resulting from the pandemic, the “civic duty” request drew an indignant response.

Oxford University professor and primary care expert Trish Greenhalgh was among those rejecting the plea. As she put it bluntly: “It is not my ‘civic duty’ to participate in a scheme that is ‘test, track and trace’ by name only, run by cronies, aligned weakly if at all with our public health and primary care infrastructure, and tied to a vainglorious political target.”

Legal experts meanwhile raised concerns over the programme’s privacy policy, which, curiously, appears to have been published on March 4 — a long three-weeks before the UK even introduced a public lock-down.

This concedes that “personal identifiable information” (a term not used in privacy law in the UK; “personal data” is the term under the Data Protection Act 2018) will be retained for 20 years on a “secure cloud environment”.

This will include name, address, date of birth, postcode and phone number.

See also: Gov’t Launches Test and Trace – But There’s Still No App

Experts noted that it was not unusual for the NHS to keep data for lengthy periods, but with public distrust surrounding the government’s response to the COVID-19 outbreak high, many suggested that given the centralised nature of the response, some form of consultation should have occurred.

Content from our partners
Signs your accounting software is no longer fit for your growing business
Incumbent banks must transform at speed, or miss the benefits of open banking
Leverage cloud and expertise to optimise engagements from onboarding to conclusion

Ravi Naik solicitor and legal director AWO, a data rights agency, told Computer Business Review today: ” Looking at this policy itself there are a few things here that give me concern. Probably the main one is this idea that the data can be seen by, quote, those who have  ‘a specific and legitimate role in the response and who are working on the NHS Test and Trace'”.

He added: “‘Specific and legitimate role’ is one of the most vaguely defined terms I’ve ever seen in a privacy notice and it’s really concerning when we are talking about our collective response to coronavirus.

“The bigger concern is that there are companies we know the NHS is working with in the data store that have questionable approaches to data protection. For this system to work we need confidence as without uptake there’s no utility. That lack of transparency is a real concern.”

Public Health England has been contacted for comment.

 

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU