House of Commons
|Session 2006 - 07
Publications on the internet
General Committee Debates
Serious Crime Bill [Lords]
The Committee consisted of the following Members:
Emily Commander, Committee Clerk
attended the Committee
Public Bill Committee
Thursday 5 July 2007
[Mr. Joe Benton in the Chair]
Penalty and prosecution for offence under section 64
Amendment moved [this day]: No. 178, in clause 65, page 36, line 6, leave out two and insert four.[James Brokenshire.]
James Brokenshire (Hornchurch) (Con): When we adjourned, I was halfway through explaining that amendment No. 178 was tabled on the assumption that we will ultimately reach a resolution on the matters that we were discussing. The amendment is reasonably straightforward and sets out the Committees clear intention on how data protection issues will be addressed and the seriousness with which they are treated. I need say no more.
The Parliamentary Under-Secretary of State for the Home Department (Mr. Vernon Coaker): Good afternoon, Mr. Benton. It is good to see you chairing our Committee again.
I ask the Committee to resist the amendment, which would increase the penalties in clause 65 for the clause 64 offence of making
certain further disclosures of information.
The existing maximum penalty of a two-year custodial sentence would be increased to four years.
Clauses 64 and 65 were included in the Bill in recognition of the fact that a specific additional safeguard is needed to protect against improper onward disclosure of Her Majestys Revenue and Customs information. That is to conform with the safeguards attached to HMRC information in other circumstances. Clause 64 allows for the same additional safeguards to be applied by order to public authorities information. I hope that it is evident that the penalty in clause 65 applies in a very narrow set of circumstances relating to wrongful onward disclosure of information shared by public authorities through a specified anti-fraud organisation. Currently, that applies only to HMRC information.
The maximum penalty of two years imprisonment is consistent with the maximum penalty for all other comparable data-sharing offencesfor example, under section 19 of the Commissioners for Revenue and Customs Act 2005 and section 10 of the Official Secrets Act 1989. In addition, the Government have proposed an amendment to the Data Protection Act 1998 to include a maximum custodial penalty of two years for the offence of unlawfully obtaining personal
James Brokenshire: I hear what the Minister says. The amendment is in some ways different from the measures that he has highlighted. We tabled the amendment to make clear our view that the offence must be treated seriously, and to provide confidence in the way in which the system will operate. I do not intend to press the amendment to a Division; the point of tabling it was to set out for the Committee that breaches of data protection rules and the rules in clause 64 will be treated seriously and punished accordingly.
James Brokenshire: I welcome that assurance from the Minister because it is important that that message is sent out. I know that the Information Commissioner has made representations to the Home Office and other parts of the Government to emphasise that, and that responses have recently been given in relation to the issue, as the Minister mentioned.
In the light of what the Minister has said, and the changes that have taken place, I beg to ask leave to withdraw the amendment.
Amendment, by leave withdrawn.
Clause 65 ordered to stand part of the Bill.
Data protection rujles
Question proposed, That the clause stand part of the Bill.
James Brokenshire: The clause would insert additional wording in schedule 3 to the Data Protection Act 1998. The disclosure of sensitive information will be permitted if it is processed for the purpose of disclosure to an anti-fraud organisation of the kind that we debated this morning, or is processed by that person after being so disclosedin other words, if it is then processed thereon. The question is: why is the clause needed? The list of sensitive personal data that are covered is broad in ambit, and it goes much further than might be perceived necessary for a simple anti-fraud purpose. It has provoked some concerns among various groups. Libertys briefing note says:
We fear that this provision might instead be included because it would be too difficult in practice to separate out this kind of sensitive information from non-sensitive information which is contained in a single source of data that would be shared under these proposals.
Administrative convenience is not a sufficient justification for the mass sharing of sensitive data.
The Minister may say that the provision is required, and that it is an essential element in the fight against crime. However, it is wide ranging, and he must provide
Mr. Coaker: The clause inserts a new paragraph in schedule 3 to the Data Protection Act 1998 to facilitate the sharing of sensitive personal data, as the hon. Member for Hornchurch says, for the purpose of preventing fraud. The first data protection principle prohibits the processing of sensitive personal data, unless one of the conditions in schedule 3 to the Act is met. For example, paragraphs 7(1)(b) and 7(1)(c) of schedule 3 state that processing is necessary
for the exercise of any functions conferred on any person by or under an enactment, or for the exercise of any functions of the Crown, a Minister of the Crown or a government department.
