Dear Medicines and Healthcare products Regulatory Agency,

Please supply me with all the information you have about the privacy design for the Clinical Practice Research Datalink (CPRD) including

- the threat model;
- the security policy;
- any assessments submitted to or performed by third parties including the ICO and CESG;
- design documents for the privacy enhancing technologies in use or contemplated;
- the design documents and evaluation reports for any trusted third party used for data linkage;
- contracts with operators of trusted third parties and policy documents specifying the protocols to be used for record linkage, service level agreements, liability and audit requirements;
- full details of how encryption will be used as a privacy enhancing technology;
- full details of any other linkage or anonymisation methods used when longitudonal records are assembled from data contributed by different healthcare providers;
- any assessments that have been performed of other potentially personally identifying information released to researchers in addition to encrypted patient and practice identifiers;
- full details of statistical security and inference control mechanisms used to assess and control queries submitted interactively to CPRD by researchers;
- full details of the query audit mechanisms that will be used to detect abuse of non-interactive access after the fact;
- any technical assessments of the combined effectiveness of query auditing plus data perturbation, of the effect of data perturbation on the clinical dependability of perturbed data, and of any design trade-offs made between privacy and clinical dependability;
- copies of the agreements that CPRD users will have to sign to get access;
- copies of any legal opinions sought by the MHRA on the legality of CPRD and in particular its compliance with DPA 1998 and with S8 ECHR;
- any privacy impact assessments performed for CPRD.

Yours faithfully,

Ross Anderson
http://www.ross-anderson.com

MHRA Central Enquiry Point, Medicines and Healthcare Products Regulatory Agency

Dear Enquirer,

Thank you for your enquiry to the MHRA. This automated response confirms
that we have received your email and that it will be dealt with as quickly
as possible.

You can expect a reply from us within a few days for a straightforward
request, however where a more detailed response or contribution from a
specialist is required this is likely to take longer; we endeavour to
respond to all requests within the Department of Health’s target response
time of 20 working days. Further information on how we handle different
requests can be found on our website at the link below:

[1]http://www.mhra.gov.uk/Contactus/Central...

The MHRA website contains a wealth of information which may assist with
your enquiry. Some of our popular pages are:

Clinical Trials of medicines:
[2]http://www.mhra.gov.uk/Howweregulate/Med...
       
Clinical Trials of medical devices:

[3]http://www.mhra.gov.uk/Howweregulate/Dev...

Manufacturer’s and wholesale dealer’s licences:
[4]http://www.mhra.gov.uk/Howweregulate/Med...

Registration of medical devices, opticians and dental laboratories:
[5]http://www.mhra.gov.uk/Howweregulate/Dev...

Reporting a side effect to a medicine:
[6]http://www.mhra.gov.uk/Safetyinformation...

Reporting an adverse incident involving a medical device:

[7]http://www.mhra.gov.uk/Safetyinformation...

Does my product need a licence?:
[8]http://www.mhra.gov.uk/Howweregulate/Med...

Reporting a counterfeit medical product:

[9]http://www.mhra.gov.uk/Safetyinformation...

Buying medicines over the internet:

[10]http://www.mhra.gov.uk/Safetyinformation...

If you have not heard from us after 20 working days then please contact us
on 020 3080 6000.

Kind regards

Central Enquiry Point
Information Services
Medicines and Healthcare products Regulatory Agency

Please note this is an automated reply; please do not respond to this
message.

This email and any files transmitted with it are confidential. If you are
not the intended recipient, any reading, printing, storage, disclosure,
copying or any other action taken in respect of this email is prohibited
and may be unlawful.

 

If you are not the intended recipient, please notify the sender
immediately by using the reply function and then permanently delete what
you have received.Incoming and outgoing email messages are routinely
monitored for compliance with the Department of Healths policy on the use
of electronic communications.

 

For more information on the Department of Healths email policy, click

http://www.dh.gov.uk/DHTermsAndCondition...

show quoted sections

Communications via the GSi may be automatically logged, monitored and/or
recorded for legal purposes.

