| Previous Section | Index | Home Page |
Mr. Bruce: The hon. Gentleman seems to be supporting the Bill but saying things that would preclude its being passed. May I give him an example? The original data protection directive said to people who wanted to mail a person information that was unrelated to the fact that they had the person's name and address from another source that they first had to mail the person and say, "Am I allowed to mail you something?" but, by doing that, they would have broken the law in the first place. That is the way we can go if we take it absolutely at face value that no one is allowed to cross-check information that is given to the Government.
Mr. Howarth: I think that the hon. Gentleman misunderstands me. I am not suggesting that there should not be data matching. I argue that data matching should be circumscribed by powers that enable the citizen to be protected. Limitations on data matching should be set out in a code of practice, which can evolve over time to match best practice internationally, and match agreements that we enter into. We would have flexibility within what I hope would be an absolutely resolute desire to strike the balance that we need between the civil rights of the individual citizen, particularly the citizen's right to
4 Feb 1997 : Column 832
privacy, and the Government's obvious duty to do what they can to stamp out fraud. I am arguing not for an absolute in one direction or the other, but for maximum care.
I hope that, in the exercise of whatever powers the Government take through the Bill, they will always be anxious to do what they can to minimise intrusion into privacy by using, for example, privacy enhancing technology such as encryption and "pseudonymisation", ensuring that names of individuals about whom data may be revealed are known to the minimum number of officials and only in circumstances when that can be absolutely justified.
In Committee, I quoted from DSS research report No. 56 on "Confidentiality: the public view"--the Department-commissioned report by Mr. Alan Hedges. Its findings should warn Ministers that public opinion is sensitive in this matter, and they must be extremely careful in deciding what powers to take--and certainly in the exercise of those powers.
My hon. Friend the Member for Cambridge described how legislative practice in other countries has moved well ahead of ours. By the autumn of next year, we shall have to legislate to incorporate into our law the new European directive. That will inevitably provide a new legislative context for the Bill's operation, but, as we do not have that safeguard in place, it is all the more important, as she has said, that the code of practice should be incorporated.
Mr. Harry Cohen (Leyton):
I support the new clause, which provides for a code of practice on privacy. First, it does not adversely impact on data matching for anti-fraud activity. All it does is ensure that such activities comply with a code of practice that is approved by the Data Protection Registrar.
I tabled a parliamentary question on the Bill to the Under-Secretary of State for Social Security. His answer stated:
Liberty's opinion has already been quoted to the House. Its press release, published on 31 January, said:
Clause 1 replaces section 122 of the Social Security Administration Act 1992, and clause 1(4) shows that personal data can be lawfully supplied to other organisations. There is no statutory guarantee offering the protection that the recommendation proposes. A code of practice would supply such a guarantee.
My second reason for supporting a code of practice is that the legislation has the potential to negate most of the Data Protection Act 1988. As the House knows, that has eight principles, and the Bill could negate all of them. I shall refer to a couple of those. The first principle states:
If the use or disclosure of personal data is required by law, it can be used or disclosed "in any event". The "fairly obtained or processed" provision is overridden, which means that any use or disclosure under the legislation can lawfully be kept secret and data subjects need not be informed of it. The fourth principle states:
The Government have the potential to negate all the data protection principles. In almost all other fields, if the Data Protection Registrar wishes to enforce compliance with the data protection principles, she serves an enforcement notice on data users in the knowledge that failure to comply with it is a criminal offence. However, under section 38(2) of the Data Protection Act, a Government Department cannot be prosecuted. If Departments cannot be prosecuted, enforcement notices cannot be enforced, and serving them is irrelevant. As a result, the Data Protection Registrar is impotent in terms of enforcing the principles.
That is a worst case scenario, but, as we are dealing with fundamental privacy matters, we need to give the registrar an effective role in correcting abuses. There
4 Feb 1997 : Column 834
Mr. Heald:
My hon. Friend the Member for South Dorset (Mr. Bruce) made an excellent point when he said that this country should be proud of the way in which the security of personal data has been protected for many years by Government Departments.
