How the gov's child protection database fails to add up
Risk-averse authorities likely to treble access
Comment A day after yet another case of a child brutalised in its own home, despite massive intervention from a range of support services, hits the headlines, The Register takes a closer look at what the government has led the public to believe in respect of the ContactPoint database.
One "fact" that has been repeated ad nauseam by government ministers – and apparently swallowed hook line and sinker by the press – is that ContactPoint is likely to allow just 330,000 officials across England to "use" the contact details for children on the system. That total is already too high for many critics.
So we wonder what the reaction will be to the revelation that the number with "access" could top the million mark? Pay close attention to the choice of words here: government ministers have drawn a distinction between "use" and "access", which could be no more than careless use of language, or a much more deliberate misleading of the public over the scope of an increasingly unpopular project.
We have looked closely at the categories of individual that the DCSF claims will be able to access ContactPoint. These are set out in the Children Act 2004, refined by regulations published in 2007 and repeated by the Minister last week.
Using even conservative estimates of the proportion of each of the categories listed that will have access to ContactPoint, The Register comes up with a figure of just over one million. If the Department of Children, Schools and Families wishes to take issue with us, we are more than happy to share our spreadsheet model with them.
Ah yes, but surely access will only be on a "need to know" basis? We think not. There are three reasons for this.
The government case for ContactPoint is based on two arguments: first that tragedies such as the Victoria Climbié case would not have happened, had all the agencies that could have intervened been able easily to note that the child was already of concern to other agencies. The fact that this argument is wholly fallacious in the case of Victoria Climbié, who was subject to multiple interventions before her death, has never prevented ministers from repeating it.
However, the fear that this argument introduces into the equation is real enough. Managers of any body that might end up carrying the can for future failures will do all in their power to prevent being stuck with the blame. So the likelihood is that managers will err on the side of caution or (personal) risk minimisation. Better to have as many people in your department as possible able to access a child's details, than to perhaps one day have to explain why a particular child could have been saved had access been more widely distributed.
Earlier in the year, The Register looked at the numbers behind the government's proposed vetting database and came up with figures significantly higher than those put forward by government. The difference? We used the same approach, but counted those who were likely to end up being vetted in today's blame-averse culture, as opposed to those who needed to be vetted.
Second, as the government is at pains to point out, ContactPoint will pay for itself many times over in time saved by practitioners at every level. Such benefit is likely to be reduced significantly if teams have some individuals with access, and some without.
Finally, a factor that might add slightly to the final tally, is the way in which authorisation to use the system is managed. When an individual leaves their place of employment, the government guidelines suggest they should be stripped of their access to ContactPoint. We suspect, however, that where individuals are simply moved sideways, human nature will lead to some continuing to have access long after they strictly no longer need to know.
Where did the original figure of 330,000 come from? We have asked the DCSF, but at time of writing have had no answer. Our guess is that when the estimate was first drawn up, some use was made of responses to questionnaires sent out to local councils. An original survey was sent out last year, with a follow-up apparently due to be completed in September 2008.
If that is the case – and without DCSF confirmation we cannot be sure – then the estimation method may be badly flawed. Asking councils about their likely take-up of a new system nearly two years before it goes live is akin to product research that asks consumers about buying intentions for a non-existent product. It doesn't work.
Matters may be further complicated by suggestions that some individuals may need more than one log-on. This is because the system is designed so that users can only see data appropriate to their current role, which could be an issue for users with multiple roles.
Apart from the implications such an increase in numbers might have for security, there is the slight technical matter of whether the database has been designed with scaleability in mind. A system designed for 330,000 users is a very different beast from one designed for one million, and could suffer accordingly. ®
How we reached our numbers
Our model starts with the categories that may have access to the new ContactPoint database and simply counts up from there. Before we hear cries of “that’s unrealistic”, we have also applied some very serious downward weightings on some groups, on the grounds of common sense.
We suspect our approach is different from that of the DCSF, as they will have started with Local Authority intentions – which, as experience of the Vetting Database shows, can very quickly be overtaken by events.
From the model:
|General practitioners||s 2 of the appropriate regs||196,814||157,451||Downweighted for England and some non-takeup – but assume about 80 per cent in total|
|Chiropractors||As above||n/a||0||We cannot believe any significant number of chiropractors will access the database|
|Police||s.3||184,710||166,239||Slight downweight – but do we believe, in the long run this base will not be available to all officers? Also, no count included for other employees, who are included in this section|
|Teaching Staff||s.9||767,050||153,410||Significant downweight, but given the number of categories intended to be allowed access, not unrealistic|
The categories listed above are just examples of the categories drawn from our model. We have of course also included some nursing staff, social workers, midwives, health visitors - and more besides.
Where our model may actually be far too conservative is over the question of administrative staff who will have access to ContactPoint. These are included in the government guidelines, but are much vaguer than the above categories.
"The statement "One million people will have access to information on your child" is false."
Nope, it's not provably true.
You already said that you don't know if they are even USING the access control. So you can't say that the statement is false.
The Future of ContactPoint
I do have a major concern about ContactPoint. In years to come, there will be a record on the DB of every single person in the country (just about).
What will happen to the records when the children hit 18 years old? Deleted? Yes, they'll be deleted from the database, but who wants to bet they won't be archived indefinitely?, or transferred somewhere else such as another secretive government agency.
George Orwell eat your heart out.
It's pretty obvious what will happen, even if the ministers today bleat on that it won't. It sure as hell will.
One Million People
The idea that one million people will have access to the data is not a complete statement of the situation.
The figure is quite possibly valid and is reasonable to quote this figure if you want to highlight the chance that the higher the number of people accessing the data, the greater is the chance for abuse.
From the technical document I've seen pertaining to the XML data definition for data upload to the database, there does appear to be some level of access control, quite whether it's sufficient I can not say from the limited information I have, but for one child record, it's not going to be the case that 1 million people will have access to it.
The statement "One million people will have access to information on your child" is false.
The statement "One million people will have access to the database", may be true.