Tag Archives: data

Child and data protection

Government IT cock ups (over budget, under specified, not working) are a perennial at the moment. The latest concerns ContactPoint, a database for the handling of information about all children in the UK. Its main aim is to let professionals that deal with children (teachers, social workers, GPs and so on) to know who else has been dealing with a particular ‘case’. That way, it’s hoped, the Victoria Climbie death won’t be repeated: if, let’s say, a teacher spots evidence of a problem, whether it be health or abuse or whatever, they can check to see if anyone is dealing with it, instead of assuming that social services or the GP is handling it.

Now the problem with all this data sharing for child protection is that it goes against data protection principles. If people can look up data to do good, they can look up data to do bad things too. Apparently the contractors are now trying to put in place ‘shielding’, so that the address of the child isn’t visible if that is requested by the local authority with the case. The database is delayed.

Of course, many of the kids who are vulnerable aren’t even known to the authorities, never mind the local council, so it will end up shutting stable doors after the horses have bolted. More importantly, this data is leaking all over the place, and I don’t just mean due to lost laptops, memory sticks and CDs.

Stupidly, the government allows everyone to search through all kinds of personal data. I’ve recently found out about genealogy databases. If you want to search for a person (including children), you can subscribe to one of the many websites that collates births, deaths and marriages data from the registry, and publishes them online. Ancestry has everything up to 2005, but I’m sure I’ve seen sites with more recent data. If you know the town someone lives in you can look at the electoral register, and the edited version of this is online too. Then there are all the other commercial databases (Experian and the like), that can be searched once you know someone’s name and address.

Then it seems possible to order birth, death and marriage certificates on line, if you know the full details (which you found out at Ancestry). This makes identity theft really easy. Mmm. They’ve thought about data protection and then created policies that have so many holes the protection is non-existent (see here). Only the state can make copies of the certificates, but anyone can ask for them with the flimsiest of reasons (genealogy research, record keeping!). As long as you promise not to use it for fraud or to break the copyright!!!

Leave a comment

Filed under News

Girls and crime: media and statistics again

All day I’ve heard and seen headlines stating ‘crimes by girls rise by a quarter’. And all day they’ve been wrong.

The BBC said ‘The number of crimes committed by girls in England and Wales has gone up by 25% in three years, according to figures’. What they should have said is the ‘number of offences committed and resulting in a disposal by young females rose by 25%’ (the Youth Justice Board’s report). That’s not the number of crimes committed, but those detected by police, with enough evidence and a known suspect, and so a official caution or conviction in a court. Definitely not the same thing.

It might be because girls are committing more crime. Or it could be because the police are getting better at catching girls, or previously let them off with a ticking off (because they were female), or because the nature of their offending is changing, or because policing is changing, and so on. Indeed, it’s even possible that changes in the law mean that some things young women were more likely to do are now crimes, whereas ten years ago they weren’t: if you were to make playing football where there are ‘no ball games’ signs a criminal offence, the number of boys committing crime would increase.

Funnily the report begins the relevant section with:

‘It is important to note that apart from this table, all figures in this section represent the number of offences resulting in a disposal and not the number of young people offending.’

This was to point out that number of offences isn’t the same as offenders (as some offenders get caught more than once), but it also reminds us that many people offend without ‘resulting in a disposal’.

This reminds me of all the problems with police statistics and fear of crime. The more effective policing is, the worse crime seems. Even in a situation where crime is stable, or even falling, more effective policing means more crime detected and prosecuted. It’s only detected crime that makes the statistics or the news: if you’re robbed and don’t bother with reporting it to the police it won’t make the news. Furthermore, it’s prosecutions that make most headlines: there’s stuff to report when the story is being discussed in the courtroom. So the more criminals the police catch, the more crime there is on the telly and in the papers. And so improving the police increases fear of crime…

Leave a comment

Filed under News, Statistics and simplicity

Data protection

Ho ho ho, yet another story of missing government packages. Aren’t we glad the government isn’t organising Christmas?

But does this really reflect badly on the people who work for government? I’m not sure it does, because it’s IT companies and couriers that have been losing the data, not government departments or people. In this latest story the problem is with Pearson, a global media company (Financial Times, Penguin etc.) who run the test centres. I noticed this a few months back, and thought it was odd that they have this contract / that it’s contracted out at all. However, the Thatcher/Blair consensus seems to be that the private sector does things more efficiently so that’s what happens (efficiency being achieved by??? cutting corners?).