References

Visible links
1. http://www.mhra.gov.uk/Contactus/Central...
2. http://www.mhra.gov.uk/Howweregulate/Med...
3. http://www.mhra.gov.uk/Howweregulate/Dev...
4. http://www.mhra.gov.uk/Howweregulate/Med...
5. http://www.mhra.gov.uk/Howweregulate/Dev...
6. http://www.mhra.gov.uk/Safetyinformation...
7. http://www.mhra.gov.uk/Safetyinformation...
8. http://www.mhra.gov.uk/Howweregulate/Med...
9. http://www.mhra.gov.uk/Safetyinformation...
10. http://www.mhra.gov.uk/Safetyinformation...

MHRA Central Enquiry Point, Medicines and Healthcare Products Regulatory Agency

Our Ref: FOI 12/131

Dear Ross Anderson,

RE: REQUEST UNDER THE FREEDOM OF INFORMATION ACT 2000

Thank you for your enquiry which we received on 19th March.


I confirm that your request is being handled under the Freedom of Information Act and you should receive a reply within 20 working days from our date of receipt.

If you need to contact us again about this request, please quote the reference number above.

Yours Sincerely

Central Enquiry Point
Information Services
MHRA
Tel: 020 3080 6000

show quoted sections

Dear MHRA Central Enquiry Point,

By law, you should have responded by 17 April 2012 (yesterday) to my FOI request concerning the privacy mechanisms in CPRD.

Is there some lawful excuse for the delay?

Yours sincerely,

Ross Anderson

MHRA Central Enquiry Point, Medicines and Healthcare Products Regulatory Agency

Dear Enquirer,

Thank you for your enquiry to the MHRA. This automated response confirms
that we have received your email and that it will be dealt with as quickly
as possible.

You can expect a reply from us within a few days for a straightforward
request, however where a more detailed response or contribution from a
specialist is required this is likely to take longer; we endeavour to
respond to all requests within the Department of Health’s target response
time of 20 working days. Further information on how we handle different
requests can be found on our website at the link below:

[1]http://www.mhra.gov.uk/Contactus/Central...

The MHRA website contains a wealth of information which may assist with
your enquiry. Some of our popular pages are:

Clinical Trials of medicines:
[2]http://www.mhra.gov.uk/Howweregulate/Med...
       
Clinical Trials of medical devices:

[3]http://www.mhra.gov.uk/Howweregulate/Dev...

Manufacturer’s and wholesale dealer’s licences:
[4]http://www.mhra.gov.uk/Howweregulate/Med...

Registration of medical devices, opticians and dental laboratories:
[5]http://www.mhra.gov.uk/Howweregulate/Dev...

Reporting a side effect to a medicine:
[6]http://www.mhra.gov.uk/Safetyinformation...

Reporting an adverse incident involving a medical device:

[7]http://www.mhra.gov.uk/Safetyinformation...

Does my product need a licence?:
[8]http://www.mhra.gov.uk/Howweregulate/Med...

Reporting a counterfeit medical product:

[9]http://www.mhra.gov.uk/Safetyinformation...

Buying medicines over the internet:

[10]http://www.mhra.gov.uk/Safetyinformation...

If you have not heard from us after 20 working days then please contact us
on 020 3080 6000.

Kind regards

Central Enquiry Point
Information Services
Medicines and Healthcare products Regulatory Agency

Please note this is an automated reply; please do not respond to this
message.

This email and any files transmitted with it are confidential. If you are
not the intended recipient, any reading, printing, storage, disclosure,
copying or any other action taken in respect of this email is prohibited
and may be unlawful.

 

If you are not the intended recipient, please notify the sender
immediately by using the reply function and then permanently delete what
you have received.Incoming and outgoing email messages are routinely
monitored for compliance with the Department of Healths policy on the use
of electronic communications.

 

For more information on the Department of Healths email policy, click

http://www.dh.gov.uk/DHTermsAndCondition...

show quoted sections

Communications via the GSi may be automatically logged, monitored and/or
recorded for legal purposes.

References

Visible links
1. http://www.mhra.gov.uk/Contactus/Central...
2. http://www.mhra.gov.uk/Howweregulate/Med...
3. http://www.mhra.gov.uk/Howweregulate/Dev...
4. http://www.mhra.gov.uk/Howweregulate/Med...
5. http://www.mhra.gov.uk/Howweregulate/Dev...
6. http://www.mhra.gov.uk/Safetyinformation...
7. http://www.mhra.gov.uk/Safetyinformation...
8. http://www.mhra.gov.uk/Howweregulate/Med...
9. http://www.mhra.gov.uk/Safetyinformation...
10. http://www.mhra.gov.uk/Safetyinformation...

