Feeds

Did UK.gov break the law with its child database?

Whitehall promises answers on specs of binned ContactPoint

Build a business case: developing custom apps

Analysis Did the Department of Education (DoE) – or Children, Schools and Families (DCSF), as it was then known – knowingly break the law in its establishment of the ContactPoint database?

The instant answer is: we don’t know. However, a history of excuses, delay and avoidance of awkward questions is starting to mount up. If the department has nothing to hide, it is certainly acting as if it has.

Meanwhile, in a bizarre new development, the DoE contacted us to say that its previous refusal to reveal what data it had been planning to collect had been a mistake. In fact, the information coded as “commercially sensitive” was not after all commercially sensitive – and they are now free to release it to us.

The ContactPoint database was first mooted in 2004 as a response to failures in the social care system – most notoriously in the case of Victoria Climbié.

There, the fact that various case workers dealing with Victoria’s family failed to share their knowledge was considered to have contributed to the child’s eventual terrible death. As a result, the government determined that it would set up a database enabling any and every person likely to be called upon to look out for a child’s welfare to access current dealings with that child at the touch of a button.

That was the original vision: wide-ranging information about all children, available to all. It did not long survive public criticism, with fears that too much information on such a base would be a massive risk to child welfare in its own right. A slow but insistent whittling back of the categories of person allowed access to the base began.

Thus, from a base that would enable care workers and police to share information about children at risk, it dwindled to little more than a glorified interdepartmental telephone directory, linking the contact details of individuals who had had dealings with any particular child through a central online database. It would not even be available to all police or all care workers, being operated instead through a series of gatekeepers.

This, in turn, led to a number of arguments as to the numbers likely to have access to the database – and one of the first signs that the DCSF preferred to keep its good works hidden rather than see them exposed to the light of day. In 2008, following work by the Register looking at the categories that the government claimed would have access to the base, we suggested publically that far from the low figure trumpeted – of near 300,000 – the end result was likely to be closer to 1 million.

This was vigorously denied – but our story led, eventually, to a statement being sneaked out in the last days of the 2007/8 parliament to the effect that the numbers would be closer to 400,000 - or 25 per cent higher than originally announced.

However, the possible law-breaking lies in a rather different area. Instead of simply passing a law enabling the Secretary of State to set up a database for purposes of child protection, the Children Act 2004, refined by regulations published in 2007, went into mind-boggling detail as to what the Department might do. Section 12 of that Act reads rather more like a management data specification than UK legislation. It states that the Department may collect information such as the name, address, gender and date of birth, an identifying number and contact details of any person with parental responsibility.

Crucially, by including so much detail, it raises the possibility that collecting information not on this list is likely to be unlawful.

The categories of information included in that list are not many, nor are they difficult to capture. The largest cost, according to suppliers of systems of this kind, was likely to be around the ETL processes necessary for scraping contact details from a dozen or more different governmental systems in order to feed data into the ContactPoint base.

Nonetheless, the cost, widely publicised as £224m, looked well out of kilter with what was being proposed, and we began to wonder if the DCSF hadn’t actually exceeded its brief, and that it was not, in fact, collecting rather more than the legislation allowed.

An official statement from the DoE recently revealed: "The final total cost of setting up ContactPoint has not yet been determined but it will be less than the budget provision of £224m. The set-up costs cover the design, build and test of the system; however, the cost of coding and other individual elements of the work can not be separately identified."

Boost IT visibility and business value

More from The Register

next story
The police are WRONG: Watching YouTube videos is NOT illegal
And our man Corfield is pretty bloody cross about it
China hopes home-grown OS will oust Microsoft
Doesn't much like Apple or Google, either
Super Cali signs a kill-switch, campaigners say it's atrocious
Remote-death button bad news for crooks, protesters – and great news for hackers?
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Fast And Furious 6 cammer thrown in slammer for nearly three years
Man jailed for dodgy cinema recording of Hollywood movie
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Don't even THINK about copyright violation, says Indian state
Pre-emptive arrest for pirates in Karnataka
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Scale data protection with your virtual environment
To scale at the rate of virtualization growth, data protection solutions need to adopt new capabilities and simplify current features.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?