Tag Archives: database

Child and data protection

Government IT cock ups (over budget, under specified, not working) are a perennial at the moment. The latest concerns ContactPoint, a database for the handling of information about all children in the UK. Its main aim is to let professionals that deal with children (teachers, social workers, GPs and so on) to know who else has been dealing with a particular ‘case’. That way, it’s hoped, the Victoria Climbie death won’t be repeated: if, let’s say, a teacher spots evidence of a problem, whether it be health or abuse or whatever, they can check to see if anyone is dealing with it, instead of assuming that social services or the GP is handling it.

Now the problem with all this data sharing for child protection is that it goes against data protection principles. If people can look up data to do good, they can look up data to do bad things too. Apparently the contractors are now trying to put in place ‘shielding’, so that the address of the child isn’t visible if that is requested by the local authority with the case. The database is delayed.

Of course, many of the kids who are vulnerable aren’t even known to the authorities, never mind the local council, so it will end up shutting stable doors after the horses have bolted. More importantly, this data is leaking all over the place, and I don’t just mean due to lost laptops, memory sticks and CDs.

Stupidly, the government allows everyone to search through all kinds of personal data. I’ve recently found out about genealogy databases. If you want to search for a person (including children), you can subscribe to one of the many websites that collates births, deaths and marriages data from the registry, and publishes them online. Ancestry has everything up to 2005, but I’m sure I’ve seen sites with more recent data. If you know the town someone lives in you can look at the electoral register, and the edited version of this is online too. Then there are all the other commercial databases (Experian and the like), that can be searched once you know someone’s name and address.

Then it seems possible to order birth, death and marriage certificates on line, if you know the full details (which you found out at Ancestry). This makes identity theft really easy. Mmm. They’ve thought about data protection and then created policies that have so many holes the protection is non-existent (see here). Only the state can make copies of the certificates, but anyone can ask for them with the flimsiest of reasons (genealogy research, record keeping!). As long as you promise not to use it for fraud or to break the copyright!!!


Leave a comment

Filed under News

Data protection

Ho ho ho, yet another story of missing government packages. Aren’t we glad the government isn’t organising Christmas?

But does this really reflect badly on the people who work for government? I’m not sure it does, because it’s IT companies and couriers that have been losing the data, not government departments or people. In this latest story the problem is with Pearson, a global media company (Financial Times, Penguin etc.) who run the test centres. I noticed this a few months back, and thought it was odd that they have this contract / that it’s contracted out at all. However, the Thatcher/Blair consensus seems to be that the private sector does things more efficiently so that’s what happens (efficiency being achieved by??? cutting corners?).

This means that the management of government is now done with contracts not directives. In the old days the minister and civil servant said X, and this got transmitted down the heirarchy into actions. Yes, it was subverted and translated, but in the worst case scenario someone got sacked or resigned. In the new world of contracting, the policy (X) gets drawn up into a contract, which is then interpreted, subverted etc. Same issue, different lines of accountability. When it comes to data protection, do we really know what each party really means. If you tick a box to say you don’t want data to go to ‘another organisation’ does this include subcontractors? No: the data being with Pearson is taken as still being with the Driving Standards Agency. The DSA retain responsibility and, as far as I can tell in the guidance, don’t need to ask permission of the data subject (i.e. us) to transfer data to a private and/or overseas company (see this too).

So instead of focusing on the little mistakes, shouldn’t we really be asking why a hard drive with UK driver data on it can go missing in Iowa in the first place. We didn’t ask for our government to be outsourced, we didn’t ask for our data to be transferred into private hands, and we didn’t expect the database state to be run by multinational IT and media companies. Ironically, if I want to copy a picture from a Penguin book (perhaps the cover of 1984) to illustrate a lecture on government and data, I have to ask permission from them.

P.S. These issues aren’t that new.

P.P.S. Another issue for later. Pearson produce textbooks for schools, and own EdExcel that produce the examinations. Is that not a conflict of interest?

Leave a comment

Filed under News