This means that the management of government is now done with contracts not directives. In the old days the minister and civil servant said X, and this got transmitted down the heirarchy into actions. Yes, it was subverted and translated, but in the worst case scenario someone got sacked or resigned. In the new world of contracting, the policy (X) gets drawn up into a contract, which is then interpreted, subverted etc. Same issue, different lines of accountability. When it comes to data protection, do we really know what each party really means. If you tick a box to say you don’t want data to go to ‘another organisation’ does this include subcontractors? No: the data being with Pearson is taken as still being with the Driving Standards Agency. The DSA retain responsibility and, as far as I can tell in the guidance, don’t need to ask permission of the data subject (i.e. us) to transfer data to a private and/or overseas company (see this too).

So instead of focusing on the little mistakes, shouldn’t we really be asking why a hard drive with UK driver data on it can go missing in Iowa in the first place. We didn’t ask for our government to be outsourced, we didn’t ask for our data to be transferred into private hands, and we didn’t expect the database state to be run by multinational IT and media companies. Ironically, if I want to copy a picture from a Penguin book (perhaps the cover of 1984) to illustrate a lecture on government and data, I have to ask permission from them.

P.S. These issues aren’t that new.

P.P.S. Another issue for later. Pearson produce textbooks for schools, and own EdExcel that produce the examinations. Is that not a conflict of interest?

Leave a comment

Filed under News

Government data

I got my letter from HMRC at the weekend, apologising for losing some CDs with information about myself and my family. Unfortunately, all the apology, and all the news has been about the wrong problem…

Most of the comments have focused on the facts that the CDs weren’t sent by registered post, and that the files were just protected with a zipfile password…

(technically this is encryption, so I’m guessing that all the nonsense about ‘password protected but not encrypted’ was to say that it hadn’t got strong encryption, but if they’d put the key on the disk anyway, what difference does it make)

Now of course these aspects of the affair are just stupid: stuff gets lost in the post all the time, and if you are going to use physical media it makes sense to encrypt it as strongly as available, and to send the decrypt key separately or electronically.

More importantly, though, we have to wonder how on earth this state of affairs came about. I know in other parts of government there are secure networks: if you want to work from home in some government organisations you can’t use your own ISP, but you get an extra line that connects to government servers. In this case there would be no need to use the post. Indeed, for important mail you’d think the government would use its own internal mail service, Government Mail, although this is run with a private company and it’s possible that HMRC had to get the best deal, and this turned out to be TNT.

And why and how was the information sent out in this format in the first place. Apparently a junior manager burnt the data to CD and sent it out, but surely this is something that should only be done with authorisation at the highest levels. Otherwise, what’s to stop a corrupt employee doing this with all records: just copy them to a memory stick and leave the building and no-one would ever know.

More importantly, the auditors didn’t want all this information anyway. They wanted all the address, bank and parent details removed, but the HMRC people reckoned this was a burden too much, and could cost £5k to do ‘additional data scans/filters’! Now I know it’s a big database, but once the query is set up, it should only take minutes to make a new query without this data. Even if this couldn’t be done, it would have been easy to run a query on the outputted dataset: at most an hour’s work and then leave a computer to get on with the new output. This suggests that the IT providers have got the government over a barrel. The database is set up in such a way that the HMRC staff (and I assume someone there could do the work) can’t get full access to it. And then they charge five grand to come and make minor changes.
Herein lies the rub. EDS (I believe it’s them) have designed a system in which the end user (HMRC) can export data from a query that uses every record to a CD, yet can’t create or modify queries; the government have their own ‘secure’ mail network but they don’t use it, and have their own secure intranet but don’t use that either.

It just goes to show how well ‘competitive tendering’ works. It reminds me of a conversation I had with an IT professional who said that the industry was slowing down because they could no longer ‘rip off the government’. He said that in the past they could charge the government ludicrous amounts for small amounts of work, but that the government had got wise to it and new contracts were much less profitable. Looks like the HMRC job was sorted long before this, though.

Leave a comment

Filed under News