Friday, 7 August 2009

Easy-to-use or Easy-to-lose? Health-care call-centers sneezing over our private data

The risks of inappropriate data handling in health-care call-centers has been raised again in the press recently. It is clear that there needs to be some conduit for this sort of highly personal information as companies like insurers constantly need to utilize the information.

However, call-centers present a significant risk to data privacy. The bulk of the work in a call center is performed by low paid, low skilled telephone operatives in an industry where 30% annual turn over of staff is consider exceptionally low. One researcher suggests that in the banking sector in Scotland, the annual staff turnover is more like 80%. Worse still, police investigations have shown that call centers in some industries are routinely infiltrated by members of criminal gangs whose aims are to get copies of valuable data.

The original article acknowledges the insider and external threats, and states “Agents must have “easy to use” and reliable means to send and receive confidential…” information “ … inside the firewall, as well as outside.” We all know that “easy-to-use” systems and “secure-systems” rarely go together. With the low skills level and high staff turn over, my guess is that “easy” trumps “secure”. Perhaps we should associate "easy-to-use" with "easy-to-lose" (data).

Do you want your precious health-care record sneezed on and transmitted “un-healthily” around a call center?