The Secretary of State may by order add further conditions under schedule 3.
Although many public bodies will be able to rely on one of the current conditions in or applied under schedule 3, it is unlikely that the existing conditions would cover all cases of data sharing to prevent fraud. Therefore, the clause provides an additional condition that is tailored to anti-fraud data sharing and will facilitate such data sharing. It does not decrease the threshold of data protection which applies under the Data Protection Act.
I must stress that the provision is not a move to overturn the Data Protection Act or the principles that form its basis. The clause will not remove the need for data controllers either to comply with the data protection principles or to satisfy the conditions for an exemption from them, such as the exemption for crime prevention. The clause simply helps data controllers to comply with the additional requirement of the Act which relates to sensitive personal data when information is shared to prevent fraud. Although many bodies would already be able to comply with one of the existing conditions for sharing such information, the clause provides consistency throughout the full range of bodies that will share the information.
Section 2 of the Data Protection Act defines sensitive personal data; the definition includes information about political opinions, religious beliefs and racial origins of the data subject. It also includes information about the commission or alleged commission by the data subject of any offence. That part of the definition is relevant in this context. The definition also includes criminal proceedings for any offence committed or alleged to have been committed by the data subject. Again, that part of the definition is of obvious relevance in the context of the disclosure of information for the prevention of fraud. However, it is also possible that in disclosing information relating to offences or suspected offences, other sensitive personal data are necessarily disclosed. For example, information that a person was suspected of claiming sickness benefit for longer than he was entitled has the effect of disclosing information about his physical health, namely that he was initially entitled to such benefit. Physical or mental health or condition is also included in the definition of sensitive personal data.
Although many of the disclosures to an anti-fraud organisation will be covered by one or another of the existing conditions, not all will. That is why we are
Furthermore, individuals will be informed that their data may be shared for the purpose of fraud prevention at the point that they provide the data. Individuals will be able to require the Information Commissioner to assess whether their data are being processed in compliance with the Data Protection Act. The commissioner may also investigate whether the data controller is complying with the Act on his own initiative. He will also be able to investigate using his normal powers and, where appropriate, he will be able to use an enforcement notice to require the data controller to take steps to comply with the Data Protection Act. With that explanation, I hope that the Committee will allow clause 66 to stand part of the Bill.
James Brokenshire: I am grateful to the Minister for that detailed explanation of the need for clause 66. What he said has been helpful in setting out the context, and the reasons and rationale of why this measure would be needed practically, and he has also addressed the concerns that have been highlighted elsewhere. I am grateful to the Minister for that explanation.
Question put and agreed to.
Clause 66 ordered to stand part of the Bill.
Clause 67 ordered to stand part of the Bill.
Amendment made: No. 148, in schedule 7, page 73, line 32, leave out from beginning to end of line 34 and insert
(iv) a body to which Article 90 of the Health and Personal Social Services (Northern Ireland) Order 1972 (S.I. 1972/1265 (N.I. 14)) applies;.[Mr. Coaker.]
Mr. Jeremy Browne (Taunton) (LD): I beg to move amendment No. 14, in schedule 7, page 75, line 11, leave out keep under.
The Chairman: With this it will be convenient to discuss the following amendments: No. 15, in schedule 7, page 75, line 11, after review, insert on an annual basis.
No. 13, in schedule 7, page 75, line 24, at end insert
(5) No information may be disclosed under Section 63 of the Serious Crime Act 2007 before the publication by the Commission of the code..
No. 241, in schedule 7, page 75, line 24, at end insert
(5) The code shall not have effect until a draft has been laid before, and approved by a resolution of, both Houses of Parliament..
Mr. Browne: I am grateful to you, Mr. Benton, for giving me an opportunity to speak briefly about these amendments Nos. 14, 15 and 13, which stand in my name. During our proceedings this morning, we had a detailed conversation about clause 63; there is a lot of overlap and cross-over into the schedule, so I do not intend to repeat the points that I and others raised previously. However, I shall explain, for the benefit of members of the Committee the purpose of the amendments and the thinking behind them.
Amendments Nos. 14 and 15 would provide for an annual review of the code for data matching. My concern is that the time scales are too flexible and are insufficiently specific. The amendments, which amend the same sentence but reorder the wording, are designed to provide for an annual review. Amendment No. 13 relates to the point that I was discussing, along with others, with the right hon. and learned Member for Sleaford and North Hykeham, this morning. The amendment would require the code on data matching to be published before any information could be disclosed. I take the point that the right hon. and learned Gentleman made that, although that requirement would be more onerous than what is currently in the Bill, it would be better still to accept amendment No. 241 because that would provide for approval by Parliament.
