Child and data protection

Government IT cock ups (over budget, under specified, not working) are a perennial at the moment. The latest concerns ContactPoint, a database for the handling of information about all children in the UK. Its main aim is to let professionals that deal with children (teachers, social workers, GPs and so on) to know who else has been dealing with a particular ‘case’. That way, it’s hoped, the Victoria Climbie death won’t be repeated: if, let’s say, a teacher spots evidence of a problem, whether it be health or abuse or whatever, they can check to see if anyone is dealing with it, instead of assuming that social services or the GP is handling it.

Now the problem with all this data sharing for child protection is that it goes against data protection principles. If people can look up data to do good, they can look up data to do bad things too. Apparently the contractors are now trying to put in place ‘shielding’, so that the address of the child isn’t visible if that is requested by the local authority with the case. The database is delayed.

Of course, many of the kids who are vulnerable aren’t even known to the authorities, never mind the local council, so it will end up shutting stable doors after the horses have bolted. More importantly, this data is leaking all over the place, and I don’t just mean due to lost laptops, memory sticks and CDs.

Stupidly, the government allows everyone to search through all kinds of personal data. I’ve recently found out about genealogy databases. If you want to search for a person (including children), you can subscribe to one of the many websites that collates births, deaths and marriages data from the registry, and publishes them online. Ancestry has everything up to 2005, but I’m sure I’ve seen sites with more recent data. If you know the town someone lives in you can look at the electoral register, and the edited version of this is online too. Then there are all the other commercial databases (Experian and the like), that can be searched once you know someone’s name and address.

Then it seems possible to order birth, death and marriage certificates on line, if you know the full details (which you found out at Ancestry). This makes identity theft really easy. Mmm. They’ve thought about data protection and then created policies that have so many holes the protection is non-existent (see here). Only the state can make copies of the certificates, but anyone can ask for them with the flimsiest of reasons (genealogy research, record keeping!). As long as you promise not to use it for fraud or to break the copyright!!!

Advertisement

Girls and crime: media and statistics again

All day I’ve heard and seen headlines stating ‘crimes by girls rise by a quarter’. And all day they’ve been wrong.

The BBC said ‘The number of crimes committed by girls in England and Wales has gone up by 25% in three years, according to figures’. What they should have said is the ‘number of offences committed and resulting in a disposal by young females rose by 25%’ (the Youth Justice Board’s report). That’s not the number of crimes committed, but those detected by police, with enough evidence and a known suspect, and so a official caution or conviction in a court. Definitely not the same thing.

It might be because girls are committing more crime. Or it could be because the police are getting better at catching girls, or previously let them off with a ticking off (because they were female), or because the nature of their offending is changing, or because policing is changing, and so on. Indeed, it’s even possible that changes in the law mean that some things young women were more likely to do are now crimes, whereas ten years ago they weren’t: if you were to make playing football where there are ‘no ball games’ signs a criminal offence, the number of boys committing crime would increase.

Funnily the report begins the relevant section with:

‘It is important to note that apart from this table, all figures in this section represent the number of offences resulting in a disposal and not the number of young people offending.’

This was to point out that number of offences isn’t the same as offenders (as some offenders get caught more than once), but it also reminds us that many people offend without ‘resulting in a disposal’.

This reminds me of all the problems with police statistics and fear of crime. The more effective policing is, the worse crime seems. Even in a situation where crime is stable, or even falling, more effective policing means more crime detected and prosecuted. It’s only detected crime that makes the statistics or the news: if you’re robbed and don’t bother with reporting it to the police it won’t make the news. Furthermore, it’s prosecutions that make most headlines: there’s stuff to report when the story is being discussed in the courtroom. So the more criminals the police catch, the more crime there is on the telly and in the papers. And so improving the police increases fear of crime…

Data protection

Ho ho ho, yet another story of missing government packages. Aren’t we glad the government isn’t organising Christmas?

But does this really reflect badly on the people who work for government? I’m not sure it does, because it’s IT companies and couriers that have been losing the data, not government departments or people. In this latest story the problem is with Pearson, a global media company (Financial Times, Penguin etc.) who run the test centres. I noticed this a few months back, and thought it was odd that they have this contract / that it’s contracted out at all. However, the Thatcher/Blair consensus seems to be that the private sector does things more efficiently so that’s what happens (efficiency being achieved by??? cutting corners?).

This means that the management of government is now done with contracts not directives. In the old days the minister and civil servant said X, and this got transmitted down the heirarchy into actions. Yes, it was subverted and translated, but in the worst case scenario someone got sacked or resigned. In the new world of contracting, the policy (X) gets drawn up into a contract, which is then interpreted, subverted etc. Same issue, different lines of accountability. When it comes to data protection, do we really know what each party really means. If you tick a box to say you don’t want data to go to ‘another organisation’ does this include subcontractors? No: the data being with Pearson is taken as still being with the Driving Standards Agency. The DSA retain responsibility and, as far as I can tell in the guidance, don’t need to ask permission of the data subject (i.e. us) to transfer data to a private and/or overseas company (see this too).

So instead of focusing on the little mistakes, shouldn’t we really be asking why a hard drive with UK driver data on it can go missing in Iowa in the first place. We didn’t ask for our government to be outsourced, we didn’t ask for our data to be transferred into private hands, and we didn’t expect the database state to be run by multinational IT and media companies. Ironically, if I want to copy a picture from a Penguin book (perhaps the cover of 1984) to illustrate a lecture on government and data, I have to ask permission from them.

P.S. These issues aren’t that new.

P.P.S. Another issue for later. Pearson produce textbooks for schools, and own EdExcel that produce the examinations. Is that not a conflict of interest?