|
Mr. Malins: I have never understood the Data Protection Act. The only time when it has applied to me is when I have rung up Orange to ask about my daughter's telephone bill and they have not told me about it even though she has asked me to ring; that is the usual story.What kind of information might there be about me that has been modified and that is so sensitive that I cannot be told about it?
Mr. Browne: I venture to suggest that, as far as the hon. Gentleman is concerned, the exceptions to the Data Protection Act would not apply. I cannot imagine that it would be practicable for anyone who held information on him to notify him of that. It is also unlikely that the exception to the obligation to notify that relates to national security and prevention of detection of crime would apply to him. I cannot envisage any of the exceptions applying to his circumstances. However, I do not think I know him intimately enough to be sure that that is correct.
Clause 2(5) allows the Secretary of State to modify information where he is satisfied that it is inaccurate or incomplete. Amendment No. 16 would require us to notify a person of the details of any modification, and amendment No. 162 would require that, before any modification could take place, the person to whom that relates would be notified in writing and would have the chance to make representations before such corrections could be made.
It should be remembered that, generally speaking, a modification will take place because an individual has told the Secretary of State or the register of a change of details, as he may be required to do under regulations made under clause 12, which we will come on to in due course. In such cases, we will have processes to ensure that we are satisfied that the information provided is correct, which would include ensuring that the information was provided by the correct individual. We would confirm with the individual that the updated information has been recorded.
Column Number: 96
The other situation in which we could receive information that might lead to a modification is if information is provided to us for the purpose of validating information recorded in the register under clause 11. As information is likely to be provided to us for validation purposes prior to attendance at an enrolment centre, we would be able to inquire about any inconsistencies at that enrolment session. For example, if Mr. X provides information to the effect that his middle name is Allan spelled with two ''L''s and the information provided to us suggests that it is spelled with one ''L'', we would ask the applicant about it when he attended at the enrolment session, and therefore it would be unnecessary for us to notify an applicant of a change of details.
All applicants will have data subject access rights under the Data Protection Act, and we are looking at ways of ensuring that an individual will be able to read his or her card and register entry easily. For example, we may be able to offer a service whereby an individual could read the information held in his entry securely via the internet or public service kiosks.
For all those reasons, the amendments are unnecessary and inappropriate, and I ask for them to be withdrawn.
Mr. Malins: I think that they are all very appropriate and necessary. I see that my hon. Friends the Members for Cotswold (Mr. Clifton-Brown), for Solihull (Mr. Taylor), and for Newark, and my right hon. Friend the Member for Skipton and Ripon, are all present. We are at full strength, in total contrast to those on the Government Benches, which are so severely depleted that I am tempted to press the amendment to a Division. The result would be extremely close, and I simply want to place that on the record. Of course, a time will come when my party's superior numbers will count, although that might not be the case at this precise moment. I therefore beg to ask leave to withdraw the amendment.
Amendment, by leave, withdrawn.
6.15 pm
Mr. Allan: I beg to move amendment No. 71, in page 3, line 12, leave out from 'is' to 'under'.
The Chairman: With this it will be convenient to discuss the following amendments: No. 72, in page 3, line 13, leave out from 'information' to end of line 14.
No. 163, in clause 2, page 3, line 14, at end insert
'save where requested to do so by the individual concerned.'.
Mr. Allan: These amendments continue on the same theme. Amendments Nos. 71 and 72 seek to correct drafting errors that have crept in. We are dealing with entries in the register that have been found to be inaccurate, but somehow the legislation says that the Secretary of State is not under a duty to correct them. I am sure that the intention was that the Secretary of State should have a duty to correct them, following the rights and responsibilities line; if the Secretary of State has the right to ask for the data, he should have the responsibility of ensuring that it is kept accurate.
Column Number: 97
I am sure that the Minister will tell us that under the provisions of the Data Protection Act the normal requirement of a data controller to keep a data subject's data accurate apply. If his reading of subsection (5)(b) is that no provision of the Bill requires that he keep the data accurate, that in no way exempts the Secretary of State, as the data controller of the national register, from the duty to keep it accurate under another Act—the Data Protection Act 1998. Is the interaction of the two such that, if the Bill is passed with this unamended, the Data Protection Act provisions for the maintenance of accuracy are not in any way weakened? If that is the case, it remains extraordinary that the Government feel that they have to spell this out. Presumably, if they can be bothered to stick in this extra subsection, they think that there is some problematic situation in which they will be caught out. It would be interesting if the Minister could spell out the circumstances against which he is seeking to indemnify himself by ensuring that this provision remains there unamended. Our amendment would be much more appropriate.