Ford, Jon, Medicines and Healthcare Products Regulatory Agency

5 Attachments

Dear Professor Anderson
 
Please find attached a response and additional documents to your request
for information about privacy mechanisms in CPRD. This response is being
sent on behalf of Dr John Parkinson, CPRD Director.
 
 
Jon Ford
CPRD Head of Operations
020 3080 6581
 
 
5th Floor, 151 Buckingham Palace Road,
London, SW1W 9SZ.
 
 

This email and any files transmitted with it are confidential. If you are
not the intended recipient, any reading, printing, storage, disclosure,
copying or any other action taken in respect of this email is prohibited
and may be unlawful.

 

If you are not the intended recipient, please notify the sender
immediately by using the reply function and then permanently delete what
you have received.Incoming and outgoing email messages are routinely
monitored for compliance with the Department of Healths policy on the use
of electronic communications.

 

For more information on the Department of Healths email policy, click

http://www.dh.gov.uk/DHTermsAndCondition...

show quoted sections

Communications via the GSi may be automatically logged, monitored and/or
recorded for legal purposes.

Dear Medicines and Healthcare products Regulatory Agency,

Please pass this on to the person who conducts Freedom of Information reviews.

I am writing to request an internal review of Medicines and Healthcare products Regulatory Agency's handling of my FOI request 'Privacy mechanisms in CPRD'.

I requested information on how privacy will be protected in CPRD and you refused this on the grounds that discussing your security mechanisms would be bad for security. This is wrong for at least four reasons.

(1) You submitted a paper "Privacy protection and research access mechanisms for National Health Service Data: The Clinical Practice Research Datalink" to the Journal of the American Medical Informatics Association, which contains much of the information which I sought and which you refused to disclose. The authors were Tim Holt, Tarita Murray-Thomas, Tim Williams and John Parkinson. I was sent the paper to referee, and made a number of criticisms of it, following which I understand it was rejected. I am not supposed to discuss the contents of this paper publicly because of the confidentiality obligation that I owe to JAMIA. However this is information which CPRD attempted to publish, and thus you cannot reasonably now argue that its publication would jeopardise security, expose their systems to attack and undermine the public health benefits.

(2) You cite cite s.43 as the basis for refusing to release material which you claim would imperil your security. But section 43 deals solely with prejudice to commercial interests and not with any of those matters.

(3) As a general proposition, the claim that discussing security mechanisms will endanger security is incorrect. There is a substantial research literature on this starting with Auguste Kerckhoffs in 1883 (see for example http://en.wikipedia.org/wiki/Kerckhoffs%... there is also a discussion in my textbook "Security Engineering").

(4) The government's Open Data "tsar", Tim Kelsey, promised at a public meeting in Cambridge, in response to a question from me, that the inference control mechanisms in use would be made public, as this was necessary not just for public confidence but for clinical safety. If, for example, data have been subjected to perturbation, or the trimming of extreme values, this may affect the conclusions to be drawn from them; and if de-identification is done by means of replacing name with postcode plus date of birth, then a researcher must consider the probability of misidentification (twins, students etc).

A full history of my FOI request and all correspondence is available on the Internet at this address:
http://www.whatdotheyknow.com/request/pr...

Yours faithfully,

Ross Anderson
www.ross-anderson.com

MHRA Central Enquiry Point, Medicines and Healthcare Products Regulatory Agency

Dear Enquirer,

Thank you for your enquiry to the MHRA. This automated response confirms
that we have received your email and that it will be dealt with as quickly
as possible.

You can expect a reply from us within a few days for a straightforward
request, however where a more detailed response or contribution from a
specialist is required this is likely to take longer; we endeavour to
respond to all requests within the Department of Health’s target response
time of 20 working days. Further information on how we handle different
requests can be found on our website at the link below:

[1]http://www.mhra.gov.uk/Contactus/Central...

The MHRA website contains a wealth of information which may assist with
your enquiry. Some of our popular pages are:

Clinical Trials of medicines:
[2]http://www.mhra.gov.uk/Howweregulate/Med...
       
Clinical Trials of medical devices:

[3]http://www.mhra.gov.uk/Howweregulate/Dev...

Manufacturer’s and wholesale dealer’s licences:
[4]http://www.mhra.gov.uk/Howweregulate/Med...

Registration of medical devices, opticians and dental laboratories:
[5]http://www.mhra.gov.uk/Howweregulate/Dev...

