← Back to Writing June 19, 2026
Fab's Friday Field Notes

Reading the Rock

Before you climb, you trust the topo. On 15 June, NHS England admitted the topo for its most sensitive patient data was wrong: suppliers hold standing access the public was told did not exist. Read through the eight Caldicott Principles, this is not a clerical slip but a question of trust, capability, and who, in the end, the data answers to.

3 min read

Friday Field Note

I learned to trust topos before I learned to climb hard. The guidebook tells you where the bolts or the anchors are, where it runs out, and where you can rest. You commit to the route on the strength of that page. The first time the page is wrong, you understand something that stays with you: the description is not a convenience. It is the thing your safety is built on.

I have been thinking about that all week, because of the NHS.

The Palantir NHS patient data arrangement works like this: the published document said only NHS England staff could reach identifiable patient data. On 15 June, NHS England admitted that the data protection assessment for one of its most sensitive patient-data environments contained an error. The published document said only NHS England staff could reach identifiable patient data. It turns out three Palantir engineers hold round-the-clock administrative access, with dozens more contractors added this month, widening Palantir’s reach into NHS patient data. The page did not match the rock.

I have written the full argument separately, framed around the Caldicott Principles, because it deserves the careful version. This is the shorter, more personal note.

What stays with me is not the error itself. Documents have errors. What stays with me is how it surfaced: not because anyone disclosed it, but because a campaign and the press pulled it into the light, and it was only confirmed when the National Data Guardian asked. In the mountains we have a word for the thing you find that you were not told about. We call it a surprise, and we spend our whole lives in the hills trying to eliminate them before we leave the ground. The eighth Caldicott Principle, the newest one, says the same thing in plainer language: no surprises.

There is a second thing, quieter and larger. The same company now sits across the NHS, defence, policing, borders and, since March, financial services. One platform under all of it. Every anchor clipped to a single bolt. And because that company answers, in the last resort, to US law, the whole arrangement starts to look less like a procurement and more like a strategic asset for somebody else. You do not build an anchor you have to hope holds. You build one that does not depend on hope.

I am not anti-technology, and this is not anti-Palantir for its own sake. It is pro the only thing that makes any of it work, which is trust you can verify. Dr Nicola Byrne asked the question the system is designed for her to ask, and the answer proved why it needed asking. The right response is not an apology and a corrected file. It is rebuilding the assurance until patients can trust what they are told without anyone having to climb up and check.

That is the standard. It always was.

The full piece, with the argument set out principle by principle, is here.