I do try to be constructive in response, Presiding Officer, but I think that much of what was just said was deeply unhelpful. The accusation that the NHS cannot be trusted with information and then trying to draw a link between a data breach from a criminal act, where, of course, we want to ensure that cybersecurity on sensitive information is appropriate and up-to-date, as far as possible, against what we know is a continually evolving criminal community who are acquiring these data—to try to draw a link between that and individual professionals who have failed in their duty to their profession and to the people they are responsible to and for, I just think is deeply unhelpful. I do not accept that there is an appropriate link to be drawn.

Rather than attempting to scare members of the public about the safety of NHS data and suggesting the answer lies in the law—I don’t think the answer does lie in the law. It’s about our systems for protecting those data and in providing assurance for people who access those data that they can be trusted. If they breach their very clear obligations, either as employees, as healthcare professionals or in terms of breaching the law, then they can expect to be pursued for those breaches, but, actually, the important point about health data is of course you want them to be secure, but we want them to be shared. Members regularly ask me in committee and in this Chamber, ‘How can we ensure that health data and information are shared between healthcare professionals, because there is much healthcare gain to be made in the sharing of those data?’ We want secure systems, we want professionals who can be trusted and held accountable if they breach those obligations, and that is the basis on which I will continue to act in balancing all of those different aspects, but ensuring, ultimately, the best interests of the patient will guide what we do and do not do.