Jump to content
House Price Crash Forum
Sign in to follow this  
Justonemore

Barclays Details Leaked

Recommended Posts

Sorry if already posted:-

http://www.dailymail...les-leaked.html

"....highly sensitive information, including customers' earnings, savings, mortgages, health issues and insurance policies, ended up in the hands of unscrupulous brokers."

I hope the receivers of the information are also treated in the same criminal way as the insiders who originally stole the information.

I closed my account last year, but i always get yearly Barclay statements. After closing your account, does anyone know how to get your details deleted from their system? I have the same thing with Natwest - account closed years ago, but i still appear to be on their system and receive yearly statements. If i call the branch i just get confirmation that my account is cold. :(

Share this post


Link to post
Share on other sites

http://www.bbc.co.uk/news/uk-26106138

Fascinating this was the BBC News lead story until just now on their home page. Now it's fallen below a danish giraffe in significance. Perhaps someone put a swift phone call in.

And the Mail deserve their linky for the scoop.

http://www.dailymail.co.uk/news/article-2554875/Barclays-account-details-sale-gold-27-000-files-leaked.html

Edited by StainlessSteelCat

Share this post


Link to post
Share on other sites

Barclays yet again.

http://

www.telegraph.co.uk/finance/newsbysector/banksandfinance/8253523/Bob-Diamond-Time-for-banker-remorse-is-over.html

'Time for banker remorse is over'

http://

www.theguardian.com/business/2012/jul/02/timeline-key-events-libor-barclays

Timeline: key events in the Barclays Libor scandal

Events in the six days since Barclays was fined £290m for manipulating key interest rates

http://

www.independent.co.uk/news/business/news/head-of-barclays-cleanup-move-sir-hector-sants-quits-as-he-falls-victim-to-stress-8937334.html

Wednesday 13 November 2013

Just a month after taking sick leave as a result of stress and exhaustion, Sir Hector Sants, the man hired to lead a clean up at Barclays, has quit.

etc etc

Edited by billybong

Share this post


Link to post
Share on other sites

Wow! Isn't this the issue with the centralisation, offing for sale and release of people's medical records (Care.Data). There could be a free for all - or perhaps it's cover for something that is already going on.

Though perhaps it's information costumers provide when applying for loans, insurance; still, I suppose we have the choice of information we provide in this instance.

Share this post


Link to post
Share on other sites

Wow! Isn't this the issue with the centralisation, offing for sale and release of people's medical records (Care.Data). There could be a free for all - or perhaps it's cover for something that is already going on.

Though perhaps it's information costumers provide when applying for loans, insurance; still, I suppose we have the choice of information we provide in this instance.

There should be a proper opt out with the option to have all your medical records deleted from all databases, leaving only the paper records held by your registered GP.

Share this post


Link to post
Share on other sites

There should be a proper opt out with the option to have all your medical records deleted from all databases, leaving only the paper records held by your registered GP.

That would be almost impossible, and would be a clinical and clerical nightmare. Consequently, I'm sure a politician will be along shortly to offer you just that.

Share this post


Link to post
Share on other sites

That would be almost impossible, and would be a clinical and clerical nightmare. Consequently, I'm sure a politician will be along shortly to offer you just that.

Easily done, if the original paper records have been destroyed just print the digital records before deleting them.

As for clinical problems, surely it's up to the individual to weigh up any clinical risks.

Share this post


Link to post
Share on other sites

Easily done, if the original paper records have been destroyed just print the digital records before deleting them.

As for clinical problems, surely it's up to the individual to weigh up any clinical risks.

I'm amazed Doctors can read each others hand writing.

Share this post


Link to post
Share on other sites

Sorry if already posted:-

http://www.dailymail...les-leaked.html

"....highly sensitive information, including customers' earnings, savings, mortgages, health issues and insurance policies, ended up in the hands of unscrupulous brokers."

I hope the receivers of the information are also treated in the same criminal way as the insiders who originally stole the information.

I closed my account last year, but i always get yearly Barclay statements. After closing your account, does anyone know how to get your details deleted from their system? I have the same thing with Natwest - account closed years ago, but i still appear to be on their system and receive yearly statements. If i call the branch i just get confirmation that my account is cold. :(

I have often wondered how many accounts must be open with nil or pence balances.....open but closed, it must cost a fortune to keep open, sending statements into the abyss......all part of a statistic? a number? wouldn't it be more logical to say use it or lose it. :unsure:

Share this post


Link to post
Share on other sites

There should be a proper opt out with the option to have all your medical records deleted from all databases, leaving only the paper records held by your registered GP.

GPs have largely abandoned paper records and moved to 100% electronic records. They are far further along this line than hospitals are.

The problem with deleting records is that you have to be sure you get it right. Deleting the wrong files would be a catastrophic error. For this reason, it would be an admin nightmare.