Reporting a side effect to a medicine:
[6]http://www.mhra.gov.uk/Safetyinformation...

Reporting an adverse incident involving a medical device:

[7]http://www.mhra.gov.uk/Safetyinformation...

Does my product need a licence?:
[8]http://www.mhra.gov.uk/Howweregulate/Med...

Reporting a counterfeit medical product:

[9]http://www.mhra.gov.uk/Safetyinformation...

Buying medicines over the internet:

[10]http://www.mhra.gov.uk/Safetyinformation...

If you have not heard from us after 20 working days then please contact us
on 020 3080 6000.

**Please note the Agency will be closed on Bank Holiday Monday 7 March
2012**

Kind regards

Central Enquiry Point
Information Services
Medicines and Healthcare products Regulatory Agency

Please note this is an automated reply; please do not respond to this
message.

This email and any files transmitted with it are confidential. If you are
not the intended recipient, any reading, printing, storage, disclosure,
copying or any other action taken in respect of this email is prohibited
and may be unlawful.

 

If you are not the intended recipient, please notify the sender
immediately by using the reply function and then permanently delete what
you have received.Incoming and outgoing email messages are routinely
monitored for compliance with the Department of Healths policy on the use
of electronic communications.

 

For more information on the Department of Healths email policy, click

http://www.dh.gov.uk/DHTermsAndCondition...

show quoted sections

Communications via the GSi may be automatically logged, monitored and/or
recorded for legal purposes.

References

Visible links
1. http://www.mhra.gov.uk/Contactus/Central...
2. http://www.mhra.gov.uk/Howweregulate/Med...
3. http://www.mhra.gov.uk/Howweregulate/Dev...
4. http://www.mhra.gov.uk/Howweregulate/Med...
5. http://www.mhra.gov.uk/Howweregulate/Dev...
6. http://www.mhra.gov.uk/Safetyinformation...
7. http://www.mhra.gov.uk/Safetyinformation...
8. http://www.mhra.gov.uk/Howweregulate/Med...
9. http://www.mhra.gov.uk/Safetyinformation...
10. http://www.mhra.gov.uk/Safetyinformation...

Wilson, Stephen, Medicines and Healthcare Products Regulatory Agency

1 Attachment

Dear Mr Anderson
 
Thank you for your email of 4 May 2012 requesting an internal review of
the MHRA’s decision to withhold certain parts of the information sought in
your original request (FOI 12/131). I have now had a preliminary
discussion with the answering Division regarding this matter.
 
I have not yet conducted a formal review as I wanted to try and clarify
some points with you first.
 
Your initial request asked for the following information:
 
“…all the information you have about the privacy design for the Clinical
Practice Research Datalink (CPRD) including
 

 a. the threat model;
 b. the security policy;
 c. any assessments submitted to or performed by third parties including
the ICO and CESG;
 d. design documents for the privacy enhancing technologies in use or
contemplated;
 e. the design documents and evaluation reports for any trusted third
party used for data linkage;
 f. contracts with operators of trusted third parties and policy documents
specifying the protocols to be used for record linkage, service level
agreements, liability and audit requirements;
 g. full details of how encryption will be used as a privacy enhancing
technology;
 h. full details of any other linkage or anonymisation methods used when
longitudonal records are assembled from data contributed by different
healthcare providers;
 i. any assessments that have been performed of other potentially
personally identifying information released to researchers in addition
to encrypted patient and practice identifiers;
 j. full details of statistical security and inference control mechanisms
used to assess and control queries submitted interactively to CPRD by
researchers;
 k. full details of the query audit mechanisms that will be used to detect
abuse of non-interactive access after the fact;
 l. any technical assessments of the combined effectiveness of query
auditing plus data perturbation, of the effect of data perturbation on
the clinical dependability of perturbed data, and of any design
trade-offs made between privacy and clinical dependability;
 m. copies of the agreements that CPRD users will have to sign to get
access;
 n. copies of any legal opinions sought by the MHRA on the legality of
CPRD and in particular its compliance with DPA 1998 and with S8 ECHR;
 o. any privacy impact assessments performed for CPRD.”

 
 
In our original reply
 
a) the threat model, and
b) the security policy
 
Were not answered as we sought clarification as to what you required. If
you still wish to pursue this specific information, may I request that you
supply this clarification either to myself, or to Mr Ford who provided the
original answer and we will be happy to progress this for you.
 
