Feeds

ID Card database to be used as population register

Personal data to be shared without consent

High performance access to file storage

The Government announced last week that data from the National Identity Register (NIR) will also be used as an adult population register for a range of novel data sharing functions.

The Office of National Statistics had promoted a separate adult population register as part of the Citizen Information Project (CIP) for these functions, but the announcement states that the CIP project has been wound up and its functions incorporated into the wider use of NIR data. The announcement also changes many undertakings given to Parliament when it considered the ID Card legislation.

Minutes released in relation to the CIP show the NIR will be used in conjunction with the Census and could check that citizens are eligible to vote at elections. Data from the NIR will also be shared with many public authorities so they can update their databases without the consent of the cardholder. Other changes also envisage the storage of medical records as part of the NIR.

When these plans are put into effect, personal data from the NIR will be used for purposes unconnected with crime, terrorism, illegal employment and immigration - the only purposes mentioned by Labour in its manifesto prepared for the 2005 General Election. The manifesto is important as the ID Card Act passed its Parliamentary stages in March after a dispute between the House of Commons and Lords over its wording.

Minutes of meetings available on the CIP's website (7 page/22KB PDF) show that the Home Office:

  • "has responsibility for delivering an adult population register that enables basic contact data held on NIR to be downloaded to other public sector stakeholders" (The "Treasury and Cabinet Office should ensure that NIR delivers CIP functionality as planned");
  • "takes responsibility for ensuring from around 2021 basic contact data held by stakeholders can be up-loaded to the NIR";
  • "should design the take-up profile of the NIR to be such that population statistics can be realised for the 2021 census".

The CIP's final report (29 page/404KB PDF) states (at page 17), that secondary legislation will allow "public services to be provided with NIR data without the need to obtain specific citizen consent".

This wide ranging access to NIR data without consent of the citizen is a change from the explanations given to Parliament when it considered the ID Card legislation. On 5 October, MPs were told by Parliamentary under secretary Andy Burnham that: "Direct access to information held on the National Identity Register by anyone outside those responsible for administering the scheme will not be possible, only requests for information can be made by third parties. In the vast majority of cases, verification of information on the register will only be possible with the person's consent."

In October 2005, the Home Secretary reinforced this message and told the House of Commons: "What the Bill allows is for information to be provided from the register either with the consent of the individual or without that consent in strictly limited circumstances in accordance with the law of the land."

On 10 January 2005, the CIP wrote to the Office of the Deputy Prime Minister saying that: "The ID Card would seem to provide a logical way to confirm the identity and eligibility to vote in the longer term" and that the Electoral Register holds the same information on the NIR and that "there would seem scope here for collaboration between the two systems". On 13th February 2006, the Government stated: "There is currently no proposal for these specifications to provide for two-way data-sharing with the proposed identity cards register".

The CIP final report provides examples of how NIR data could be used:

  • "DWP targeting the 300,000 eligible citizens not currently claiming pensions";
  • Taxation authorities "contacting employees required to complete self assessment";
  • Managing passport application peaks by getting customers to apply early;
  • Department for Education and Skills "tracing children at risk via their guardians addresses";
  • "Local councils collecting debt from citizens who have moved to another authority";
  • "NHS targeting specific citizen groups for screening campaigns"; and
  • "reducing the overall administrative burden on bereaved people"

The Sunday Times reported on 23 April that ministers are considering whether or not to enter health personal details as part of the ID Card holder's details in the NIR. The newspaper reports that: "the Home Office wants cardholders to put personal health information on the cards to give doctors information for emergencies. Cardholders will also be urged to volunteer details of blood group, allergies, and whether they wish to donate organs".

Although the storage of these medical details will require the consent of the cardholder, the step changes the position as stated during the passage of the ID Cards Bill. In the House of Lords, Baroness Scotland of Asthal told Peers on 30 January 2006 that it is clear that the register will not contain health records as "any addition to the list of information in Schedule 1 (the part of the ID Card legislation which describes the content of the NIR) would have to be consistent with the statutory purposes, which in effect rules out any possibility of adding, for example, medical or criminal records".

The CIP Minutes also show that a draft of the 18 April announcement was prepared for release nine months earlier. The minutes state: "The board noted that the timing of the CIP announcement needed to be considered against the ID Cards programme."

Copyright © 2006, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

High performance access to file storage

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Big Content goes after Kim Dotcom
Six studios sling sueballs at dead download destination
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.