As it is, the allocation and management of case files is often done by the very lowest level staff, and errors are rife. At my hospital we recently upgraded on records system to a new system. An early part of the project planning was to verify the data integrity. We had a target of 98% of records should be correctly numbered with a checked NHS number. The actual number of correctly identified records was about 91%, and it took about 6 months worth of time for a pair of experienced administrators to get to the 98% target.

Deleting records would also be a clinical nightmare. A problem that I run into almost daily is someone has needs some sort of MRI scan as an emergency, but they had surgery a few years ago, and had some sort of implant. If you can't get the implant make/model/serial number, then you have no way of finding out what, if any MRI precautions are needed. What do you do then?

There are other reasons for keeping medical records - legal issues (medical negligence may not be apparent for years after a case), tracing of people who may have received faulty implants/drugs/blood transfusions, etc., if they participated in a clincal trial, then there may be a legal requirement to retain the data for research governance purposes, etc. There are other legal frameworks that require record keeping - for example, if you have an X-ray, then radiation protection legislation requires that a record of the radiation exposure be kept, that the images be kept (the legislation doesn't say how long, but if this data is deleted, it will be impossible to prove compliance with radiation protection, which is a strict liability offence)

The liability issues are so great that even software vendors are very reluctant to offer data deletion, except in special circumstances. When purchasing a new system, we put in the tender document, in the mandatory specification that the software had to support deletion of data by an administrator. It turned out that most of the interested vendors didn't offer data deletion AT ALL (the nearest they would come would be to make data visible to system admins only). Some offered a manual deletion facility available to administrators.

What we really wanted was something that would auto-delete records sent to us for a specialist opinion; these were records held by another hospital, sent electronically to us, as background material to support a question as to whether the patient needs to be transferred for specialist care. In other words, this was a copy of the data, which was actually owned by someone else. Keeping it would increase our liability to breach of confidentiality. We asked the vendors if they had a tool that would auto-delete this stuff after 12 months, if it hadn't been manually marked for saving. The unanimous answer from the system vendors was "You must be joking!".

Share this post


Link to post
Share on other sites

Easily done, if the original paper records have been destroyed just print the digital records before deleting them.

And what do you do with records that can't be printed. Electronic data (waveforms, hyper-dimensional datasets, video/sound recordings, etc.).

As for clinical problems, surely it's up to the individual to weigh up any clinical risks.

The issue is sufficiently complex, that most individuals would not be able to weigh the risks appropriately. In my experience, even most professionals who deal with this on a daily basis, struggle with it.

Share this post


Link to post
Share on other sites

And what do you do with records that can't be printed. Electronic data (waveforms, hyper-dimensional datasets, video/sound recordings, etc.).

The issue is sufficiently complex, that most individuals would not be able to weigh the risks appropriately. In my experience, even most professionals who deal with this on a daily basis, struggle with it.

So you are saying that, for our own good, our medical records must be kept on databases that may be available to any Tom, Dick or Bobby?

Why not give people the option to have their records deleted but with a requirement to sign a waiver that this is done at their own risk and that no claims for professional misconduct will be entertained and that it is understood that it may give rise to inappropriate treatment and even death? That way we would have a choice.

Share this post


Link to post
Share on other sites

So you are saying that, for our own good, our medical records must be kept on databases that may be available to any Tom, Dick or Bobby?

Why not give people the option to have their records deleted but with a requirement to sign a waiver that this is done at their own risk and that no claims for professional misconduct will be entertained and that it is understood that it may give rise to inappropriate treatment and even death? That way we would have a choice.

In general these databases are reasonably well secured and are regularly monitored for inappropriate use. Typically, data is restricted to relevant "roles". So, the receptionist may be able to see a list of future appointments, or reschedule an appointment, but see nothing else.

Of course, they aren't perfect, and there is a lot of variation. The bigger national databases require 2factor authentication, and frequent renewal of credentials in person with appropriate ID and appropriate authorization. However, smaller old, historical systems are often less well secured (but at the same time, there are fewer people who have access, and fewer access logs to trawl through to audit).

There are big technical problems with deletion:

Historical systems (retianed old databases, where data could not be migrated to a new system) are often read-only snapshots and the software is no-longer supported by the vendors (or the vendors have gone out of business). It would be technically infeasible to delete a record from such system, without destroying the whole thing.

The other issue is that deletion of records is something that system vendors have a phobia of. We just replaced a records system, but the old one did not have a delete function AT ALL. The best that you could do was for an administrator to make a file as "hidden" with a reason (e.g. entry made into wrong patient's file), but there is no facility within the software, at all, to delete a record. Indeed, almost as soon as an entry was made, it was burned to a write-once disc. Even if the software did support deletion, the media on which the data was stored did not.

There are also legal issues:

You mentioned a waiver. However a waiver is meaningless, as under current legal frameworks, you cannot waive your liability for harm where your actions were unreasonable, even if given "informed consent" or a waiver.

