Possibly the most boring of all boring company-wide emails is the one from IT Support telling you that they’ll be working hard over the weekend to deploy some tedious security update to everyone’s computer.
And when you come in on Monday, your computer might take “a little longer than usual” to boot up, but under no circumstances should you switch it off while this is happening.
Well, the next time you receive one of these missives, before dispatching it to the trash with your usual contempt, spare a thought for all those NHS workers, who have been waiting years to get such an email. As we all discovered last week, all that stands between the contents of your hard drive and a demand for $300 in bitcoin is one of those funny little security updates.
Not so boring now is it? Suddenly, politicians are flooding the airwaves to convince us that they have the faintest idea of what is going on. Home secretary Amber Rudd is yet to summon the hashtag experts, but has sagely suggested that the NHS upgrades from Windows XP. The Labour Party is presumably still deciding how it should split over the issue, and praying none of the shadow cabinet is ambushed with any tricky or unpredictable questions, such as “what is malware?”.
This general political cluelessness about IT extends to the discussion over data handling within the NHS. A group called “Doctors of the World” is running a #StopSharing campaign – launched on the same day as the malware attack – protesting about personal medical data being shared with the Home Office. Whatever your feelings about this, the problem is that the public starts to conflate all types of sharing of medical data, and puts them in a box, along with malware, marked “dodgy”.
The Royal Free Hospital was recently criticised for handing over patient data to Google-Deepmind, to build a kidney disease detection app. The deal raised many important issues, particularly around patient consent and the ownership of data. But lost in the critical noise was any voice speaking up for the benefits of applying data science to medical research.
Despite Brexit, the EU’s General Data Protection Regulation (GDPR) will become law in 12 months’ time, and it is already having an impact as businesses gear up to become compliant.
The most immediate effect is that business leaders are having to pay attention to all those tedious and impenetrable IT issues – like security and data handling – which they previously delegated to the techies. The prospect of huge fines and personal liability suddenly makes them all so much more interesting.
While business is getting on with it, there’s been no discussion of GDPR during this General Election and I suspect most senior politicians are as unaware of this major legislation as they are on other tech issues. (Both Conservatives and Labour have promised to introduce a new right to remove material posted online by someone before they were 18. However, this “right to be forgotten” is firmly enshrined in recital 65 of the GDPR, and has been heralded on the Information Commissioner’s website for many months.)
But it is our politicians and government who need to get to grips with the better controls demanded by GDPR – as well as developing a better understanding of the opportunities presented by opening their data for more analysis.
The challenge is straightforward: we need better public sector IT to handle data flexibly but securely. Admittedly, it is a hard sell right now, because during an Election the focus is all about more money for public servants, or more of them. But perhaps the penny will start to drop that, however well-staffed with nurses, the shiny new operating theatre can still be disabled by running an outdated and unsafe operating system.
Danvers Baillieu is chief operating officer of Cognitive Logic.