The following questions appear to me to have been answered in the original
request, but I would be grateful if you could confirm this for me, and
that you were satisfied with those answers?
 

 i. any assessments that have been performed of other potentially
personally identifying information released to researchers in addition
to encrypted patient and practice identifiers;
 j. copies of the agreements that CPRD users will have to sign to get
access;
 k. copies of any legal opinions sought by the MHRA on the legality of
CPRD and in particular its compliance with DPA 1998 and with S8 ECHR;
 l. any privacy impact assessments performed for CPRD.

 
 
The following questions were all refused citing section 43 of the FOIA
(commercial interests)
 
c) any assessments submitted to or performed by third parties including
the ICO and CESG;
d) design documents for the privacy enhancing technologies in use or
contemplated;
e) the design documents and evaluation reports for any trusted third party
used for data linkage;
f) contracts with operators of trusted third parties and policy documents
specifying the protocols to be used for record linkage, service level
agreements, liability and audit requirements;
g) full details of how encryption will be used as a privacy enhancing
technology;
h) full details of any other linkage or anonymisation methods used when
longitudonal records are assembled from data contributed by different
healthcare providers;
j) full details of statistical security and inference control mechanisms
used to assess and control queries submitted interactively to CPRD by
researchers;
k) full details of the query audit mechanisms that will be used to detect
abuse of non-interactive access after the fact;
l) any technical assessments of the combined effectiveness of query
auditing plus data perturbation, of the effect of data perturbation on the
clinical dependability of perturbed data, and of any design trade-offs
made between privacy and clinical dependability;
 
I have looked at the answers given and it is my belief that you are
correct insofar as that the compromise of system security is not –in
itself- a relevant consideration when considering Section 43.
 
However, in our response to those questions we said that we were unwilling
to release information which could jeopardise the security of our systems,
and that we would claim exemption under section 43 of the Act. We should
have been clearer about the rationale for this statement, as we accept
that section 43, in providing for exemption on grounds of commercial
interest does not explicitly deal with issues of security and
confidentiality. The grounds on which we believe the exemption does apply
are as follows:
 

* If we disclose under the Act detailed information about our security
provisions, we would be placing into the public domain details about
the methods we use to safeguard our data. In doing so we would be
giving a direction to any parties wishing to maliciously attack our
organisation. Any potential hacker or other malicious party would be
provided with a first step on how to focus their attempts to
circumvent our security provisions. We have sought guidance from the
Agency’s Senior Information and Risk Owner who has confirmed that she
would not wish to release details of our security systems as to do so
would inherently compromise security. Any party which was able to
maliciously access our systems would place our business at serious
risk, both in terms of business interruption and reputational damage.
This in turn would have a significant negative effect on the viability
of our business. As such we contend that our own commercial interests
would be compromised by a release of information about our security
systems.

 

* In a number of cases we have invested significantly in terms of both
finance and effort in developing new systems. Were these to be placed
into the public domain following disclosure under the Act, one of our
commercial competitors could take advantage of our development work
and set up competing systems. Without the cost of development which we
have had to bear, such commercial competitors would be able to
undercut our services and take a competitive advantage as a result of
disclosure. This would compromise our own commercial interests, and we
would therefore seek to apply the section 43 exemption in order to
protect our interests.

 
In discussing our commercial interests we would also like to stress the
nature of our business activities, both in terms of CPRD and its
predecessor activity GPRD. CPRD and GPRD both exist to provide and support
high quality research which is undertaken for the public benefit. All
research undertaken using our data is protocol controlled and has to be
authorised by the Independent Scientific Advisory Committee. A failure of
our business model arising from disclosure of information following a
request under the Act would prejudice this research activity and the
benefit to public health which derives from it. To that extent we consider
that the public interest is clearly weighted in favour of maintaining the
exemption.
 
I have also discussed the issue of the JAMIA report with the answering
Division and, following that discussion, we see no reason why this cannot
now be disclosed to you (please find attached)
 
If you are satisfied with this reply, I will conclude the internal review
process at this stage. However, should you remain dissatisfied with the
Agency’s response I will formalise the review and send you a copy so that
you can, if you wish, escalate the matter to the Information
Commissioner’s Office.
 
Kind regards
 
Steve Wilson

show quoted sections

Dear Stephen,

Thank you for the Holt paper.

