Public Acceptability of Cross-Sectoral Data Linkage

3 GENERAL ATTITUDES TO ORGANISATIONS HOLDING AND USING DATA ABOUT INDIVIDUALS

3.1 This chapter explores participants' general attitudes towards organisations (broadly defined) holding and using information about them, and the main considerations that subsequently underpinned their views in respect of data linkage. The latter part of the chapter explores initial, unprompted reactions to the idea of linkage, and related key discussion points.

3.2 When participants were asked how they felt about organisations holding information about them, they tended to begin by expressing concerns about an encroaching " big brother" or "surveillance society" and/or about the amount of data on individuals that is collected and used in the commercial sphere. More detailed comments relating specifically to the holding of information by public bodies tended to come later but, nonetheless, were inextricably bound with these initial themes.

Big brother society

3.3 The term "big brother" society was used to refer generally to the large amount of data that is collected on individuals (across both the public and commercial spheres), and also to a proliferation of surveillance mechanisms such as CCTV, electronic tagging and mobile phone tracking. While a minority of participants commented that they didn't mind or, indeed, that they welcomed, increased surveillance - either because it made them feel safer or because they had "nothing to hide" - the overall feeling was that the general monitoring and recording of different aspects of people's lives has gone "a bit far", compromising privacy.

Everybody has got [a mobile phone], they [can] be tracked anywhere […] If I've done something wrong they'll find me. As soon as I start using [it]. They can now put into your phone a wee bug thing, you don't know it's there, they know what part of the street you're standing in.
(Male, aged 50 or over, Stirling)

If you're selling your house, for instance, everyone on the internet can see round your house and know what you're getting for it when it's sold. I think that's a right breach of privacy and shouldn't be allowed.
(Female, aged 50 or over, Inverness)

3.4 Nevertheless, as the discussions progressed it became clear that even the staunchest critics of the big brother society were in fact fundamentally ambivalent on the matter, opposing data collection and surveillance that impacted on their own freedoms or privacy, but supporting that which they saw as benefitting either themselves or their communities (measures to monitor the movements of criminals, paedophiles and terrorists received particular mention in this regard). The following excerpt from a discussion between young people at the Stirling event is illustrative:

Male 1: [In] a few years to come they are actually going to chip us and it's for our benefit right and it's so we have ID and don't need a passport because all they are going to do is scan this wee thing that is attached to your skin. That is basically so they know where you [are at] all times. It's just like what you do with your dog… Don't get me wrong, there should be folk [who are chipped]; paedophiles and that…

Male 2: Paedophiles and rapist and that should be chipped so the police can go: "Oh, right, there he is in that street at such and such a time".

Female 1: But that will benefit everybody in society.

3.5 The contingent nature of views surrounding the privacy versus public interest dichotomy was a recurring theme across the events and is returned to over subsequent sections.

Data in the commercial domain

3.6 Participants spoke extensively and vociferously about the amount of personal data circulating in the commercial domain, typically bemoaning the high number of unsolicited sales calls they receive from companies which appear to have obtained information on their circumstances. Most participants were acutely aware and strongly critical of the tendency for commercial actors to sell individuals' details to each other for use in targeted marketing campaigns. Several also expressed concern about the growing ease with which such actors can "profile" individuals by drawing on data from multiple and diverse sources, including social networking sites like Facebook. There was a perception that this practice provides fertile ground for scams, fraud and identity theft. Indeed, a significant proportion of participants had experienced bank fraud and this led many of them to reflect on the apparent ease with which such offences are committed.

Advertising companies etc. will take information from your PC or what you've been looking [at] for your internet searches etc., and they are selling that in to advertising folk so that when you go onto websites and things it will come up with things that you are more likely to buy. They can basically run a personality check on me.
(Male, aged 18-34, Stirling)

Now everybody and their uncle with a cheap computer and a mobile phone can sit outside your house and get all your information. Every penny they took [from my bank account].
(Male, aged 50 or over Inverness)

3.7 It was clear that negative experiences of data collection or use by commercial actors had left many participants feeling wary of any organisations having their personal information, which impacted on subsequent discussions around data linkage.

Public bodies

3.8 As already mentioned, spontaneous detailed comments about the holding of personal information by public bodies were sometimes slower to emerge - or at least less well formed - than those relating to commercial actors. Indeed, some participants stated that they had "never really thought about" this matter or that it is "just part of the normal running of things" or "a fact of life" to which they are resigned. Nevertheless, when prompted for their views, virtually all participants engaged keenly with the subject. Their comments centred around three inter-related themes: trust; data security; and data use.

