Did UK.gov break the law with its child database?

Whitehall promises answers on specs of binned ContactPoint

Analysis Did the Department of Education (DoE) – or Children, Schools and Families (DCSF), as it was then known – knowingly break the law in its establishment of the ContactPoint database?

The instant answer is: we don’t know. However, a history of excuses, delay and avoidance of awkward questions is starting to mount up. If the department has nothing to hide, it is certainly acting as if it has.

Meanwhile, in a bizarre new development, the DoE contacted us to say that its previous refusal to reveal what data it had been planning to collect had been a mistake. In fact, the information coded as “commercially sensitive” was not after all commercially sensitive – and they are now free to release it to us.

The ContactPoint database was first mooted in 2004 as a response to failures in the social care system – most notoriously in the case of Victoria Climbié.

There, the fact that various case workers dealing with Victoria’s family failed to share their knowledge was considered to have contributed to the child’s eventual terrible death. As a result, the government determined that it would set up a database enabling any and every person likely to be called upon to look out for a child’s welfare to access current dealings with that child at the touch of a button.

That was the original vision: wide-ranging information about all children, available to all. It did not long survive public criticism, with fears that too much information on such a base would be a massive risk to child welfare in its own right. A slow but insistent whittling back of the categories of person allowed access to the base began.

Thus, from a base that would enable care workers and police to share information about children at risk, it dwindled to little more than a glorified interdepartmental telephone directory, linking the contact details of individuals who had had dealings with any particular child through a central online database. It would not even be available to all police or all care workers, being operated instead through a series of gatekeepers.

This, in turn, led to a number of arguments as to the numbers likely to have access to the database – and one of the first signs that the DCSF preferred to keep its good works hidden rather than see them exposed to the light of day. In 2008, following work by the Register looking at the categories that the government claimed would have access to the base, we suggested publically that far from the low figure trumpeted – of near 300,000 – the end result was likely to be closer to 1 million.

This was vigorously denied – but our story led, eventually, to a statement being sneaked out in the last days of the 2007/8 parliament to the effect that the numbers would be closer to 400,000 - or 25 per cent higher than originally announced.

However, the possible law-breaking lies in a rather different area. Instead of simply passing a law enabling the Secretary of State to set up a database for purposes of child protection, the Children Act 2004, refined by regulations published in 2007, went into mind-boggling detail as to what the Department might do. Section 12 of that Act reads rather more like a management data specification than UK legislation. It states that the Department may collect information such as the name, address, gender and date of birth, an identifying number and contact details of any person with parental responsibility.

Crucially, by including so much detail, it raises the possibility that collecting information not on this list is likely to be unlawful.

The categories of information included in that list are not many, nor are they difficult to capture. The largest cost, according to suppliers of systems of this kind, was likely to be around the ETL processes necessary for scraping contact details from a dozen or more different governmental systems in order to feed data into the ContactPoint base.

Nonetheless, the cost, widely publicised as £224m, looked well out of kilter with what was being proposed, and we began to wonder if the DCSF hadn’t actually exceeded its brief, and that it was not, in fact, collecting rather more than the legislation allowed.

An official statement from the DoE recently revealed: "The final total cost of setting up ContactPoint has not yet been determined but it will be less than the budget provision of £224m. The set-up costs cover the design, build and test of the system; however, the cost of coding and other individual elements of the work can not be separately identified."

Sponsored: Network DDoS protection