Feeds

Your census data will be kept secret - except from MI5, police, courts etc

New Labour attitudes buried in the fine print

Beginner's guide to SSL certificates

Like you, I have received my 2011 census form from the Office of National Statistics (ONS). The cover page prominently states, in bold, "Your personal information is protected by law. Census information is kept confidential for 100 years". Like you, perhaps, I have taken this statement at face value.

However, preparing for our Privacy Impact Assessment (PIA) course, I came across the PIA for the Census (PDF/502 KB) . Under the heading "Keeping census records confidential", the Census PIA states: "Other than for the purposes of conducting the census and in the circumstances set out in Section 39 of the Statistics and Registration Service Act 2007, it is unlawful for any member or employee of the UK Statistic Authority (which includes any member or employee of ONS) or any person who has received personal information directly or indirectly from the Authority, to disclosure such information"(paragraph 12.6.1).

The ONS website has a "Commitment to confidentiality and data security” which says something similar. It states: "All employees of both ONS and any appointed contractors working with Census data are bound by Regulations made under the 1920 Census Act and the confidentiality provisions of the Statistics and Registration Service Act 2007 (SRSA)."

So, unlike the absolute "confidentiality" statement on the census form itself, the website and PIA "confidentiality" reference is qualified by a reference to legislation dated 2007: a year when the then New Labour Government was highly addicted to its unnecessary mass surveillance legislation. To abuse M&S's well-known advertising campaign slogan one has to consider whether "this is not just confidentiality, this is New Labour confidentiality".

Section 39 of the Statistics and Registration Service Act 2007 is, so the Act says, about "Confidentiality of personal information"; in practice the section achieves the precise opposite. Section 39(1) begins well enough. It states that: "Subject to this section, personal information held by the Board in relation to the exercise of any of its functions must not be disclosed by (a) any member or employee of the Board, (b) a member of any committee of the Board, or (c) any other person who has received it directly or indirectly from the Board."

However, Section 39(4) then states that the disclosure prohibition in section 39(1) "does not apply to a disclosure which (take a deep breath):

a) is required or permitted by any enactment,

b) is required by a Community obligation,

c) is necessary for the purpose of enabling or assisting the Board to exercise any of its functions,

d) has already lawfully been made available to the public,

e) is made in pursuance of an order of a court,

f) is made for the purposes of a criminal investigation or criminal proceedings (whether or not in the United Kingdom),

g) is made, in the interests of national security, to an Intelligence Service,

h) is made with the consent of the person to whom it relates, or

i) is made to an approved researcher."

Section 39(4) therefore possesses all the hallmarks of New Labour's disdain for personal privacy. It is not a clause to protect confidentiality; it is a clause to remove that confidentiality.

I should add that the national security paragraph (ie section 39(4)(g)) was removed a year later by Schedule 1 of the Counter-Terrorism Act 2008 (PDF/488 KB). It was replaced by a provision to provided unfettered access to a full copy of the Electoral Register whenever any of the national security agencies wants a full copy.

Can we reflect on this for a second? The idea behind section 39(4)(g) was for Census officials to promise Census confidentiality and at the same time register the UK population with the national security agencies. The replacement idea is for citizens to register for a vote and also register an entry in a Security Service database. There has been no public debate about such mass surveillance, and as far as I can see, this data acquisition has little to do with terrorism. After all, those individuals intent on undermining a Parliamentary democracy are unlikely to want to vote in one.

Note also that in relation to disclosures in connection with crime, the threshold test adopted by Section 39(4)(f) is not the Data Protection test of "failure to disclose" causing "prejudice" to criminal investigation (see Section 29 of the DPA). Instead, the New Labour threshold was reduced to any disclosure made for a criminal investigation.

In relation to an "approved" researcher (the last in the Section 39(4) list), the Board can decide from "time to time to publish criteria by reference to which it will determine whether to grant access" to an approved researcher. Note that this means that there is no obligation for the Board to publish any criteria relating any other recipient in the Section 39(4) list. This in turn means that details about ONS disclosures subject to section 39(4)(a)-(h) can be kept conveniently out of the public gaze as there is no obligation to publish criteria for access.

It is interesting to note that in 2009, the department responsible for Education was not keen on Section 39(4) when it wanted to disclose pupil personal data to the ONS. So, in the "Statistics and Registration Service Act 2007 (Disclosure of Pupil Information) (England) Regulations 2009", the department changed the law to permit the disclosure of personal data about school pupils to the ONS, but also excluded any further disclosure by the ONS for purposes identified in paragraphs 39(4)(d) and 39(4)(f) to 39(4)(h). In particular, the regulations made any national security and crime disclosure unlawful.

If one department of State discovers it cannot stomach the broad reach of section 39(4) disclosures, I cannot see why those who complete the Census forms in a fortnight's time cannot be similarly protected.

No doubt ONS officials will vociferously state that there will be no such disclosure and that confidentiality is an absolute. This is technically correct as they can argue that the fact that Section 39(4) has disclosure provisions does not mean the Census personal data will actually be disclosed. However, it is also very clear that personal census information can be disclosed, with a considerable degree of secrecy, almost at the whim of ONS senior managers. And it is the existence of this possibility which is, quite frankly, unacceptable.

Ministers, if they want, can easily clarify the relationship between Section 39(4) disclosures and the personal details collected in the Census. Indeed, the "Protection of Freedoms Bill", currently under debate in Parliament, provides a vehicle to table an amendment that absolutely protects the Census personal details from such disclosures.

Any failure to make this necessary legislative change, or to make a statement concerning the application of section 39(4), provides evidence that the government is not prepared to commit itself to ensuring the confidentiality of the 2011 Census. In which case, the promise that "Your personal information is protected by law. Census information is kept confidential for 100 years"... is worthless.

This story originally appeared at HAWKTALK, the blog of Amberhawk Training Ltd.

Choosing a cloud hosting partner with confidence

More from The Register

next story
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Yes, yes, Steve Jobs. Look what I'VE done for you lately – Tim Cook
New iPhone biz baron points to Apple's (his) greatest successes
Lords take revenge on REVENGE PORN publishers
Jilted Johns and Jennies with busy fingers face two years inside
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.