Six official reviews in as many weeks have been heavily critical of government policies and procedures that led to millions of citizens’ personal details being exposed, published to the internet, or lost.
In response to dozens of incidents in which private information including health records and bank details went missing, the reports’ authors agree on an urgent need for a complete overhaul of how such data is collected, stored and shared in the public sector.
In November the largest ever information loss occurred when two CDs, containing the private details of 25 million mothers and children and seven million bank account details, were sent by post from Her Majesty’s Revenue and Customs. They never arrived.
The Independent Police Complaints Commission investigation into the HMRC loss stated that the agency’s data protection was “woefully inadequate,” and that there was a “complete lack of any meaningful systems, a lack of understanding of the importance of data handling and a ‘muddle-through ethos.’”
A forensic analysis of the events by chairman of auditors Pricewaterhouse Coopers, Kieron Poynter, described it as “entirely avoidable, and the fact that it could happen points to serious institutional deficiencies at HMRC.”
In the months after this blunder, barely a week went by without revelations of further losses: 571 laptops lost by the Ministry of Defence in a decade, including one holding current British troop positions; 20 years of payroll details lost by a Kent NHS trust; 20,000 patient details lost by a London Hospital; confidential police computers dumped at a council tip; millions of driver details lost by the DVLA.
A total of 30 losses from Whitehall alone were reported between November and June this year to the Information Commissioner’s Office, which oversees and upholds privacy legislation.
Calls for change and criticism come from offices including the Home Affairs Committee, the Cabinet Office and the Independent Police Complaints Commission among them.
Justice Minster Michael Wills said last week that: “There is a clear need for radical change in government in how we handle data. We don’t handle data in the same way as we handle money, and I think we should.
“I don’t think anyone wants to see gigantic databases where anyone can go and search. I think the security implications of that are horrendous.”
A report from MPs on the Home Affairs Committee was specific in its demands that: “The Government should give an explicit undertaking to adhere to a principle of data minimisation and should resist a tendency to collect more personal information and establish larger databases.
“Any decision to create a major new database, to share information on databases, or to implement proposals for increased surveillance should be based on a proven need.”
While a Home Office spokesman said that a response to the Home Affairs Committee was due for release later this week, despite the criticism the government and civil service ‘Transformational Government’ project continues, with the express purpose of knowing and storing as much as possible about you.
The Transformational Government Vision Statement released in October states “there are enormous benefits to sharing information” and that the Data Protection Act “must not be used to justify unnecessary barriers to sharing information.”
“Codes of practice,” it continues, “will be to facilitate information sharing, not to add a burden to the data sharing process.”
A re-structured government would see personal details of citizens and businesses routinely shared between government departments. Key parts of this infrastructure are the large government databases that exist or are being prepared in the wings, such as the National Identity Scheme, a database of every citizen in the country, ContactPoint, a database of every child, and the National DNA Database.
James Hall, Head of the Identity and Passport Service which will operate the identity card scheme wrote last year that “increased inter-departmental co-operation will, by its nature, involve sharing more data about an individual between public sector organisations. The National Identity Scheme is being designed to meet that public expectation of improved services and joined-up government.”
Privacy campaigners hold that the government’s demonstrated failure to be able to keep hold of sensitive data is ample proof that Whitehall is incapable of safeguarding the details of our private lives. Such a ‘transformational government’ would be doomed to failure, they say.
As if to back this point, an independent review of the ContactPoint children’s database by auditors Deloitte in Touche in February reported that the system could never be made safe.
It said: “Risk can only be managed, not eliminated, and therefore there will always be a risk data security incidents occurring,” adding that this would arise mostly from the procedures of local authorities and agencies that accessed the database, and for whose child support services it has been created.
The Association of Directors of Children’s Services suggested that “an abuser could be able to access ContactPoint for illegitimate purposes with limited fear of any repercussions.”
With the government’s admission that celebrities and politicians can have their children’s details removed, Terri Dowty, from Action on Rights for Children, Arch, said that this amounted to an admission that it was insecure.
“The Government acknowledges the risks by instituting these protocols on celebrity and vulnerable children,” she said. “But all children are potentially vulnerable.”
Phil Booth, national coordinator of the NO2ID campaign against the ‘database state’ explained: “What the bureaucrats don’t understand is that information security is not the same as data protection, in the sense recognised by our Data Protection Act, which in turn is not the same as privacy.
“The government and Whitehall are determined to see objections to their hoarding of our personal details as only a problem of information security—a technical problem at which they can throw computer hardware and software.
“But the desire for privacy is much deeper than that: it is an emotional, psychological response to the feeling of having your life laid open for others to see. It has nothing to do with efficient public services, and it has not been addressed by the government–in fact it’s been wilfully ignored.”
The most recent report, the government Data Sharing Review written by Information Commissioner Richard Thomas and Dr Mark Walport, director of medical research charity the Wellcome Trust, was released last week.
It recommended that the government’s privacy watchdog, the Information Commissioner’s Office, should be given new powers of spot checks, more stringent penalties and better resources. It also suggested better access to anonymised personal records for medical research purposes.
But speaking only in general terms, it avoided any comment on the National Identity Scheme or ContactPoint, which together represent the largest repository of government-held personal information. Most extraordinarily, while the authors stated that data sharing is “intrinsically neither good nor bad” they suggested that ministers should have powers to remove “legislative barriers to data sharing,” where appropriate.
The Ministry of Justice said that it welcomed the recommendations in the report and had begun assessing what could be implemented, while a Home Office spokesman said that a response to the Home Affairs Committee was due for release later this week.
July saw David Davis MP re-elected in the Haltemprice and Howden by-election with an increased majority of 15,000 after standing on a civil liberties platform. But while Mr Davis is associated most with opposition to the government’s Counter-Terrorism Bill to incarcerate suspects for up to 42 days without charge, the more abstract—but very real—threat to liberty represented by a growing culture of data surveillance still lacks both a prominent poster boy and wider public understanding.
It is hard to quantify the harm that Whitehall’s lax approach to keeping our personal details safe is having.
Certainly some, like Top Gear presenter Jeremy Clarkson, thought the dangers were overblown and published his bank details in his column to prove it.
But after a £500 charity donation was made from his account, he changed his tune. The 25 million families affected by the HMRC scandal may not have had the opportunity to be so blasé.
But tales of misuse of information are all too common: last week, Humberside anti-corruption police investigated reports that officers had searched confidential police records to check out their daughters’ boyfriends. A further seven officers are under investigation after fears that they may be leaking information to known criminals.
In another case, Geoffrey Peck was captured on CCTV in 1995 when, while suffering from depression, he attempted to commit suicide in Brentwood High Street. When the council and newspapers passed published recognisable footage of incident, he argued in the court that his privacy had been breached. The European Court of Human Rights found in his favour in 2003.
And just this week, an investigation by the National Aids Trust found that children as young as four were being discriminated against at school after their HIV status was disclosed.
In one case, a girl who was not even aware of her condition discovered it from a teacher.
What will a ‘transformational’ government look like?
The architects of Transformational Government foresee a future civil service that uses modern technology to store and share records on every citizen, from name and address information to financial, tax, benefits and health records.
As the public sector delivers its services through separate departments, we find ourselves contacting several departments to notify them of the same changes. By enabling data-sharing across Whitehall, the policy’s designers say it will make our lives easier by informing all relevant departments of changes, help cut down on administrative wastage and the potential for fraud.
But while an efficient civil service is a noble aim, public services can be improved without the need to know more about the public, and the proven failure of the government and its contractors like Capita and EDS to deliver massive IT projects that actually work point to the enormous risks dangers of putting all the eggs in a single basket.
For example, the National Identity Register database at the core of the Identity Scheme will contain 50 categories of facts about us, from name and address, biometric fingerprints and photo, to passport, driving licence and NI numbers. It will also contain an ‘audit trail,’ recording each occasion an identity check is made against the register. As the Identity Cards Act requires this for access to public services such as local and central government departments or the NHS at least, this would leave a detailed record of our dealings.
Bringing such wide-ranging information and official identifiers together will prove a magnet for thieves and fraudsters, and with the register at the heart of an information-centric administration that touches millions of public sector workers in central and local government, the NHS and police, the likelihood of loss, misuse, or mishap is huge.
[This article originally appeared in The Big Issue, July 2008]