There are stringent rules governing the way in which the Department records and uses such information. It is available only to officials on a "need-to-know" basis. There are random management checks to ensure that access has been properly authorised, and there is also audit trail analysis. Officials are conscious of the need to hold and process data securely, not least because, each time an official logs on to the system, he is reminded of the fact that every access must be authorised and that unauthorised use is a serious disciplinary offence. Some staff in the Department have been disciplined and some have been dismissed within the past year for breaches of the rules. However, there have been very few breaches, because there have been few instances of officials and staff not following the rules that we have laid down.
All computer processing is registered under the Data Protection Act 1988, and officials are in regular contact with the Data Protection Registrar. Any unlawful disclosure of information is an offence and, occasionally, prosecutions are pursued. The Department's record on handling personal data by computer is exemplary in terms of security, confidentiality and conformity with data protection principles and other requirements of the Act.
As the hon. Member for Stratford-on-Avon (Mr. Howarth) said, since July 1995 we have been data matching between different computer systems. That has been carried out by a small team of highly skilled officials working in secure conditions on a single site. Detailed criteria are set, any matched data must be relevant to the benefit, and discrepancy is investigated only where it raises a suspicion of fraud. In the Office of the Data Protection Registrar, the registrar is aware of that service and of the action that is taken to protect data.
The same rigorous principles of confidentiality and security will be applied to the Bill: only relevant data will be supplied by the Inland Revenue and Customs and Excise, and about emigration, immigration, nationality and prisoners; it will be held in secure conditions by a small number of specially appointed officials; and data that are consistent with data we already hold will not need to be further disclosed within the Department. Moreover, the Department's use of that data will be registered in accordance with the Data Protection Act 1988, and--once they come into force--with the requirements of the European Union data protection directive.
Like all other data users, local authorities are bound by the requirements of the Act and other legislative requirements to ensure confidentiality and proper
4 Feb 1997 : Column 835
"The registrar wrote to my right hon. Friend, the Secretary of State, on 10 January about the scope of the disclosure of information powers contained in the Bill, advocating the introduction of a statutory code of practice for DSS datamatching activities."--[Official Report, 27 January 1997; Vol. 289, c. 108.]
Therefore, the registrar clearly supports the new clause's purpose.
"Liberty today published a legal opinion from two leading lawyers, one of whom is a Queen's Counsel, which states that the "Datamatching" provisions of the fraud Bill breach the right to privacy contained in the European Convention on Human Rights."
Liberty stated:
"The opinion is by Richard Drabble QC and Dinah Rose who are experts in social security and the law of the European Convention on Human Rights and advise the government on such matters."
A code of practice would help to prevent Ministers from breaching our international obligations under recommendation R(86)1 of the Council of Europe convention. Although the United Kingdom has opted out of the provisions of paragraphs 1.2, 3.3 and 5 of the recommendation, it has not derogated from paragraph 4.3, which states:
"Personal data should not be communicated outside the framework of social security for other than social security purposes except with the informed consent of the person concerned or in accordance with other guarantees laid down by domestic law."
4 Feb 1997 : Column 833
The importance of paragraph 4.3 is that, if other uses occur, guarantees must be laid down in domestic law.
5.30 pm
"The information to be contained in personal data shall be obtained and personal data shall be processed, fairly and lawfully."
Clause 1(4) makes lawful certain disclosures of detail from the Inland Revenue to the Department of Social Security and vice versa. Later clauses legalise disclosures to local authorities and vice versa. The Data Protection Registrar has no remit under the lawfulness arm of the first principle, as any processing with respect to the exchange of personal data is made lawful by the Bill. Similarly, the fairness arm of the principle, which requires a data subject to be notified of any non-obvious use and disclosure, is also negated. The new law, as represented by the Bill, overrides it.
"Personal data held for any purpose or purposes shall be adequate, relevant and not excessive in relation to that purpose or those purposes."
As I said in Committee, any hon. Member who loses his job after the election--many Conservatives will lose theirs--and makes a social security claim can be data-matched for ever under the Bill. That is an excessive provision. As my hon. Friend the Member for Stratford-on-Avon (Mr. Howarth) said, clause 1 legitimises the disclosure of personal data, not just about offences relating to social security but
"for use in checking the accuracy of information relating to benefits, contributions or national insurance numbers or to any other matter relating to social security and (where appropriate) amending or supplementing such information."
That is a broad provision, and it makes a mockery of the principle that data should not be used excessively.
| Next Section
| Index | Home Page |