| Previous Section | Index | Home Page |
Mrs. Anne Campbell (Cambridge): It is necessary to provide a clear legal basis for the use and disclosure of information. I remind the House that we are discussing information that has been collected for one purpose but will be used for another. Such data may be supplied by statute to the Inland Revenue or by a person who is claiming benefit. People provide the information voluntarily because they believe that they are entitled to claim benefit.
We have a duty to protect both kinds of information, but we have a particular and pressing duty to safeguard information that must be disclosed according to Government requirements. The Bill proposes to use the information supplied by disclosing it to other Departments
4 Feb 1997 : Column 825
It is possible to compile a comprehensive picture of an individual, and to identify likes, purchase habits and credit behaviour. Alternatively, the information may be used to detect similarities and differences between data that are collected for different purposes--for example, someone may be collecting social security and paying income tax. The information may be used both as a commercial tool and as a weapon in the fight against fraud.
With the proposed privatisation of many Department of Social Security functions, many data will end up in the hands of private operators. The two remaining bidders for Project Accord--the centralised computer project in the Department--are American, and one is registered in Liechtenstein. There is no guarantee that work will not be exported to another country to take advantage of cheap wages. The Department of Social Security is accountable to Parliament, but that partner would be far removed from it.
New clause 2 does not contain any proposals that the Government have not already acknowledged. In their Green Paper, "Government.direct", the Government state specifically that people want their interests to be protected. The document says:
The Opposition want the Government to do what they have said they want and intend to do in "Government.direct". I have quoted the Government's own words--but they are empty promises unless the Government can ensure that public concerns are met. Labour proposes that the Government achieve that aim through the provision of a code of practice to regulate the way in which information is used and disclosed.
Mr. Heald:
The problem with new clause 2 is that it applies to only a limited area of government, so we would end up with a piecemeal approach to data protection rather than the seamless provision that everyone wants. Consultations are taking place on the European data protection directive and the "Government.direct" Green Paper. That is surely the proper place to deal with those issues.
Mrs. Campbell:
The Minister is correct to say that we shall soon require new legislation to bring the EC data
4 Feb 1997 : Column 826
If we consider the possible abuses, it is clear what problems may arise. I am sure that the right hon. Member for Kingston upon Thames (Mr. Lamont) felt angry and betrayed when the details of his unpaid Visa bill were made public. Similarly, members of the royal family were embarrassed and dismayed when it was revealed that a private telephone conversation had been recorded.
We propose a code of practice, but we do not set out what should be in it. There should be full public consultation, and the Data Protection Registrar's advice should be sought. The code of practice may need to be reviewed regularly, as technologies change rapidly, security requirements differ over time as criminals discover new techniques for defrauding the system, and international treaties may change our obligations. Flexibility is required. The new clause would provide for a code of practice, which should be drawn up after consultation and introduced by regulation.
The Minister referred to the EC data protection directive. We do not yet know what form of domestic legislation will transpose that directive into United Kingdom law. The statutory code that we propose should serve to ensure that decisions that are made on the basis of automated, data-matching exercises are not in breach of article 15, which gives individuals the right not to be subject to an automated individual decision, although there may be exemptions. As a person who has suffered damage as a result of a breach of the data protection principles can claim compensation, it is important that the Secretary of State takes note of that. He should now establish procedures that would avoid that problem.
Our proposal is by no means unusual. In Australia, Canada, New Zealand, the United States and Germany, data matching by government is subjected to independent scrutiny. Individuals who are identified in "hits" as a result of data matching must have a chance to make representations.
I hope that the Minister will accept the new clause, or at least agree to introduce a clause of his own when the Bill goes to the other place. Our proposal follows the advice given to the Secretary of State by the Data Protection Registrar in a letter dated 10 January. If the Minister will not safeguard personal privacy by a code of practice, I hope that he will spell out in his reply precisely what he will do instead.
Mr. Ian Bruce:
I shall comment briefly on the excellent provisions in the Bill, and explain why I believe that the new clause, although worthy, should not be accepted.
