Apologies, I should have specified I meant on Googles servers.
The HES database contains attendence records. You only need a a single verified data point, such as a tabloid hack following you to the hospital one day, to remove pseudoanonymity. The debate over whether pseudoanonymised records or personalised records should be made available to organisations, in real terms, isn't distinct. You still only need one data point (an address, DOB etc) in the poorly pseudoanonymised set. Nothing really changes.
The implication seems to be the data is somehow less secure now its in Googles cloud, but that doesn't quite fit the reality of what we know about how data permeates through these incompetant organisations to begin with. The fact that PA had the data on DVD rather than disk is already an indication that they are a joke. Do you know of any prolific transparent encryption solutions for optical media? Most likely this data was in plaintext. If they carry the data around on unencrypted DVD what is the likelyhood that their own servers are secure, or at least more secure than Googles?
The bottom line is these records all exist and are necessary for the NHS to function, so a competant organisation may as well mine the data set. The issue, then, is that PA aren't competant, not that they use effective tools. Outrage is being misdirected.
No, there is plenty of justification for outrage all round. The NHS staff shouldn't have given the data to an untrustworthy organisation. That organisation shouldn't have given it to a data mining company under the jurisdiction of a foreign government. And that data mining company and foreign government will deserve similar outrage if they don't properly delete the illegally uploaded data as soon as possible after they are properly notified of the circumstances.
It wasn't necessary to share these records like this. You seem to be confusing access by clinicians, or at least legitimate medical researchers subject to similar medical ethics and confidentiality rules, with (as now alleged) just leaving it out there for literally anyone to find it.
Perhaps you aren't outraged by this, but I'll bet most people with a sensitive medical condition that might lead to unjustified discrimination would be. First they came for the HIV-positive, but I was not HIV-positive and I said nothing.
The HES database contains attendence records. You only need a a single verified data point, such as a tabloid hack following you to the hospital one day, to remove pseudoanonymity. The debate over whether pseudoanonymised records or personalised records should be made available to organisations, in real terms, isn't distinct. You still only need one data point (an address, DOB etc) in the poorly pseudoanonymised set. Nothing really changes.
The implication seems to be the data is somehow less secure now its in Googles cloud, but that doesn't quite fit the reality of what we know about how data permeates through these incompetant organisations to begin with. The fact that PA had the data on DVD rather than disk is already an indication that they are a joke. Do you know of any prolific transparent encryption solutions for optical media? Most likely this data was in plaintext. If they carry the data around on unencrypted DVD what is the likelyhood that their own servers are secure, or at least more secure than Googles?
The bottom line is these records all exist and are necessary for the NHS to function, so a competant organisation may as well mine the data set. The issue, then, is that PA aren't competant, not that they use effective tools. Outrage is being misdirected.