Amendment No. 163 is another probing this whole area of ensuring that the interaction between the citizen and the Secretary of State as data controller for the national register is satisfactory, if there is such an interaction. I would be particularly interested if the Minister referred to subject access requests under the Data Protection Act. This is a horrible area of the law, but the principle is simple: if data is held about someone, they have a right to see that data.
There is a concern that with the national identity register the Secretary of State may seek to invoke some exemptions, which are permissible under the Data Protection Act—exemptions to do with the prevention and detection of crime, security and so on. It would be helpful to know the Minister's expectations clearly. A subject access request is how one would technically describe me getting my data off the register over the internet. With the kind of request the Minister has just described, securely over the internet—which some experts would say was on oxymoron—or from a public kiosk, is the normal expectation that for a subject access request the data will be supplied in virtually all circumstances? Is there an intention to invoke any of the exemptions in the Data Protection Act for those normal kinds of subject access requests?
Mr. Chris Mole (Ipswich) (Lab): Would the hon. Gentleman accept that it will be necessary to exclude from that the information that is held about access to the card, where the Government are seeking to ensure that there is no fraud around the application for and use of the card? Somebody might try to identify the information that would allow them to circumnavigate the security the Government were putting in place.
Mr. Allan: It is good to hear from the hon. Gentleman. If those on the Government Benches are depleted in numbers, they are clearly still awake and are going to make up for that depletion with the quality of their contribution.
Column Number: 98
The hon. Gentleman has picked on an important point. Where I would perhaps disagree with him—it would be an important test of Data Protection Act principles—is that it might be appropriate not to know that MI5 sought access to your record. That potentially compromises national security. Personally, I think that I, as a data subject, have the right to know if the health service or social security office has performed a check on me. That is precisely the kind of area that would have to be tested.
My assumption would be the more data the better. Potentially, the harm that could be caused by inaccurate data in the register is so significant. We have other examples of it. Criminal Records Bureau checks have been cited as a very real example of where inaccurate data have caused harm to individuals in the context of job applications. With this register, we can multiply that by several factors. If I went to one Government agency and was refused a service and it turned out that that was because they had found a record in a database of a check by another Government agency, I would want to know about it. I think that I would have the right to know.
It is important that we test this area, even if it means talking about this so-unloved piece of legislation, the Data Protection Act 1998. The principles are important, and they can be applied here. The presumption for me as a citizen is that I have the right to as much access as possible. I have the right to ensure that the data are corrected if errors have crept in because of things done by the Secretary of State or his representatives.
Mr. Browne: The discussion follows on from our discussion of clause 2(5). Amendments Nos. 71 and 72 place a duty on the Secretary of State to modify information if he is satisfied that it is inaccurate or incomplete, and would remove any discretion as to whether the Secretary of State would be required to do so. On the face of it, these amendments seem very sensible, but there are reasons why I cannot accede to them. As an alternative, amendment No. 163 would add to this clause a requirement for the Secretary of State to modify the information recorded, even if he thinks it inappropriate to do so, if this was requested by the individual.
I do not think these amendments desirable, and I will explain why. The clause as drafted provides that the Secretary of State should have the power to modify an entry but is under no obligation to do so where he considers this inappropriate. That is important as there may be cases where it is not appropriate to modify the information. One of the things that clause 3(3) would allow is the recording of details relating to an individual that are, strictly speaking, deliberately false. For example, the register will include details of individuals on witness protection programmes. If information was provided on such a person, although the Secretary of State would be satisfied that the details provided were inaccurate, we would not consider it appropriate for him to modify the register in that case. Therefore I do not think that the proposed amendments are desirable, because it is clearly desirable that we should be able to protect the identity
Column Number: 99
of people on such programmes, but still give them access to this particular database and the benefits of being registered on it.
| 