4 Feb 1997 : Column 827
Hon. Members will have heard me talk about the European informatics market group, which has an unfortunate acronym--it sounds like something completely different unless one listens carefully. That all-party group considers issues such as data protection. It was set up because of an unfortunate EC draft directive that probably would have destroyed the whole of the informatics market in the United Kingdom. The hon. Member for Cambridge (Mrs. Campbell) raises her eyebrows, but she will be pleased to know that the current draft directive, which is doing the rounds in Europe, is more to the United Kingdom's liking and to the liking of the European informatics market group, which has taken sensible advice.
The United Kingdom civil service has almost the most enviable record of any civil service in the world on keeping people's personal data secret and secure. It may not have such an enviable record on keeping the Government's secrets secure--especially when draft information is being sent between Departments--but we should be proud of what the Inland Revenue, the Department of Social Security and housing benefit offices in our town halls have already achieved. The codes of practice they work to are exemplary.
We are considering whether it is right or wrong to allow information that is collected for one purpose to be used in matching to discover whether criminals--I emphasise that--are trying to rip off the system and steal taxpayers' money. No hon. Member who has read the reports of the Social Security Committee can be in any doubt that we should use whatever technology is available to check that we are making best use of public money, and that we are not being ripped off.
The Opposition propose that, instead of having discrete information in discrete Government Departments, we should establish a special code of practice with a special form of policing to cover the exchange of such discrete information between Departments. That is an unnecessary leap.
The Data Protection Registrar has made many proposals. Many aspects of our data protection registration are nonsense. We can prosecute people if they do not register to operate and keep data--if they have not informed the registrar--but once they have registered, there is not a lot that the registrar can do to them. It is important for the registrar to lay down principles. We should not have a bureaucratic system. We should ensure that remedies are available to people who are damaged because data on them have been passed on when they should not have been. We should examine that aspect of the problem.
It is long past time that we had this exchange of information. Many hon. Members will know that I ran an employment agency in Yorkshire for about 12 years. Towards the end of that time, the Department of Social Security found out that a temporary member of staff had more than one job. In fact, that individual had five jobs and was claiming unemployment benefit and social security. The Department knocked on our door and said, "This person has been claiming and has also been working for you." I said that I could provide the necessary details, because we had told the Inland Revenue and the Contributions Agency that that person was working for
4 Feb 1997 : Column 828
When the investigator asked whether we could give him a list of all the people who had been working for us in the past six months, I said, "No problem," and provided him with a complete list. We found that a third of the people who were registered in our agency were working for us, being paid by us, paying taxes and national insurance--and receiving unemployment benefit.
The first thing that amazed me was the time that it had taken the Department of Social Security to ask us for information. We were only too happy to co-operate: we were taxpayers, and we wanted to ensure that people were "signed off" before coming to work for us. Following the successful outcome of our passing information to the Department, however, I was even more amazed when it did not contact us again.
I strongly believe that data matching should be available to Departments that are trying to establish whether people are ripping off the system. It is very simple; it is a case of churning through data, using high-powered computers, and trying to find a match. Records involving people who are not in any way suspicious are ignored. No person examines the records: certain information is thrown up that looks a little suspicious--perhaps 50 people, all supposedly living at the same address, claiming housing benefit, or perhaps 30 people with different names claiming unemployment benefit in a one-bedroom flat. A large number of people may be found to have the same date of birth, and to be living in the same place. I am sure hon. Members will agree that that is the kind of information that we want to find.
"people want to be assured that their interests--such as their reputations, their finances, their entitlements and their prospects in life--are properly safeguarded. Information about them must not be misused, wrongly disclosed, accidentally revealed or fraudulently obtained . . . New methods of service delivery outlined in this Green paper will be developed in accordance with the requirements of the UK's international data protection obligations."
It also promises that the Government will consult the Data Protection Registrar so that the collection, use and disclosure of data can comply with the necessary requirements and meet the necessary standards of protection. It goes on to give an assurance that the commitment to consultation on all those issues will apply equally once the European Community data protection directive is in force.
| Next Section
| Index | Home Page |