Unsurprisingly, little has changed since the data was last lost in March and is reidentifiable.

Today there was a ministerial statement in the House of Commons about a new breach (at noon exactly)

Biobank claim that the data is “deidentified” – all that means if that you can’t find someone you don’t know, if you know anything about someone you can read off the rest of their health record.

A series of terrible decisions by Biobank’s outgoing leadership have all come together at once.

That UK Biobank have referred themselves to the Information Commissioner shows they know this was personal data. it was personal data.

Biobank told their funders, their members and others that they operated a secure data environment, while allowing their users to download whatever data they wanted.

Will the “Biobank Direction” be rescinded?

They lost a lot of data

“In its statement, Biobank said the type of data offered for sale included:

• Population characteristics such as gender, age, month and year of birth;

• Assessment centre data including attendance date, socioeconomic status, lifestyle habits, mental health, self-reported medical history, cognitive function and physical measures;

• Measures from biological samples including haematology, biochemistry, metabolomic and proteomic;

• Online questionnaire data on sleep, diet, work environment and mental health;

• Health outcomes data on ICD-coded diseases, cancer diagnosis date etc.”

(source)