Here’s a little conundrum for you.
Imagine you are a journalist working on one of the many titles that the Information Commissioner found was involved in dubious practices to get hold of personal information about people.
Don’t you think it’s quite likely you would now and again have wanted to get hold of someone’s home address? Perhaps to track down someone to doorstep them. Or maybe to trawl round the relatives of someone famous to find if anyone is willing to give you an interview.
Now imagine there is a database of people in Britain which is so comprehensive and has been built up over time that it has 80 million records in it, 90% of which contain a postal address.
What’s more, nearly 700,000 people have access to the records. Plenty of opportunity there to hunt out someone to do you a favour.
Even better, less than 13,000 out of the 80,000,000 records are marked as sensitive and so have some protection against queries made against them.
There’s even a few extra bonuses in there as nearly 6.5 million records contain contact details for someone else close to the person in question – very handy when you’re trying to flush out someone willing to talk to you. And 10 million of the records have a mobile phone number with them. (You’d only want to get hold of that to call someone, of course.)
And just to round things off, experts have said that spotting inappropriate use of the database is “incredibly difficult if not impossible”.
So do you think you would make use of that database to dig out names and addresses?
The database, by the way, is the NHS’s Personal Demographics Service (PDS). You may well not have heard of it – because it hasn’t been featuring in the journalism ethics stories of the last few months (though it has been in the news thanks to the blunder over printing personal details on the front of envelopes).
Now, I don’t know if the PDS has been abused by journalists. I do know that health experts I have spoken to are concerned about its security and that similar concerns have been expressed by health professionals in the past.
And it seems to me puzzling to think that, given all that has (and is) coming out about what some journalists got up to, the PDS should have been left alone and not been used as a source of illegal personal information.
Oh, and a new version of the PDS is about to be rolled out which will allow for more personal data to be stored on each person (by permitting multiple contact people and persons per record).
Perhaps I’m wrong. But it seems to me rather likely that the widespread quiet over journalists, private investigators and the PDS is due to the right questions not having been asked rather than because the Personal Demographics Service has been a haven of secure personal information.
1. Statistics from my freedom of information request.
2. Quote about policing the database from E-Health Insider.
3. A hat-tip to Neil Bhatia whose website has detailed information on this topic and helped plant the idea of the story in the first place.
4. Database and privacy experts have looked at services such as the PDS in the past but the resulting media coverage was not about misuse by journalists.