Should your system offer Mr, Ms ... and Mx?

Time to phase gender out of your databases

5 things you didn’t know about cloud backup

Analysis Last week the Australian government announced new rules for declaring a gender on passports. This week UK authorities revealed they are conducting their own review of gender on passports. What are the implications for systems design and management?

The Australian move follows increasing pressure from transgender and intersex lobbyists to alleviate difficulties they encounter when crossing borders, where there is variance between someone's apparent gender and what is written on a document. In some countries, such difference can pose a real risk, and the problem has only intensified with the introduction of body scanners at many airports.

The Australian proposal is pretty tame in system terms. It allows passports to be marked M or F according to an individual’s recognised gender; intersex individuals may opt for an X for "unspecified" – or "intersex" – although there remains some argument as to whether the X category was ever intended to be used in this way.

This does not change the underlying systems. Rules are set by the International Civil Aviation Organisation (ICAO), whose lengthy standards – obligatory for countries wishing to issue machine-readable travel documentation – explain that sex is mandatory and already allow three values in the machine-readable area of passports: M, F or <.

The main objection is practical: is travelling on a passport that marks you out as intersex a good idea?

The UK debate, however, goes further. The official Home Office position is that they are looking at "the gender options available to customers in the British passport". Asked to clarify, a spokesman added that the statement should be taken at face value.

And in the end, nothing much may happen: the review is wide-ranging, but that does not make change inevitable.

Gender change on a need-to-not-know basis

So, regardless of the review's outcome, it's business as usual? Not quite, because the genie may be out of the bottle in terms of gender and documentation in two ways. First, the Gender Recognition Act 2004 (GRA) and new Equality Law last year both place discrimination centre stage and create real difficulties for systems that archive the past or regard gender as immutable.

The GRA allows an individual to effectively re-register their birth, gender-wise. John becomes – and always has been – Jane? Sort of. The catch within the GRA (section 22) is that the fact that an individual has "changed" gender by this route is “protected information”: it is a criminal offence to disclose such information except for very specific purposes – and the offence is “strict liability”, so ignorance is no excuse.

One of the better practice models in this respect is UK credit-referencing agency Experian: there, once gender has been changed by means of a gender recognition certificate (GRC), the old version is completely overwritten as though it had never existed.

In systems terms, the GRA may require a review of archiving policy: because careless archiving that leaves old gender information available to staff could lead to a fine. Added care is also needed in respect of offline work: staff must be fully aware of the consequences of disclosure.

A further joker in the pack is the fact that unless personal information creates specific advantage to an individual, it is possible to change gender designation (and title) within many systems at will. The NHS is one: it is perfectly possible to obtain a new record in one’s identified gender simply by writing to your primary care trust.

Should any such change be linked to what went before? Probably not, since it is not always possible to know whether the request is backed by a GRC (see above). Can you challenge this? Again, organisations are on difficult ground here, since checking gender might itself be discriminatory – and, besides, it implies that processing of data is done differently depending on gender, which under equality law is only permitted in very specific situations.

One organisation that came a cropper in this respect is credit-referencing agency Equifax. Their procedures for dealing with GRCs are immaculate, but when it comes to simple name change, they had different processing and data architecture rules according to whether the individual was female and changed name for marriage purposes – or did so for any other reason. Equifax is now putting this right: but the resources and costs required to do so are not trivial. The company said it had appointed a senior IT team to correct the problem.

The proportion of the population that is transgendered is small: but in order to comply fully with legal obligations, systems must be able to deal with the gender implications of even one customer being trans.

Intersex adds a further complication: if the government now begins to look at this minority, the numbers are greater (2 to 4 per cent of the population depending on definition and estimate) and different segments of the community want different solutions.

Some would like simply to identify as one of the two currently recognised genders, some want to opt out of gender definition altogether (“unspecified”); yet others would like recognition as a third gender. There is no consensus. However, the implications for system designers range from trivial to major.

For example: some intersex individuals now style themselves Mx (as opposed to Mr, Miss, etc. and pronounce it “mix”). Some systems – those that restrict title to a pre-set list – will reject that out of hand. But should intersex gain formal legal recognition, systems will need to be capable of recognising and processing Mx. What happens if the review of gender in documents goes beyond passports? Many women would happily dispense with gender being recorded, while a key debate in this respect – on the abolition of ID cards – brought up the idea that gender should be removed from official documents unless absolutely necessary.

Existing law means that there are almost no circumstances where gender should be used for scoring purposes or selection – though those operating marketing systems may well use it to target offers and change the tone of advertising. It's unlawful as one high street bank found a few years back when it recruited student customers with gendered incentives: a free calculator for the lads and a mirror for the lasses.

Problems potentially exist already for organisations in two circumstances: where gender is mandatory for processing purposes, and/or where it is used in follow-up processing, even for something as innocuous as setting title.

Until recently, for instance, simply identifying yourself as “Ms” caused difficulties when applying for a criminal record check: the criminal records system contained a presumption that anyone with this title might have been married and possesses a previous (non-declared) name. This led to delays in handling applications, which, in turn, was discriminatory and unlawful – although, according to the Home Office, the issue was fixed in July 2010 and all applicants are now asked for birth and current names.

Still, that hasn’t stopped some organisations, apparently, regarding Ms as a title that an individual can only claim if they have been married – and refusing to process applications if a Ms has not yet tied the knot.

Forget gender, avoid problems

The lessons appear to be twofold. Equality legislation already requires organisations to not use gender in their processing, unless demonstrably necessary. Anyone doing so without need should clean up their act – or they are a walking target for anyone with a litigious bent.

Government ponderings on gender, whether or not limited to passport, should have little impact on systems already compliant: a shift in legal emphasis would be likely, however, to expose non-compliant systems.

The solution, though, both for future-proofing and current compliance, is relatively simple: start now to disconnect gender from anything that is mandatory, anything that is required within your processes. Where there is a choice between limiting gender options and leaving them open-ended, go for the latter.

If no change follows, there should be little harm done, but if, at some point in the next decade, all individuals obtain the right to not be gendered unless absolutely necessary, your systems will already be prepared. ®

Build a business case: developing custom apps

More from The Register

next story
True fact: 1 in 4 Brits are now TERRORISTS
YouGov poll reveals terrible truth about the enemy within
Hello, police, El Reg here. Are we a bunch of terrorists now?
Do Brits risk arrest for watching beheading video nasty? We asked the fuzz
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
NBN Co claims 96 mbps download speeds for FTTN trial
Umina trial also delivers 30 mbps uploads, but exact rig used not revealed
Don't even THINK about copyright violation, says Indian state
Pre-emptive arrest for pirates in Karnataka
prev story


Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?