So when I became a blood donor 5 years ago I didn’t think that one day my records would be stolen in a mugging in New York [1].
I doubt most people did. I don’t recall seeing a check box saying, “tick here to opt out of the IBTS giving your personal data away to organisations in foreign countries as and when we decide to upgrade our software”.

Such is the world we live in.
Frankly I’m surprised the loss of the data was such a physical one, rather than a hack.

So here are my main issues with the Irish Blood Transfusion Service:

1. I really do not think you have the right to simply dish out my personal information (including what communicable diseases I may or may not have) to just anyone as and when you like to.
2. There is no excuse, not one, for sending across 170,000 patient records. For any kind of “upgrade” or “testing”. Quite frankly if this was to run testing, then there is no reason except for sheer laziness for the data not to have been scrubbed, removing personal information. It isn’t that hard. The last time I did it for a project involving confidential patient information, it took about 2 hours. Including a cup of tea.
3. The IBTS chief executive says the data is encrypted. He says the odds of decrypting the data are the same as winning the Euromillions jackpot 10 weeks in a row. You are either wrong, still misinformed or just lying Andrew Kelly. The certainty of it being decrypted is 100%. The only variables are how long and how much resources you want to throw at the AES-256 encryption. And of course, the encryption passphrase, which is probably “IBTS” or “Password01″.

But it is great to know that the IBTS and the New York Blood Centre are both “deeply concerned” about the loss of the data.
Frankly, I’m concerned at the lack of blood flow to the brains in charge of the IBTS.

[1] Irish Times news report