UKC

I remember several past concerns about potential for data breaches being dismissed as unreasonable. Now there is evidence of breaches of particularly sensitive NHS data to Meta.

https://www.theguardian.com/society/2023/may/27/nhs-data-breach-trusts-shar...

This seems utterly moronic and unnecessary to me. Why would an NHS organisation need to track ad click throughs in the first place? Sounds like it was just included in whatever platform the site was built on, which would be a shocking lack of IG and data security due diligence.. if it was put there intentionally, we’ll, even more so.

Sounds  like the former - there's a package of business tools and this was implemented by default. Very poor for something so sensitive. I see there being repercussions. Meta has filters - I wonder if they work - almost analogous to 'handling stolen material'

Then it's certainly a failure of duty of care; developers of 'secure systems' handling confidential information should be checking that their system is not bypassing that security, and leaking information.

it's bloody disgraceful; they need to be prosecuted.

When you see individual healthcare staff get hung drawn and quartered over any accidental data breach (which ok, shouldn’t happen, but mistakes..) it’s outrageous that a system was designed so irresponsibly. There’s general data protection legislation but also a mountain of digital health regulation and guidance specifically to prevent this kind of thing. DPIA for a start.. I’m shocked but hardly surprised though.