A not uncommon medico-legal type of case is the patient who desperately wants a particular treatment that is inappropriate. They go from doctor, to doctor until they find one that will do it. They sign the consent agreeing that it is high risk, and may cause problems in the future. They develop problems in the future, and sue the performing doctor. They often win, as regardless of the patient's desire, and regardless of consent, the treatment was inappropriate.

I can understand your desire to have your data deleted, but at present, such a change is infeasible on a technical level and not possible on a legal level.

Finally, I just wanted to correct one point you had made earlier. You talked out printing out records prior to electronic deletion. In general, this is a bad idea. Paper records are much less secure than electronic records. They are visible to more people, there is no restriction of different parts to appropraitely authorized people, and there is no audit log as to who accessed them, what bit was accessed, when and where. Investigating data breaches and tampering from paper records is nearly impossible. With electronic systems, it is trivial.

Share this post


Link to post
Share on other sites

In general these databases are reasonably well secured and are regularly monitored for inappropriate use. Typically, data is restricted to relevant "roles". So, the receptionist may be able to see a list of future appointments, or reschedule an appointment, but see nothing else.

Of course, they aren't perfect, and there is a lot of variation. The bigger national databases require 2factor authentication, and frequent renewal of credentials in person with appropriate ID and appropriate authorization. However, smaller old, historical systems are often less well secured (but at the same time, there are fewer people who have access, and fewer access logs to trawl through to audit).

There are big technical problems with deletion:

Historical systems (retianed old databases, where data could not be migrated to a new system) are often read-only snapshots and the software is no-longer supported by the vendors (or the vendors have gone out of business). It would be technically infeasible to delete a record from such system, without destroying the whole thing.

The other issue is that deletion of records is something that system vendors have a phobia of. We just replaced a records system, but the old one did not have a delete function AT ALL. The best that you could do was for an administrator to make a file as "hidden" with a reason (e.g. entry made into wrong patient's file), but there is no facility within the software, at all, to delete a record. Indeed, almost as soon as an entry was made, it was burned to a write-once disc. Even if the software did support deletion, the media on which the data was stored did not.

There are also legal issues:

You mentioned a waiver. However a waiver is meaningless, as under current legal frameworks, you cannot waive your liability for harm where your actions were unreasonable, even if given "informed consent" or a waiver.

A not uncommon medico-legal type of case is the patient who desperately wants a particular treatment that is inappropriate. They go from doctor, to doctor until they find one that will do it. They sign the consent agreeing that it is high risk, and may cause problems in the future. They develop problems in the future, and sue the performing doctor. They often win, as regardless of the patient's desire, and regardless of consent, the treatment was inappropriate.

I can understand your desire to have your data deleted, but at present, such a change is infeasible on a technical level and not possible on a legal level.

Finally, I just wanted to correct one point you had made earlier. You talked out printing out records prior to electronic deletion. In general, this is a bad idea. Paper records are much less secure than electronic records. They are visible to more people, there is no restriction of different parts to appropraitely authorized people, and there is no audit log as to who accessed them, what bit was accessed, when and where. Investigating data breaches and tampering from paper records is nearly impossible. With electronic systems, it is trivial.

Thanks for taking the time to reply in such depth.

It would seem that a change in the law is necessary to make waivers legally binding.

I don't particularly want my data to be deleted, there's very little of it, I just want the option. It's the principle, freedom of choice.

As for paper records being less secure, I accept what you say but they are not instantly available to anyone with a valid password, anywhere in the world.

Bring back the good old days of a family doctor, with a surgery in his house and a filing cabinet.

Share this post


Link to post
Share on other sites

How did Barclays get their hands on theit customers health records?

article-2554875-1B4F7F7800000578-780_634x421.jpg

They didn't. The salesman (sorry, financial adviser) would have completed a factfind and asked the customers about their health.

Share this post


Link to post
Share on other sites

http://www.theguardi...s?commentpage=1

"This is catastrophic, just awful," the Liberal Democrat MP Tessa Munt, who is parliamentary private secretary to Cable and has campaigned on mis-selling by banks, told the Guardian. "What protections have Barclays got in place? Are the police going to pursue this, are they going to prosecute, and is someone going to go to jail for this? They should do."

Shouldn't we give this jail malarkey a go? Seems to be a regular enough method of dealing with people who misspeak on Twitter. The most common phase I hear in any conversation regarding banks seems to be 'they should be in jail' I almost never hear that about twitter posters.

Why are there no police investigations? No trials and no jail sentences?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

  • The Prime Minister stated that there were three Brexit options available to the UK:   202 members have voted

    1. 1. Which of the Prime Minister's options would you choose?


      • Leave with the negotiated deal
      • Remain
      • Leave with no deal

    Please sign in or register to vote in this poll. View topic


×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.