Previous SectionIndexHome Page

'9A. The data controller must take reasonable steps to ensure that any computer system used in processing the personal data is capable of dealing accurately with dates later than 31st December 1999.'.

The amendment is a response to the situation facing many computer systems in Britain, and even more so world wide, on the failure to recognise the year 2000, which the Prime Minister has dubbed the millennium bug. It seeks to introduce a statutory obligation on data controllers to ensure that computer systems are millennium compliant, thus ensuring that the personal data that they contain are fully protected from any problems arising from the century date change and the year 2000 being a leap year. [Laughter.] I do not know why that is funny, but no doubt the Minister will enlighten me when he replies.

I hope that the House knows what I am talking about. This is an issue to which I have drawn attention and about which I have warned on several occasions since my initial question to the then Prime Minister in December 1995, following which I introduced an Adjournment debate and have since introduced two private Member's Bills on the issue.

Mr. White: The hon. Gentleman will know that a number of dates in 1999, including 31 December 1999,

2 Jul 1998 : Column 610

may cause problems to certain computers. Why does not the amendment cover all the problem rather than just part of it?

Mr. Atkinson: The hon. Gentleman is obviously an expert on the issue, so he will know that for computer systems to be millennium compliant they will also take account of the problems anticipated before the turn of the century.

The office of the Data Protection Registrar has produced a two-page paper entitled "The Millennium Bomb" which states that there are two problems whenever a two-digit year, represented as 99, changes to 00. It says that personal data may be interpreted as relating to 1900 rather than 2000--that is, the date is out by 100 years--and that the year 2000 is a leap year which is not usually the case for a centenary year.

If computer systems are not millennium compliant, a number of basic data protection issues emerge. Inaccurate personal data may be processed. Obviously, therefore, the provisions of the Bill that relate to accuracy--the fourth principle--and those relating to compensation for damage caused through the use of inaccurate personal data, come into play. There may be unfair processing. If the processing is date dependent--for example, age- dependent calculations--it may give inaccurate results and lead to the deletion of personal data before the planned retention time has expired.

Such eventualities would appear to breach the first principle in the Bill--providing for personal data to be processed fairly. It can result in the irretrievable loss of data, destroyed prematurely, as well as circumstances in which personal data are lost temporarily--for example, personal data that are unavailable for processing while the problem is being fixed. That appears to breach the seventh principle, relating to the loss, destruction of or damage to personal data.

Many more concerns were drawn to the attention of the Science and Technology Select Committee during its investigation of this issue, on which it reported to the House on 7 April. The report was called, "The Year 2000--Computer Compliance".

The Minister may argue that my amendment is unnecessary.

Mr. Hoon: Very good.

Mr. Atkinson: It appears that I have anticipated the Minister. He may argue that because the seventh principle requires:

I hope that he does not use that defence, which would be an inadequate response to a unique issue relating to computer systems and the data that they process and the protection of that data for which the Bill provides. Nor would it reflect the Government's clear warnings that the problem is serious and must be addressed if we are to avoid serious difficulties.

2 Jul 1998 : Column 611

As the need for computer systems to be millennium compliant is so obvious and serious, it should be mentioned in as many words in the legislation. That is why I propose a new paragraph in schedule 1 which states:

I hope that the Government will have the foresight to accept my amendment.

9.15 pm

Mr. Hoon: The amendment raises an issue of great topicality. The House is grateful to the hon. Member for Bournemouth, East (Mr. Atkinson) for allowing us to have this brief debate on the data protection implications of the year 2000 problem. He is worried that there may be a risk to personal data processed in computer systems that have not been not programmed to cope properly with the change of date at the end of the millennium. If the problem is as serious as he warns, there could be a risk of corruption of data held on computer systems.

The hon. Gentleman invites the House to amend the Bill expressly to deal with that risk. As he anticipated, however, the Government do not believe that such an amendment is appropriate. We believe that the seventh data protection principle and paragraph 9 of part II of schedule 1, already make adequate provision. They ensure that the data controller must take appropriate technical and organisational measures to ensure the required level of security. The requisite level has to be appropriate to the harm that might result from, among other things, accidental loss or destruction of, or damage to, personal data. That appears to cover the entire range of eventualities that might occur to personal data as a consequence of some failure of a computer system because of the year 2000 problem.

