They've got your number: State's hunger for personal data raises security fears
There are increasing fears that Britain could suffer a repeat of the HM Revenue & Customs data loss as the scale and breadth of personal information held by government bodies continues to grow inexorably.
As the police step up their search for the two missing Inland Revenue computer discs containing the banking and personal details of 25 million people, ministers have been warned that the potential exposure to theft and identify fraud could be present for many years to come.
And in the most chilling assessment since the Government admitted the security blunder, the man in charge of setting up the country's biggest medical records database has said he does not believe it is possible to make such systems foolproof.
Richard Jeavons, the director of IT implementation for the NHS, where there are plans to put 50 million patients' details on the database, told the Commons Home Affairs Committee that, when it came to protecting information, "you cannot stop the wicked doing wicked things".
Yesterday, as he faced a barrage of criticism over the Government's handling of the crisis, the Prime Minister performed a swift policy U-turn by announcing that Richard Thomas, the Information Commissioner, would be given new powers to carry out spot checks on the databases held by public sector organisations.
As recently as 25 October, the Government rejected Mr Thomas's request for such a power in response to a Lords committee. It said then that "the current enforcement regime for data protection is fit for purpose". But yesterday an embattled Mr Brown appeared to relent, adding that he would also consider the commissioner's plea for the creation of a new criminal offence of "reckless disregard of data protection principles". He insisted: "We will do everything in our power to ensure data is safe."
Mr Thomas welcomed the move, but said more would have to be done. "The law needs to be changed urgently so that people's personal details are properly protected," he said. "Privacy matters more than ever. It is not just about the law. It is about retaining the trust and confidence of the population where so much information is entrusted to government."
The Government now holds more personal information on individual members of the public than ever before. And in the next five years there are plans to add hundreds of millions more personal records to new or expanded databases. The UK's DNA database is the biggest in the world, holding four million profiles and growing by 30,000 every month. It includes records for 900,000 children, 108 of whom are under 10, raising concerns about the threat posed to children from the unchecked growth in personal information registers.
Ministers are also planning to set up another database listing the personal details of all children in England, including their age and where they live. ContactPoint, previously known as the "information sharing index", is supposed to be used by social workers, but children have expressed fears that the information could attract paedophiles and others who should not have access to their personal details.
While the thrust of the criticism over the HMRC data scandal has been directed at the Government, there is growing anxiety about the exponential growth of databases belonging to private companies. These include organisations handling details about finances such as banks, building societies, loan companies and credit checking agencies. But there are also worries about the role of marketing and sales companies that have grown their own private databases which they use to sell personal information.
The arrival of internet shopping has brought new exposure to identity fraud. Millions of people surrender personal and financial information when conducting transactions on the internet or join social networking websites.
In an echo of events that foreshadowed the security blunder at the Revenue, the Government has announced plans for the General Register Office in England and Wales to be merged with the Identity and Passport Service from next April. The change will mean that the responsibility for overseeing the recording of births, marriages, civil partnerships and deaths in England and Wales will transfer from the Office for National Statistics (ONS), which is to become independent of ministers, to the Identity and Passport Service, an executive agency of the Home Office. The blunder at the HM Customs and Revenue followed a merger of Customs and Inland Revenue.
Helen Lord, the compliance director at the credit reference agency Experian, said yesterday: "The children whose names, addresses and dates of birth have been lost are also at risk, especially those who are between 15 and 17 years old now. The fraudsters will wait until they turn 18 and start applying for loans, credit cards, mobile phone contracts and other credit products in their names. That could have a catastrophic effect on their ability to get on the housing ladder, rent a flat, obtain their first credit card, obtain a loan for their first car, even open a bank account."
Last night lawyers who had been contacted by members of the public said they were investigating claims for damages and distress against Inland Revenue.
Who holds your details?
Child Benefit database
The database, at the centre of the latest crisis, holds information on all child benefit recipients, details of 25 million individuals and 7.25 million families
National Identity Register
Linked to the introduction of ID cards, it holds data on your name, address, gender, date and place of birth and biometric information such as iris patterns
Criminal Records Bureau
Contains name, address and details of any convictions for criminal offences
Passport database
Has your address, date and place of birth and your travel history
Driver and Vehicle Licensing Agency
Details of any penalty points will show up alongside your name, address and date of birth
Proposed EU-wide census
Facts and figures on population and housing across EU would go further than any national census
NHS electronic patients record system
Part of the Government's £12.4bn National Programme for IT, aims to put all patient records online
UK DNA Database
Biggest DNA list in the world covers 5.2 per cent of population. 30,000 additions every month
Inland Revenue
Has on record the name, address and financial details of everyone who pays tax in Britain
ContactPoint
Part of the Government's Every Child Matters programme, it holds details on every child in England, including name, address, gender, date of birth and an ID number
By Robert Verkaik, Law Editor
Published: 22 November 2007
© 2007 Independent News and Media Limited
There are increasing fears that Britain could suffer a repeat of the HM Revenue & Customs data loss as the scale and breadth of personal information held by government bodies continues to grow inexorably.
