Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

A report on the Database State (pdf) claims that 40 out of 46 key government databases are not fit for purpose, and 11 of those are "almost certainly illegal under human rights or data protection law and should be scrapped or substantially redesigned".

The report comes as the government prepares to sneak legislation on data-sharing back into parliament despite an apparent U-turn on the idea earlier this month.

Amongst the report’s key findings are:

• A quarter of the public-sector databases reviewed are almost certainly illegal under human rights or data protection law
• Fewer than 15 per cent of the public databases assessed in this report are effective, proportionate or necessary, and again, most lack a proper legal basis for any privacy intrusions
• Britain is out of line with other developed countries, where records on sensitive matters like healthcare and social services are held locally not centralised as in Britain
• Many of the benefits claimed for data sharing are illusory, whilst little account is taken of the serious harm that this approach can inflict on vulnerable individuals
• The current spend on IT within the UK public sector is over £16bn a year on IT, with (approximately) £100bn planned for the next five years: yet only about 30 per cent of government IT projects succeed.

So much for the big picture. The report uses a traffic light system to categorise systems as red (serious failings, in need of substantial redesign), amber (significant, worrying problems: may be unlawful) and green (basically sound).

The 11 red-lighted systems include many that will be familiar to El Reg’s readers. They are:

• The National DNA Database
• The National Identity Register (which is where id details are going to go)
• ContactPoint (a national index of all children in England
• The NHS Detailed Care Record (centralised GP and hospital records)
• Secondary Uses Service (summaries of hospital and other treatment)
• The electronic Common Assessment Framework (assessment of a child’s welfare needs)
• ONSET (a Home Office system seeking to predict future offenders)
• The DWP’s cross-departmental data sharing programme
• The Audit Commission’s National Fraud Initiative (immune from breaches of confidentiality under the Serious and Organised Crime Act 2007)
• The communications database (all UK communications traffic)
• The Prüm Framework (data sharing for law enforcement within the EU)

The only systems that receive a green light are: IDENT1 (the National Fingerprint Database); The Vehicle and Operator Services Agency (VOSA) base; Driving Standards agency base (of recent test passes); The TV Licensing Database; The Land and Property Gazetteers base (a local set of bases carrying details on residential and commercial property; The Council Tax base.

One significant omission from the report is the proposed Vetting Database, due to go live this year, and likely to hold vetting details of everyone who wishes to apply for what will be known as a "regulated" job: between 11 million and 14 million individuals, eventually.

One of the key problems identified by this report is the extent to which government departments have identified what they see as the potential benefits of data-sharing, and simply pushed ahead with implementing the systems architecture to meet this objective, before the legal framework was in place. Many of the problems with lawfulness stem from the fact that data-sharing – or processing - of some form appears to be going on despite existing Data Protection strictures against it.

It is for this reason that the government introduced the now infamous clause 152 into the Coroners and Justice Bill, currently before Parliament. Although that clause has been temporarily withdrawn, this report highlights several dozen reasons why it is inevitable that it will be back.

Because of a strict interpretation of the law, government Ministers are presently deploying billions of pounds of taxpayer dosh – and are quite possibly doing so illegally.

The trouble is that those who should be taking action are now increasingly looking the other way. The report says: "There is a sense in the senior civil service and among politicians that the personal data issue is now career-threatening and toxic.

"Like Chernobyl, some brave souls need to go in and sort it out."

The report was compiled by a distinguished panel of experts, including Ross Anderson, who chairs the Foundation for Information Policy Research; Ian Brown, a senior research fellow at the Oxford Internet Institute; Terri Dowty, Director of Action on Rights for Children; and William Heath, who chairs the Open Rights Group and founded the public sector IT research business Kable. ®

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider