Feeds

Ministers spending billions on unlawful databases

Rowntree Trust unwraps everyday 'Transformational Government'

Secure remote control for conventional and virtual desktops

A report on the Database State (pdf) claims that 40 out of 46 key government databases are not fit for purpose, and 11 of those are "almost certainly illegal under human rights or data protection law and should be scrapped or substantially redesigned".

The report comes as the government prepares to sneak legislation on data-sharing back into parliament despite an apparent U-turn on the idea earlier this month.

The report, published by the Joseph Rowntree Reform Trust today, looks at the true effects of "Transformational Government", and asks whether an approach designed to make public services better or cheaper – or both – is succeeding in its aims.

Amongst the report’s key findings are:

  • A quarter of the public-sector databases reviewed are almost certainly illegal under human rights or data protection law
  • Fewer than 15 per cent of the public databases assessed in this report are effective, proportionate or necessary, and again, most lack a proper legal basis for any privacy intrusions
  • Britain is out of line with other developed countries, where records on sensitive matters like healthcare and social services are held locally not centralised as in Britain
  • Many of the benefits claimed for data sharing are illusory, whilst little account is taken of the serious harm that this approach can inflict on vulnerable individuals
  • The current spend on IT within the UK public sector is over £16bn a year on IT, with (approximately) £100bn planned for the next five years: yet only about 30 per cent of government IT projects succeed.

So much for the big picture. The report uses a traffic light system to categorise systems as red (serious failings, in need of substantial redesign), amber (significant, worrying problems: may be unlawful) and green (basically sound).

The 11 red-lighted systems include many that will be familiar to El Reg’s readers. They are:

  • The National DNA Database
  • The National Identity Register (which is where id details are going to go)
  • ContactPoint (a national index of all children in England
  • The NHS Detailed Care Record (centralised GP and hospital records)
  • Secondary Uses Service (summaries of hospital and other treatment)
  • The electronic Common Assessment Framework (assessment of a child’s welfare needs)
  • ONSET (a Home Office system seeking to predict future offenders)
  • The DWP’s cross-departmental data sharing programme
  • The Audit Commission’s National Fraud Initiative (immune from breaches of confidentiality under the Serious and Organised Crime Act 2007)
  • The communications database (all UK communications traffic)
  • The Prüm Framework (data sharing for law enforcement within the EU)

The only systems that receive a green light are: IDENT1 (the National Fingerprint Database); The Vehicle and Operator Services Agency (VOSA) base; Driving Standards agency base (of recent test passes); The TV Licensing Database; The Land and Property Gazetteers base (a local set of bases carrying details on residential and commercial property; The Council Tax base.

One significant omission from the report is the proposed Vetting Database, due to go live this year, and likely to hold vetting details of everyone who wishes to apply for what will be known as a "regulated" job: between 11 million and 14 million individuals, eventually.

One of the key problems identified by this report is the extent to which government departments have identified what they see as the potential benefits of data-sharing, and simply pushed ahead with implementing the systems architecture to meet this objective, before the legal framework was in place. Many of the problems with lawfulness stem from the fact that data-sharing – or processing - of some form appears to be going on despite existing Data Protection strictures against it.

It is for this reason that the government introduced the now infamous clause 152 into the Coroners and Justice Bill, currently before Parliament. Although that clause has been temporarily withdrawn, this report highlights several dozen reasons why it is inevitable that it will be back.

Because of a strict interpretation of the law, government Ministers are presently deploying billions of pounds of taxpayer dosh – and are quite possibly doing so illegally.

The trouble is that those who should be taking action are now increasingly looking the other way. The report says: "There is a sense in the senior civil service and among politicians that the personal data issue is now career-threatening and toxic.

"Like Chernobyl, some brave souls need to go in and sort it out."

The report was compiled by a distinguished panel of experts, including Ross Anderson, who chairs the Foundation for Information Policy Research; Ian Brown, a senior research fellow at the Oxford Internet Institute; Terri Dowty, Director of Action on Rights for Children; and William Heath, who chairs the Open Rights Group and founded the public sector IT research business Kable. ®

Intelligent flash storage arrays

More from The Register

next story
Scrapping the Human Rights Act: What about privacy and freedom of expression?
Justice minister's attack to destroy ability to challenge state
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Hey Brit taxpayers. You just spent £4m on Central London ‘innovation playground’
Catapult me a Mojito, I feel an Digital Innovation coming on
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
EU to accuse Ireland of giving Apple an overly peachy tax deal – report
Probe expected to say single-digit rate was unlawful
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
EU probes Google’s Android omerta again: Talk now, or else
Spill those Android secrets, or we’ll fine you
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.