As the police step up their search for the two missing Inland Revenue computer discs containing the banking and personal details of 25 million people, ministers have been warned that the potential exposure to theft and identify fraud could be present for many years to come.
And in the most chilling assessment since the Government admitted the security blunder, the man in charge of setting up the country's biggest medical records database has said he does not believe it is possible to make such systems foolproof.
Richard Jeavons, the director of IT implementation for the NHS, where there are plans to put 50 million patients' details on the database, told the Commons Home Affairs Committee that, when it came to protecting information, "you cannot stop the wicked doing wicked things".
Yesterday, as he faced a barrage of criticism over the Government's handling of the crisis, the Prime Minister performed a swift policy U-turn by announcing that Richard Thomas, the Information Commissioner, would be given new powers to carry out spot checks on the databases held by public sector organisations.
As recently as 25 October, the Government rejected Mr Thomas's request for such a power in response to a Lords committee. It said then that "the current enforcement regime for data protection is fit for purpose". But yesterday an embattled Mr Brown appeared to relent, adding that he would also consider the commissioner's plea for the creation of a new criminal offence of "reckless disregard of data protection principles". He insisted: "We will do everything in our power to ensure data is safe."
Mr Thomas welcomed the move, but said more would have to be done. "The law needs to be changed urgently so that people's personal details are properly protected," he said. "Privacy matters more than ever. It is not just about the law. It is about retaining the trust and confidence of the population where so much information is entrusted to government."
The Government now holds more personal information on individual members of the public than ever before. And in the next five years there are plans to add hundreds of millions more personal records to new or expanded databases. The UK's DNA database is the biggest in the world, holding four million profiles and growing by 30,000 every month. It includes records for 900,000 children, 108 of whom are under 10, raising concerns about the threat posed to children from the unchecked growth in personal information registers.
Ministers are also planning to set up another database listing the personal details of all children in England, including their age and where they live. ContactPoint, previously known as the "information sharing index", is supposed to be used by social workers, but children have expressed fears that the information could attract paedophiles and others who should not have access to their personal details.
While the thrust of the criticism over the HMRC data scandal has been directed at the Government, there is growing anxiety about the exponential growth of databases belonging to private companies. These include organisations handling details about finances such as banks, building societies, loan companies and credit checking agencies. But there are also worries about the role of marketing and sales companies that have grown their own private databases which they use to sell personal information.
The arrival of internet shopping has brought new exposure to identity fraud. Millions of people surrender personal and financial information when conducting transactions on the internet or join social networking websites.
In an echo of events that foreshadowed the security blunder at the Revenue, the Government has announced plans for the General Register Office in England and Wales to be merged with the Identity and Passport Service from next April. The change will mean that the responsibility for overseeing the recording of births, marriages, civil partnerships and deaths in England and Wales will transfer from the Office for National Statistics (ONS), which is to become independent of ministers, to the Identity and Passport Service, an executive agency of the Home Office. The blunder at the HM Customs and Revenue followed a merger of Customs and Inland Revenue.
Helen Lord, the compliance director at the credit reference agency Experian, said yesterday: "The children whose names, addresses and dates of birth have been lost are also at risk, especially those who are between 15 and 17 years old now. The fraudsters will wait until they turn 18 and start applying for loans, credit cards, mobile phone contracts and other credit products in their names. That could have a catastrophic effect on their ability to get on the housing ladder, rent a flat, obtain their first credit card, obtain a loan for their first car, even open a bank account."
Last night lawyers who had been contacted by members of the public said they were investigating claims for damages and distress against Inland Revenue.
Who holds your details?
Child Benefit database
The database, at the centre of the latest crisis, holds information on all child benefit recipients, details of 25 million individuals and 7.25 million families
National Identity Register
Linked to the introduction of ID cards, it holds data on your name, address, gender, date and place of birth and biometric information such as iris patterns
Criminal Records Bureau
Contains name, address and details of any convictions for criminal offences
Passport database
Has your address, date and place of birth and your travel history
Driver and Vehicle Licensing Agency
Details of any penalty points will show up alongside your name, address and date of birth
Proposed EU-wide census
Facts and figures on population and housing across EU would go further than any national census
NHS electronic patients record system
Part of the Government's £12.4bn National Programme for IT, aims to put all patient records online
UK DNA Database
Biggest DNA list in the world covers 5.2 per cent of population. 30,000 additions every month
Inland Revenue
Has on record the name, address and financial details of everyone who pays tax in Britain
ContactPoint
Part of the Government's Every Child Matters programme, it holds details on every child in England, including name, address, gender, date of birth and an ID number
By Robert Verkaik, Law Editor
Published: 22 November 2007
© 2007 Independent News and Media Limited