Trust

3.9 Many participants said that they generally trusted public bodies more than commercial organisations with their personal data. As Aitken (2011b) found, the NHS tended to be seen as particularly trustworthy due to the fact that health professionals are expected to abide by a moral code of conduct as part of their job and, more generally, to serve or help the public.

If you give your information to the Government etcetera, you kind of feel a bit more trusting that it is going to be used for a valid purpose.
(Male, aged 35-49, Glasgow)

I think you just assume that all your information is kept private. You just assume because [doctors] are obviously professionals; that's kind of their job description.
(Female, aged 18-34, Stirling)

3.10 Still, a significant minority of participants held considerably more sceptical views and there were four main reasons for this. The first was a wider lack of trust in public officials to act in the public interest, rather than for personal or political gain. Discussing this point, participants tended to refer to high profile scandals (for example, the MPs expenses row and the News International affair) and also to more localised cases of officials behaving corruptly or appearing to withhold information from the public - In Stirling there was specific reference to perceived attempts by the NHS to conceal or play down hospital infections. However, and as is discussed more fully later in this chapter, it was apparent that generalised distrust in public bodies also stemmed from feelings of disempowerment or disadvantage at the hands of 'the system' - for example, in respect of service provision, as well as broader processes such as 'labelling'.

If you have been a trouble maker as a child, then you are automatically a trouble maker when you're older; the same with the Council too - if you've got a nice enough face or whatever, then you do get stuff; you get a nice house with a big garden and the person they don't like is in the corner in a big high flat with five bairns and that's it.
(Female, aged 18-34, Stirling)

3.11 Second, there was repeated reference to high profile cases of public officials inadvertently losing personal data by leaving laptops and data sticks on trains or in bins or skips. These references often formed part of wider discussions about the potential for "human error" and "rogue" behaviour in all organisations, and the implications of this for data security; themes which are also returned to in the next section.

3.12 Third, among a significant proportion of participants, it was simply assumed that public bodies are actively selling individuals' data to commercial actors. This assumption was in part based on stories participants had come across in the media but, more commonly, on personal experiences. For example, several people recounted occasions on which they had been contacted by a commercial organisation in relation to a (sometimes recently diagnosed) health problem, contending that the only way the organisation could have known about their condition was through their GP or another branch of the NHS. Similarly, a couple of participants at the Stirling event made vague references to hearsay about the Council "selling off information to companies". There was suggestion that such behaviour by public bodies is symptomatic of the fact that they are increasingly short of funding and so under pressure to find additional sources of revenue.

3.13 A few of the more trusting participants expressed doubt that public bodies would sell personal information, pointing out that the Data Protection Act and professional codes of practice ward against this. However, their comments tended to hold little sway among their sceptical peers.

I got phone calls from a place in Dunblane saying: "Would you like to come and get treatment on your back?" How did they know I had problems with my back?
(Male, aged 50 or over, Stirling)

I think a lot of it is down to budget constraints. They will sell that information because their particular department needs the money. [T]he big companies, the drug companies and all the rest of it know this; they know all these government departments and things are strapped for money so they will offer money.
(Male, aged 50 or over, Inverness)

3.14 Some of the older participants alluded to a more general blurring of the boundary between the civic and commercial spheres owing to the contracting out or gradual "privatisation" of public services or elements thereof (the NHS tended to be the main focus here but in Glasgow there was also reference to the creation of Arms Length Organisations, or 'ALEOs', to run council services); a development that was seen as heralding a shift towards decision making based on financial, rather than public interest, imperatives, and, consequently, to have negative implications for the security and use of personal data.

The hospitals and that they're [be]coming more private all the time. It's selling the information; drugs and scans. There is no privacy.
(Male, aged 50 or over, Stirling)

Security

3.15 Consistent with Aitken's (2011b) findings, many participants were all too conscious of the fallibility of information technology and the difficulty of creating entirely "fool proof" security systems and procedures. There was particular concern about the potential for hacking, which tended to reflect personal experiences of fraud and other scams in the commercial domain, as well as media stories of security breaches in the largest and (ergo in participants' minds) best protected of organisations - there were specific references to the FBI, CIA and companies such as LinkedIn⁶.