Problems of this sort could presumably occur for reasons other than the ending of the millennium. The formulation in paragraph 9 is intended to cover the unfortunate consequences that might occur from any failure of a computer system, whether or not it occurs as a consequence of the year 2000 problem. In the light of what I have said, I hope that the hon. Gentleman will agree that his amendment is unnecessary and will feel able to withdraw it.

Mr. David Atkinson: I am disappointed that the Government have not recognised the value of my amendment and surprised at the flippant way in which the Minister responded. I am surprised because of the prominence that the Government are trying to give the issue, especially since the Prime Minister's speech on 30 March warning of the consequences to the nation if we do not get it right. I am especially surprised because the Minister has been aware of the issue for longer than any other Minister because he was Labour's spokesman on it before Labour became the Government on 1 May last year.

If computer systems are not millennium compliant, there will be problems. The privacy of information contained in computer systems will be at risk if they crash because they are not millennium compliant. That is something which few people realise. It appears from what the Minister has said that he and the Government have not yet grasped the issue with the seriousness that it deserves.

2 Jul 1998 : Column 612

By ignoring the opportunity that my amendment provides, the Government have missed a valuable opportunity. They are showing amazing complacency on the issue. I appreciate that my amendment was tabled only early this week, so perhaps Ministers have not given serious thought to this aspect of the Bill. I hope that the Government will give my proposal further thought in the other place.

I clearly have not persuaded the Government, but I hope that they will give it further thought. I beg to ask leave to withdraw the amendment.

Amendment, by leave, withdrawn.

Amendment made: No. 54, in page 48, line 42, leave out 'staff' and insert 'employees'.--[Mr. Hoon.]

Schedule 3

Conditions relevant for purposes of the first principle: processing of sensitive personal data

Mr. Greenway: I beg to move amendment No. 10, in page 51, line 7, at end insert--

'4A. The information contained in the personal data has been obtained by the canvassing of data subjects by registered political parties.'.

It may come as a surprise to you, Mr. Deputy Speaker, to learn that the Bill would make the processing of personal data obtained from political canvassing illegal. There are some of us who think that if all political canvassing were banned, it would save us an awful lot of toil and sweat at election time, but in reality--the Under-Secretary and I have discussed the matter--we appreciate and recognise that it is important that the problem that the Bill presents is tackled.

I am grateful to my right hon. Friend the Member for North-West Cambridgeshire (Sir B. Mawhinney), who first drew attention to the matter when we were considering our response to the Bill. As a former chairman of the Conservative party, he understands and appreciates the importance of electoral law and of ensuring that the data protection legislation does not unnecessarily restrict or prohibit proper canvassing of political opinion by political parties.

When we discussed the matter in Committee, the Minister acknowledged that there was a problem, and agreed to do something about it. We have two choices. Our preferred route is to put something in the Bill, and to do it now. That is what amendment No. 10 would do.It is entirely in keeping with the other provisions in schedule 3. That would leave the matter beyond doubt. The alternative is to do what the Minister said that he would do in Committee--use one of the Secretary of State's order-making powers within the Bill to exempt the processing of data from political canvassing.

The problem that the House must ask the Minister to address tonight--it is a serious point--is whether any order-making power will be introduced after the Bill receives Royal Assent and while the transitional provisions that introduce the various clauses that give rise to the difficulty are in force. In other words, if we take the order-making power route, can we be certain that there will not be a period during which processing of data obtained from political canvassing will be illegal? It is a straight question that we ask the Minister. I think that I know what his preference is, but he understands that this

2 Jul 1998 : Column 613

is a serious problem. It would have been wrong of us not to draw the House's attention to the problem. It is all very well discussing a matter such as this in Committee, but, unless it is debated on the Floor of the House, colleagues might not be aware of how serious the problem is.

I ask the Minister, in all fairness, whether he can give us a categorical assurance that the provisions relating to sensitive data, such as political opinions, membership of trade unions, religious beliefs and so on, to the processing of which people must give explicit consent--clearly, we cannot take an answer to the question "How are you going to vote?" as explicit consent--will not come into force until the Government introduce an order to tackle that serious problem.

Next Section

IndexHome Page