
UK private health records available to buy for £4 - dreemteem
http://blogs.computerworlduk.com/the-tony-collins-blog/2011/01/will-self-policing-stop-nhs-records-being-viewed-in-india/index.htm
======
kingofspain
_Data does not leave the UK - it resides on servers hosted in the UK and is
accessed from India._

Er, right.

------
iuguy
Without going into details, we've done a fair few jobs involving UK systems
with BPO (Business Process Outsourcing) to India as well as other countries
and in pretty much every case we were able to smuggle Personally Identifiable
Information (PII) out of the remote estate or access things that shouldn't be
accessed.

I should note that this is not something against Indians, most of the time it
was due to the problems with working across two security boundaries and the
lack of acceptance of the problems and realities of doing so, combined with
what were effectively unrealistic promises and a complete lack of
understanding of the two cultures, gaps and overlaps.

To put it another way, any system where data is held in trusted environment A,
but accessed from partially trusted environment B is dependent on the security
of both A and B. However, while environment A is fully trusted, environment B
isn't, and for (sometimes) good reason. The problem arises when instead of
proper controls what happens is a bizarre form of security theatre starts to
arise, and subsequently gaps start popping up all over environment B that
would be otherwise considered acceptable in environment A.

It is not realistic to securely manage information with a strong trust
requirement in an untrusted environment on a permanent basis. It is even less
realistic to do so on the basis of contractual obligation as an alternative to
routine checks and balances.

------
JoeAltmaier
I now add to my list of reasons NOT to outsource overseas (time zone,
language, culture, currency, work ethic, lag, import/export restrictions) this
new item: data security standards.

------
Powerscroft
you couldn't make it up. Can't these people write a contract and police it?

~~~
seabee
You could make it up because it's been going on for years and years with no
consequences to anyone involved.

The digital age is good for a lot of things, but it was a lot harder to carry
a filing cabinet, and thus harder to steal records.

------
JonnieCache
I need to get out of this nasty little country...

(No that is not fishing for job offers.)