Is anything secure? Some of the biggest data companies have lost millions and millions of people's data, so I just don't believe that anything is secure.
(Male, aged, 50 or over Glasgow)

3.16 As already indicated, other participants spoke less about the fallibility of systems and more about security risks arising from the "human factor" in public bodies; specifically, the potential for "human error" in data handling and for officials to behave indiscreetly, unscrupulously or corruptly - whether this be in terms of sharing or selling data, or using it for "covert" purposes.

I think I actually trust [public bodies] quite heavily, but there is always individuals; individuals will lose a memory stick, which unfortunately will [hold] quite a lot of useful data.
(Female, aged 35-49, Inverness)

It's individual people. It's people's nature that they like to know others' business…and they like to spread gossip, they like to cause mischief.
(Male, aged 50 or over Inverness)

3.17 As is discussed more fully towards the end of this chapter, such security-related concerns were often augmented when the discussion turned to the subject of data-linkage.

The use of data

3.18 Across the events, most participants acknowledged that public bodies need to hold data on individuals. While this point was most commonly made with reference to the importance of doctors and hospitals holding comprehensive patient records, the use of data to better design and target services was also recognised.

I think it's just an essential, whether you like it or not, in modern life. If […] there is no school for your kids to go [to] because they didn't have the statistics to say they needed a school there, then you wouldn't be too happy. It's just a fact of life; they need [data].
(Female, aged 35-49, Inverness)

3.19 At the same time, however, some participants contended that public bodies do not always seem to make use of the information they have. This view was often, though not exclusively, expressed by people who felt let down or in some way short changed by 'the system'; for example, one participant spoke incredulously about the fact that a known paedophile had been moved into her area, despite the area containing a high proportion of families with young children. Another contended that services as diverse as social work and refuse collection do not seem to be targeted appropriately, and another again commented that sections of society that are most in need of services, including the elderly, often bear the brunt of spending cuts or freezes.

3.20 Somewhat paradoxically, other participants felt that there is too much focus on (quantitative) research data and statistics in decision making, with the effect that individuals and groups are often crudely categorised and "labelled". As Aitken (2011) found, this was seen to result in discriminatory treatment and/or stigma, as well as policies and spending plans that fail to reflect the myriad of ways in with social and other problems are experienced across the population.

See the deprivation and that, there is people who are […] sitting there, maybe down in London, going: "wait a minute; that area there that's poor that area there… [we] better share out to the poor area" and [other] pockets get missed out. They aren't in the real world these people.
(Male, aged 35-49, Stirling)

3.21 As with concerns about data security, labelling re-emerged as a prominent theme during discussions about data linkage.

Data linkage

3.22 Unprompted views around cross-sectoral data linkage were sought towards the end of the first break-out sessions, prior to an informational presentation about the proposed Data Linkage Framework.

3.23 Participants tended to conceive of linkage primarily in terms of the sharing of information (both between and within sectors) about individuals to deliver "joined-up" services or to give agencies a better overview of individuals' circumstances. In particular, there was reference to the sharing of information between different parts of the health sector; between the health sector and social care sector; and between the social care and housing sectors. Similarly, a number of participants across the groups referred to the linking of data across agencies such as the HMRC, the DWP and housing departments/associations to identify people who are trying to "fiddle, wangle or get round the system". Linkage for research and statistical purposes was also mentioned spontaneously, albeit less frequently.

3.24 Virtually all participants recognised potential benefits of data linkage. In relation to linkage for research and statistical purposes specifically there was a particular focus on the potential for this to deliver better intelligence about local areas and subsequently improved or more targeted services. Many participants, several of whom worked in the health sector or had long term health conditions, also recognised that linkage could provide evidence to support public health improvements, especially in terms of the prevention and management of chronic and terminal conditions.

If you can work out that […] a small area of Glasgow has an increased incidence of lung cancer, and you also notice increased smoking and there's more unemployment about, you can target to address those issues. You can be more specific based on the needs of a specific area.
(Female, aged 18-34, Glasgow)

3.25 Still, most participants also had questions and concerns about data linkage. These, again, tended to cluster around issues of data use and data security, but anonymity and consent were also strong themes.

Data use

3.26 People often commented that, before giving definitive opinions on cross-sectoral data linkage, they would like to know more about the ultimate objectives of linkage, who would have access to the data and, related to this, how the data might be used. This reflected the widely held view that "information can be used for good or for bad".

