Cloud computing and employment rights


Very interesting note by Philip Carnelley on the site on Software as a service, cloud computing and employment rights.

Phil attended a briefing by lawyers Olswang on on SaaS and the Cloud.

I have not heard a lawyer’s perspective before. In particular, it had never crossed my mind that TUPE regulations might apply. In one case I heard about, a large corporate decided to let Microsoft host its Exchange email service. This meant they no longer needed the dozen or more staff to run it in-house. The company in question was about to give the Exchange support team their marching orders when the lawyers mentioned the dread words: “TUPE!!”

It never crossed my mind either- and, I bet yours.

Perhaps it is time to put on the thinking caps. Life could suddenly get more complicated for organisations looking at small scale or piecemeal outsourcing.

Meanwhile, returning to yesterday’s obsession. Not all ministers and government departments are quite as brazen as Phil Woolas at the Home Office on data security.

When Crispin Blunt MP asked the Secretary of State for Health how many breaches of information security there have been at his Department and its agencies in the last five years, he got a fuller, if nontheless distorted answer to that given by Phil Woolas.

In the last five years the Department of Health has recorded one notifiable breach of information security.

There were no reportable breaches for either of the Department's two executive agencies—the Medicines and Healthcare products Regulatory Agency (MHRA) and NHS Purchasing and Supply Agency (PASA).

The Department and its agencies report all significant personal data security breaches to the Cabinet Office and the Information Commissioner (IC).

Information on personal security data breaches are published on an annual basis in the Department's annual resource accounts as required under the mandatory requirements of the Data Handling Report published on 25 June 2008.

The Department reported on the above personal data breach in its 2007-08 annual resource account, which can be found at

A copy has been placed in the Library.

Additionally, all significant control weaknesses including other significant security breaches are included in the Statement of Internal Control which is published within the annual resource accounts.

Some information, but not quite the whole truth is it? I haven’t asked, but I imagine Crispin Blunt wanted an idea of the state of data security across the NHS, not just what was going on in Whitehall head office.

Data security across the wider health service is, quite a different story – see here and here – for starters. The issue is central to the distrust of the National Programme for IT in the NHS – among both clinicians and the wider population.

Given that the NHS is taking serious measures to improve its data security and that NHS leaders want to be seen to be doing the right thing, why not come clean? Why not give a reasonably full account of what has gone wrong and use that as a platform to promote the good practice that is being instituted?

"Recommended For You"

NHS "loses" 8.6 million patient records NHS fails to advertise for Granger replacement