Telecare Soapbox: The security of telecare confidential information

Guy Dewsbury, Managing Director of gdewsbury, which is a freelance specialist technology writing service and consultancy, takes a thoughtful look at data security in telecare call centres and asks a few pertinent questions.

Let me state at the off that there are some really great call centres that I have been privileged to work with and some others I have become acquainted with that deserve high praise.

That said, when you pick up the phone and speak to your bank, you feel protected... You feel that the bank has done all it can to ensure that the data you provide is treated as confidential and is safe and secure, complete with the call centre being monitored 24/7 by security cameras and voice recording. Somehow, this rather childish and irrational illusion is maintained by a body that holds your money. In order to speak to someone at the bank, you need to undergo a rather humiliating and often nonsensical series of 'security' questions to prove your identity, which does little but prove you know the answers to those questions. It does not inquire about your personal circumstances. In fact, if a bank asked about your medication I suspect you might stop banking with them.

When someone contacts a telecare call centre the same security illusion is relevant for the caller. They should believe that their personal details are confidential and safely stored in a system where it would be impossible, or at least very difficult, for anyone to extract those details without detection.

Telecare call centres, like banks, have very sensitive data, possibly more sensitive than the bank. If your bank details are stolen then cards can be stopped and mitigating actions can be put in place to stop identity fraud. If someone steals personal data from a call centre, then not only will they have the name, address and other personal details about a person but also very sensitive data such as the keysafe number and location, or times when someone is in or out of their house. They might also have such personal details as "goes to bed at 6pm and sleeps with hearing aids by bed so access by keysafe only."

For a potential burglar or thief, the place to get a job would appear to be a telecare call centre as this provides the details of many hundreds of vulnerable adults who are at their mercy.

Ripe for the picking!

Experience suggests that in some telecare call centres there might only be one or two people in attendance at night. Therefore, there is little to stop operators copying confidential information for later use or to just sell down the pub or on the internet.

There are many questions that follow from this, which include: What checks are in place, legally and morally on the people that call centres employ? I suspect any checks might extend to an obligatory police check, which is pretty unreliable at best, and for people who are new to the country, barely any use.

• Are there any security methods or policies in place that all call centres must adhere to that mean staff have to undergo a more rigorous check than bank employees?
  ...Or have we blindly trusted in something that will come back to haunt us as we age?
• Do the police ever check out call centres when older people’s homes are broken into?
• Have call centre staff ever been accused of supplying confidential information to other sources?
  ...Or is this just ignored whilst we blindly trust that they have our loved ones best interests at heart?
• Finally, do the manufacturers/providers of the call centre software/systems consider the access to confidential information in any broader terms than the banking sector, or are they even considering it at that level?

Guy
Guy can be contacted via This e-mail address is being protected from spambots. You need JavaScript enabled to view it

See also this timely item from PublicService.co.uk NHS patient privacy: time to take action for the sake of Britain's health.