3.27 On the theme of "bad" uses, it was commonly felt that linkage could lead to increased negative "labelling", or as some put it, "stereotyping" of people. More specifically, there was concern about the potential for labels to carry across sectoral boundaries and result in individuals or groups experiencing discriminatory treatment or stigma in multiple spheres. Stigma on account of having a criminal record - or simply having had some involvement with the criminal justice system - received particular mention. Such concern often led participants to express a view that bodies should only be able to access data that is directly relevant to their work.

It's not nice to think that you're having a link between housing and education, you know [… ] because housing is there for the parents, education is there for the child, and you can't make assumptions from a parent to a child, or the other way around: They're doing badly at school; their parents live in a council house. If you live in a council house; the kids will do badly at school. There's not a correlation between these things.
(Female, aged 18-34, Glasgow)

If you have done something 15 or 20 years ago [and] that's on your information, are you suddenly going to be subject to judgments?
(Male, aged 35-49, Stirling)

I think the police is a really scary one, because [there are] so many people who have been convicted and then had to go back and appeal that and different things.
(Female, aged 35-49, Stirling)

If you're sharing data and if [an organisation has] what they only require for their particular department or industry or whatever, and not the rest of the information then that would be fine. But if certain departments are getting access to all the information, then that would become an infringement on your rights.
(Female, aged 35-49, Glasgow)

3.28 Concern was similarly expressed over the possibility of linked data being used for commercial or political purposes. In referring to commercial uses, participants tended to have in mind companies accessing the data for marketing purposes and "financial gain". However, there was also a perception that banks and insurance companies could use the data to 'vet' potential clients; for example, refusing a mortgage to someone who had been evicted from a council property in the past. There was a strong consensus that such uses would not be acceptable.

3.29 Concerns around possible political uses of linked data were comparatively uncommon but no less keenly felt.

If the Government are using the details for the benefit of society, I think that's okay. But if the Government are using that data to then look at their next election campaign, or look at the independence campaign by looking at the demographics of a particular area, then I don't know if that's as acceptable. They'[d] simply be using our data for their own goals.
(Female, aged 18-34, Glasgow)

3.30 As the above quotation helps to illustrate, a dominant perspective was that for linkage to be allowed it must hold potential benefits for the public, or at least a segment of the public, whether that be a patient group, or residents of a particular area, or type of area etc.. Notably, benefits were conceived of in fairly broad terms, from short or medium term improvements to services, to longer term medical advances or health improvements.

Security

3.31 On the issue of security, participants often reiterated concerns, outlined earlier in this chapter, about the potential for any public data to be hacked and about the "human factor" in organisations that can result in data errors, losses and misuse. A number of participants contended that linkage would increase the likelihood of security breaches occurring, both because more people would have access to more data, and because it would be possible to obtain a significant amount of information about individuals "in one hit". Often these concerns were based on a mistaken assumption that, ultimately, linkage would result in the creation of one super-database of information that would be 'warehoused' for use by multiple organisations.

It would just make it easier for people to get that information in one hit rather than get[ting] a little bit from [here and] there, which would take longer. It makes it easier for people to steal your information.
(Male, aged 18-34, Inverness)

Anonymity and consent

3.32 Concerns about security and about potential misuses of linked data, were also often premised on an assumption that the data would include individuals' names and other personal information. When participants were reminded that this would generally not be the case, many immediately became more comfortable with, or indeed positively disposed towards, the idea of linkage (notwithstanding their conviction that the data should not be used for commercial or political purposes).

If it's anonymous; who cares?
(Male, aged,35-49, Inverness)

If it's anonymised, it's not doing any harm to anyone.
(Female, aged 18-34, Glasgow)

3.33 However, a small number of participants were keen to emphasise that, even with anonymisation, there would still be the potential for groups to be negatively profiled and labelled - for example, one participant expressed concern that linked data could be used for eugenics and racial profiling.

3.34 Other, particularly IT literate, participants contended that anonymised data could always be linked back to personal identifiers, such as people's names, addresses and other details, by anyone with the necessary knowhow, and that this presents a major security risk requiring consideration.

3.35 Regardless of their views around the impact of anonymisation, there was a general sense in which participants felt they should be kept informed about any linkages involving their data. A number of participants took this further, arguing that data subjects should routinely be asked for their permission before their data is used.

3.36 All of the above-mentioned views and concerns surrounding data linkage are discussed further in the next chapter, which explores participants' reactions and attitudes to the Data Linkage Framework.