Feeds

Ministers spending billions on unlawful databases

Rowntree Trust unwraps everyday 'Transformational Government'

Next gen security for virtualised datacentres

A report on the Database State (pdf) claims that 40 out of 46 key government databases are not fit for purpose, and 11 of those are "almost certainly illegal under human rights or data protection law and should be scrapped or substantially redesigned".

The report comes as the government prepares to sneak legislation on data-sharing back into parliament despite an apparent U-turn on the idea earlier this month.

The report, published by the Joseph Rowntree Reform Trust today, looks at the true effects of "Transformational Government", and asks whether an approach designed to make public services better or cheaper – or both – is succeeding in its aims.

Amongst the report’s key findings are:

  • A quarter of the public-sector databases reviewed are almost certainly illegal under human rights or data protection law
  • Fewer than 15 per cent of the public databases assessed in this report are effective, proportionate or necessary, and again, most lack a proper legal basis for any privacy intrusions
  • Britain is out of line with other developed countries, where records on sensitive matters like healthcare and social services are held locally not centralised as in Britain
  • Many of the benefits claimed for data sharing are illusory, whilst little account is taken of the serious harm that this approach can inflict on vulnerable individuals
  • The current spend on IT within the UK public sector is over £16bn a year on IT, with (approximately) £100bn planned for the next five years: yet only about 30 per cent of government IT projects succeed.

So much for the big picture. The report uses a traffic light system to categorise systems as red (serious failings, in need of substantial redesign), amber (significant, worrying problems: may be unlawful) and green (basically sound).

The 11 red-lighted systems include many that will be familiar to El Reg’s readers. They are:

  • The National DNA Database
  • The National Identity Register (which is where id details are going to go)
  • ContactPoint (a national index of all children in England
  • The NHS Detailed Care Record (centralised GP and hospital records)
  • Secondary Uses Service (summaries of hospital and other treatment)
  • The electronic Common Assessment Framework (assessment of a child’s welfare needs)
  • ONSET (a Home Office system seeking to predict future offenders)
  • The DWP’s cross-departmental data sharing programme
  • The Audit Commission’s National Fraud Initiative (immune from breaches of confidentiality under the Serious and Organised Crime Act 2007)
  • The communications database (all UK communications traffic)
  • The Prüm Framework (data sharing for law enforcement within the EU)

The only systems that receive a green light are: IDENT1 (the National Fingerprint Database); The Vehicle and Operator Services Agency (VOSA) base; Driving Standards agency base (of recent test passes); The TV Licensing Database; The Land and Property Gazetteers base (a local set of bases carrying details on residential and commercial property; The Council Tax base.

One significant omission from the report is the proposed Vetting Database, due to go live this year, and likely to hold vetting details of everyone who wishes to apply for what will be known as a "regulated" job: between 11 million and 14 million individuals, eventually.

One of the key problems identified by this report is the extent to which government departments have identified what they see as the potential benefits of data-sharing, and simply pushed ahead with implementing the systems architecture to meet this objective, before the legal framework was in place. Many of the problems with lawfulness stem from the fact that data-sharing – or processing - of some form appears to be going on despite existing Data Protection strictures against it.

It is for this reason that the government introduced the now infamous clause 152 into the Coroners and Justice Bill, currently before Parliament. Although that clause has been temporarily withdrawn, this report highlights several dozen reasons why it is inevitable that it will be back.

Because of a strict interpretation of the law, government Ministers are presently deploying billions of pounds of taxpayer dosh – and are quite possibly doing so illegally.

The trouble is that those who should be taking action are now increasingly looking the other way. The report says: "There is a sense in the senior civil service and among politicians that the personal data issue is now career-threatening and toxic.

"Like Chernobyl, some brave souls need to go in and sort it out."

The report was compiled by a distinguished panel of experts, including Ross Anderson, who chairs the Foundation for Information Policy Research; Ian Brown, a senior research fellow at the Oxford Internet Institute; Terri Dowty, Director of Action on Rights for Children; and William Heath, who chairs the Open Rights Group and founded the public sector IT research business Kable. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Super Cali signs a kill-switch, campaigners say it's atrocious
Remote-death button bad news for crooks, protesters – and great news for hackers?
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
Don't even THINK about copyright violation, says Indian state
Pre-emptive arrest for pirates in Karnataka
The police are WRONG: Watching YouTube videos is NOT illegal
And our man Corfield is pretty bloody cross about it
Felony charges? Harsh! Alleged Anon hackers plead guilty to misdemeanours
US judge questions harsh sentence sought by prosecutors
prev story

Whitepapers

A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.