UK parents to get online check of 8m child workers records

Monumental security and privacy disaster ahoy...

Build a business case: developing custom apps

The UK Government today announces plans for a massive data, security and privacy own goal, in the shape of the Safeguarding Vulnerable Groups Bill. The Bill, which is intended to widen and centralise the vetting of people working with children (approximately 8 million individuals), will allow (indeed, compel) employers, including parents hiring nannies and childminders, to check the records of potential employees online.

The production of the centralised (with "real time" updating) list will be a mega IT challenge of itself. Several overlapping lists (including List 99 for education, the Sex Offenders Register and the Protection of Children Act lists) currently exist, and the task of merging them leaves plenty of scope for the usual delays and disasters. And there are legal considerations which we'll go into shortly.

The big sales point for the Bill, however, is the reassurance that fast checking of an up to date central database of teachers, nannies, care and youth workers can offer to parents. Secure online access for schools is perhaps just about conceivable, given that the location of terminals and the authorised users of the system can at least in theory be severely restricted (in, erm, schools and education administration offices throughout the country - no, we don't really believe that either), but how do you handle nannies? Children's Minister Beverley Hughes (last seen in these parts letting large numbers of fraudulent visa applicants through a huge Home Office security hole) assures us that "parents for the first time will be able to check online when they're employing a nanny or a music teacher [for example]", so we have here a vast widening of both the population that is to be vetted and of those with a right and requirement to access the records. Online, instantly.

The precise extent of this widening is not yet entirely clear. According to the Department for Education "individuals, parents and families" will be "able to make an instant online check" of the "barred status" of "nannies, music teachers, care workers, personal tutors". Parents will not however be committing an offence "if they employ someone who has not been through the central vetting process". So although failing to check will be a criminal offence, this will not apply to parents, who can view the system as voluntary. Those they employ, however, may well be committing a criminal offence if they have not put themselves forward for vetting; it will be an offence to put oneself forward for work with children "or vulnerable adults" if barred from doing so, and an offence to apply for such work without already being the subject of monitoring.

Given the size and complexity of the system it will probably (inevitably?) be possible for virtually anyone to obtain information on a vetted worker quite easily, possibly without risk (as policing and auditing accesses will be a massive task). It's possible that the information that's widely available will be confined to "barred status" (i.e. it may simply report whether or not the subject is cleared for work), but that's not necessarily wholly helpful; vigilantes, for example, might conclude that being barred, or simply not registered as available, meant "paedophile".

The precise status of those on the list also has some relevance. Earlier this year Education Secretary Ruth Kelly came close to being forced to resign after the discovery that registered sex offenders can and do work in British schools. The specific difficulty here was that those on the Sex Offenders Register are not necessarily on List 99, and those on List 99 are not necessarily registered as sex offenders. List 99, which bars unsuitable candidates from work in the education sector, has a rather wider catchment area than this, while some of those on the Sex Offenders Register will be there for fairly minor offences (ill-advised sex while mutually teenage might do the trick, as might a bit of drunken mooning or flashing) which do not necessarily involve children. Nor are people always put on the register for life - some are simply there for a fixed period, after which they are removed.

The usual public outcry, however, demanded that anyone who had been on the register should never be allowed to work with children, and (subject to our being able to check the small print) Kelly appears to have bravely given in. One fairly common example scenario however serves to indicate that the small print will need to have some fancy footwork in it. In some cases (including one of the ones which caused Kelly her recent problems) suspects have elected to accept a caution and being added to the Sex Offenders Register for a period. The police view is that acceptance of a caution is effectively an admission of guilt, but cautions are frequently offered by the police in cases where they may find it difficult to prove charges conclusively. So, someone perfectly legally (we make no moral judgment, and nor does the law) accessing adult porn on the Internet could find police claiming there are traces of child porn on their computer, and do they really want to be dragged through the courts and the newspapers while protesting their innocence? So they should take the caution rather than fight the case? Particularly if, as was the situation before the baying started, that did not necessarily bar them from working. But now it does. So does the new system just hang these people? And if it does, how loud might they shout?

Some considerable time will however elapse before the new converged, real-time register of everything ships. The DfES tells us that would be employees "will apply to the CRB [Criminal Records Bureau] for a vetting and barring report. The police will provide the CRB with relevant information, including convictions and cautions so that the new independent body can make a barring decision... Applications will start the process of continuous monitoring of police information about the individual, allowing the barring decision to be changed if any new information comes to light."

The "new independent body" will be a panel set up to take the blame, er, make the decisions over who is on the list and who is not. Its ability to do so, however, hinges on the police's ability to supply the "relevant information" and to keep it up to date in real time. In order to do this, the police need to have the IMPACT (Information Management, Prioritisation, Analysis, Co-ordination and Tasking) police information sharing programme fully implemented, and this (see Spy Blog for analysis) was recently put back from 2007 to 2010. This delay was spun by the Home Office as being a consequence of the planned strengthening of the system as a response to the Bichard Enquiry into the Soham murders (where you're recall systemic failures led to the employment of a child murderer by a school). And the new Safeguarding Vulnerable Groups measures announced today, Beverley Hughes told us this morning, will deal with "all of Michael Bichard's recommendations". So conceptually it all hangs together, but they'll be stringing it together for years, and don't go putting any money on it working by 2010. ®

Build a business case: developing custom apps

More from The Register

next story
Assange™: Hey world, I'M STILL HERE, ignore that Snowden guy
Press conference: ME ME ME ME ME ME ME (cont'd pg 94)
Premier League wants to PURGE ALL FOOTIE GIFs from social media
Not paying Murdoch? You're gonna get a right LEGALLING - thanks to automated software
Online tat bazaar eBay coughs to YET ANOTHER outage
Web-based flea market struck dumb by size and scale of fail
Amazon takes swipe at PayPal, Square with card reader for mobes
Etailer plans to undercut rivals with low transaction fee offer
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
US regulators OK sale of IBM's x86 server biz to Lenovo
Now all that remains is for gov't offices to ban the boxes
XBOX One will learn to play media from USB and DLNA sources
Hang on? Aren't those file formats you hardly ever see outside torrents?
Class war! Wikipedia's workers revolt again
Bourgeois paper-shufflers have 'suspended democracy', sniff unpaid proles
prev story


Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.