Feeds

Your census data will be kept secret - except from MI5, police, courts etc

New Labour attitudes buried in the fine print

Security for virtualized datacentres

Like you, I have received my 2011 census form from the Office of National Statistics (ONS). The cover page prominently states, in bold, "Your personal information is protected by law. Census information is kept confidential for 100 years". Like you, perhaps, I have taken this statement at face value.

However, preparing for our Privacy Impact Assessment (PIA) course, I came across the PIA for the Census (PDF/502 KB) . Under the heading "Keeping census records confidential", the Census PIA states: "Other than for the purposes of conducting the census and in the circumstances set out in Section 39 of the Statistics and Registration Service Act 2007, it is unlawful for any member or employee of the UK Statistic Authority (which includes any member or employee of ONS) or any person who has received personal information directly or indirectly from the Authority, to disclosure such information"(paragraph 12.6.1).

The ONS website has a "Commitment to confidentiality and data security” which says something similar. It states: "All employees of both ONS and any appointed contractors working with Census data are bound by Regulations made under the 1920 Census Act and the confidentiality provisions of the Statistics and Registration Service Act 2007 (SRSA)."

So, unlike the absolute "confidentiality" statement on the census form itself, the website and PIA "confidentiality" reference is qualified by a reference to legislation dated 2007: a year when the then New Labour Government was highly addicted to its unnecessary mass surveillance legislation. To abuse M&S's well-known advertising campaign slogan one has to consider whether "this is not just confidentiality, this is New Labour confidentiality".

Section 39 of the Statistics and Registration Service Act 2007 is, so the Act says, about "Confidentiality of personal information"; in practice the section achieves the precise opposite. Section 39(1) begins well enough. It states that: "Subject to this section, personal information held by the Board in relation to the exercise of any of its functions must not be disclosed by (a) any member or employee of the Board, (b) a member of any committee of the Board, or (c) any other person who has received it directly or indirectly from the Board."

However, Section 39(4) then states that the disclosure prohibition in section 39(1) "does not apply to a disclosure which (take a deep breath):

a) is required or permitted by any enactment,

b) is required by a Community obligation,

c) is necessary for the purpose of enabling or assisting the Board to exercise any of its functions,

d) has already lawfully been made available to the public,

e) is made in pursuance of an order of a court,

f) is made for the purposes of a criminal investigation or criminal proceedings (whether or not in the United Kingdom),

g) is made, in the interests of national security, to an Intelligence Service,

h) is made with the consent of the person to whom it relates, or

i) is made to an approved researcher."

Section 39(4) therefore possesses all the hallmarks of New Labour's disdain for personal privacy. It is not a clause to protect confidentiality; it is a clause to remove that confidentiality.

I should add that the national security paragraph (ie section 39(4)(g)) was removed a year later by Schedule 1 of the Counter-Terrorism Act 2008 (PDF/488 KB). It was replaced by a provision to provided unfettered access to a full copy of the Electoral Register whenever any of the national security agencies wants a full copy.

Can we reflect on this for a second? The idea behind section 39(4)(g) was for Census officials to promise Census confidentiality and at the same time register the UK population with the national security agencies. The replacement idea is for citizens to register for a vote and also register an entry in a Security Service database. There has been no public debate about such mass surveillance, and as far as I can see, this data acquisition has little to do with terrorism. After all, those individuals intent on undermining a Parliamentary democracy are unlikely to want to vote in one.

Note also that in relation to disclosures in connection with crime, the threshold test adopted by Section 39(4)(f) is not the Data Protection test of "failure to disclose" causing "prejudice" to criminal investigation (see Section 29 of the DPA). Instead, the New Labour threshold was reduced to any disclosure made for a criminal investigation.

In relation to an "approved" researcher (the last in the Section 39(4) list), the Board can decide from "time to time to publish criteria by reference to which it will determine whether to grant access" to an approved researcher. Note that this means that there is no obligation for the Board to publish any criteria relating any other recipient in the Section 39(4) list. This in turn means that details about ONS disclosures subject to section 39(4)(a)-(h) can be kept conveniently out of the public gaze as there is no obligation to publish criteria for access.

It is interesting to note that in 2009, the department responsible for Education was not keen on Section 39(4) when it wanted to disclose pupil personal data to the ONS. So, in the "Statistics and Registration Service Act 2007 (Disclosure of Pupil Information) (England) Regulations 2009", the department changed the law to permit the disclosure of personal data about school pupils to the ONS, but also excluded any further disclosure by the ONS for purposes identified in paragraphs 39(4)(d) and 39(4)(f) to 39(4)(h). In particular, the regulations made any national security and crime disclosure unlawful.

If one department of State discovers it cannot stomach the broad reach of section 39(4) disclosures, I cannot see why those who complete the Census forms in a fortnight's time cannot be similarly protected.

No doubt ONS officials will vociferously state that there will be no such disclosure and that confidentiality is an absolute. This is technically correct as they can argue that the fact that Section 39(4) has disclosure provisions does not mean the Census personal data will actually be disclosed. However, it is also very clear that personal census information can be disclosed, with a considerable degree of secrecy, almost at the whim of ONS senior managers. And it is the existence of this possibility which is, quite frankly, unacceptable.

Ministers, if they want, can easily clarify the relationship between Section 39(4) disclosures and the personal details collected in the Census. Indeed, the "Protection of Freedoms Bill", currently under debate in Parliament, provides a vehicle to table an amendment that absolutely protects the Census personal details from such disclosures.

Any failure to make this necessary legislative change, or to make a statement concerning the application of section 39(4), provides evidence that the government is not prepared to commit itself to ensuring the confidentiality of the 2011 Census. In which case, the promise that "Your personal information is protected by law. Census information is kept confidential for 100 years"... is worthless.

This story originally appeared at HAWKTALK, the blog of Amberhawk Training Ltd.

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.