When building a secure system, the standard procedure is to first write down a threat model, which is typically a list of the bad things against which you want protection. In the case of an anonymised medical record system, this might include theft of copies of anonymised data, for example when a laptop is stolen from a hospital (as in the June 2011 London Health Programmes case); dishonest insiders (such as when Dr Andrew Jamieson accessed celebrity records on the Scottish Emergency Medical Record); and an academic publishing a means of re-identifying your records (see for example the work of Latanya Sweeney).

The second step is to develop a security policy, which states how the documented threats are to be mitigated. For example, the HIPAA regulations in the USA typically require that de-identified data be such that no more than 0.04% of patients can be reidentified, while "differential privacy" requires that none may be, even in the face of adaptive queries of the database by an opponent. These terms are explained and illustrated in much greater detail in standard textbooks such as my own "Security Engineering" book (available online at http://www.cl.cam.ac.uk/~rja14/book.html).

The first two parts of my freedom of information request thus seek the documentation you assembled (including meetings of minutes you held) to assess what the threat would be to your system, and the top-level strategy you adopted in order to manage the resulting risks. You talk later in your email about business interruption and reputational damage. The assessment you carried out of that should be part of the threat model.

Next, you refuse to release any details of how the security policy was implemented by means of inference control mechanisms, audit procedures and other protections, making a "security-by-obscurity" argument that "We have sought guidance from the Agency’s Senior Information and Risk Owner who has confirmed that she would not wish to release details of our security systems as to do so would inherently compromise security."

The strong consensus of security professionals is that this "security-by-obscurity" argument is wrong in general and does not apply in most cases. Again, my book has much further detail, but for historical background, obscurity was first dismissed by Auguste Kerckhoffs in 1883; the principle that "the enemy knows the system" was restated by Claude Shannon, father of information theory and a top US cryptanalyst, in the 1940s. With the greatest of respect, it is not appropriate for a mid-level civil servant who presumably has no professional expertise in the subject to think she knows better. Indeed, there is a long history of people relying on security systems with obscure designs that failed catastrophically because of weaknesses that would have been immediately obvious on public review. If you persist in refusing to disclose the statistical security mechanisms on which we are all as patients expected to rely for the privacy of our health information, then I will appeal this to the ICO and if need be the Tribunal.

The same applies for any evaluations you have had done on the statistical security mechanisms, whether by an outside consultancy or by an internal government body such as CESG. If you have had no evaluation done, that is disgraceful and a matter of public interest; if you've had an evaluation that gave you a clean bill of health, you have no reason to withhold it.

Finally, I'd like to remind you that Tim Kelsey did undertake at a public meeting on 8 September 2011 that the statistical security mechanisms would be open to public review.

Yours sincerely,

Ross Anderson
www.ross-anderson.com

MHRA Customer Services, Medicines and Healthcare Products Regulatory Agency

1 Attachment

Dear Professor Anderson,
       
Thank you for your enquiry to the MHRA.
 
Attached is the response to your request.
               
Kind Regards,
 
 
Customer Services
External Relations
Medicines and Healthcare products Regulatory Agency
 
Tel: 020 3080 6000
 
 
 
 

This email and any files transmitted with it are confidential. If you are
not the intended recipient, any reading, printing, storage, disclosure,
copying or any other action taken in respect of this email is prohibited
and may be unlawful.

 

If you are not the intended recipient, please notify the sender
immediately by using the reply function and then permanently delete what
you have received.Incoming and outgoing email messages are routinely
monitored for compliance with the Department of Healths policy on the use
of electronic communications.

 

For more information on the Department of Healths email policy, click

http://www.dh.gov.uk/DHTermsAndCondition...

show quoted sections

Communications via the GSi may be automatically logged, monitored and/or
recorded for legal purposes.

Andrew McLean left an annotation ()

It might be instructive to ask what the Terms Of Reference of the annual "IT health check" are. It's not obvious that the analysis carried out as part of this process would cover all the relevant issues, particularly the very specialised problems of the adequacy of the data anonymisation.

David Ellington left an annotation ()

It is imperative and within the 'Public's best interest' that the information is actually made available. Making decisions on behalf of the public that could potentially have catastrophic consequences should data fall into the wrong hands is not a good enough excuse or justification.

If cryptography is up to scratch there is nothing to worry about in revealing this information!