My intention, subject to other contributions during the discussion on the schedule, is to press amendments Nos. 14 and 15 to a vote, because they address a specific different point about time scales, but not to press amendment No. 13 to a vote. I would be minded to support amendment No. 241 if that were pressed to a vote by other hon. Members.
Mr. Geoffrey Cox (Torridge and West Devon) (Con): I wonder if the hon. Gentleman might think about the expression on an annual basis. As I understand it, that means that the Commission might to do it only every 12 months, whereas it might want to look at the matter sooner if some event crops up. Should not the wording be at least annually?
Mr. Browne: That is a good point. My thinking may have been insufficiently demanding when I tabled the amendments and we may table further amendments at a later stage. I share the hon. and learned Gentlemans view that requirements should be in place to ensure that the mechanisms are reviewed periodically in a way that is likely to provide greater safeguards. I accept that he may not regard annually in all circumstances as sufficient, but the clause as drafted does not specify a time scale, so it could stretch indefinitely into the future, which would be unsatisfactory.
James Brokenshire: The schedule deals with data matching. I welcome the additional changes in schedule 7, especially the insertion of new section 32A(5) of the Audit Commission Act 1998, which states:
A data matching exercise may not be used to identify patterns and trends in an individuals characteristics.
The Minister referred to that this morning. That is a welcome improvement as it defines the contrast between
However, concern remains about whether we are being taken down another track. It is important to keep the code of practice on data matching under review. I say to the hon. Member for Taunton that the ambit of language in proposed new section 32G(1) is already fairly broad; my interpretation is that the code will be under constant review that may be wider than the hon. Gentlemans amendments propose.
I note that the hon. Gentleman will not press amendment No. 13 to a Division. My clear impression is that the clause refers to the data matching code rather than to the data sharing code: the two need to be kept separate as they are assessing different things. However, our argument that the code needs parliamentary approval is still relevant for the purposes of data sharing, which we debated this morning. We therefore tabled amendment No. 241, which provides that the code on data matching
shall not have effect until a draft has been laid before, and approved by a resolution of, both Houses of Parliament.
We may have rehearsed some of the arguments earlier, but I look forward to the Ministers response to the amendments. It is important that there is some assurance that not only has there been consultation with the relevant persons, such as the Information Commissioner, but that there will be external and parliamentary scrutiny of the code.
As parliamentarians, we want to be able to say that we are satisfied that the code of practice provides the intended protections, so that the concern we have highlighted about the ambit of data matching in respect of the code of practice is adequately addressed. I will listen with interest to the Ministers response to the amendment before deciding whether to press it to a Division.
Jeremy Wright (Rugby and Kenilworth) (Con): I rise briefly to support what my hon. Friend said about the amendment. I share his reservations about the amendments tabled by the hon. Member for Taunton as it is vital to have a code that can be amended as flexibly as possibly to deal with what may be a fast-changing situation. I attended a presentation by the National Fraud Initiative, which the Minister kindly arranged.
Sitting suspended for a Division in the House.
Mr. Coaker: I thank the hon. Member for Hornchurch for the point that he made about proposed new section 32A(5) of the Audit Commission Act 1998. We want to ensure that our approach is conciliatory. I also thank the hon. and learned Member for Torridge and West Devon, who rightly pointed out to the hon. Member for Taunton that it is the flexibility to review the code that is important. That might be done more than once a year.
The hon. Member for Taunton has tabled two amendments that would have the cumulative effect of requiring the Audit Commission to review its code of
Sitting suspended for a Division in the House.
Mr. Coaker: It is a bit like Wimbledon hereit is difficult to maintain ones train of thought. We should have some sympathy for the competitors there.
On the amendments tabled by the hon. Member for Taunton, it does not follow that the code should automatically be reviewed every two years; it might be appropriate for it to be done more or less frequently. I think that that point has also been made by other members of the Committee.
The amendment tabled by the hon. Member for Arundel and South Downs (Nick Herbert), which was moved by the hon. Member for Hornchurch, would prevent the code of data matching from having effect until it was approved by both Houses of Parliament. We debated some of those issues this morning, and my contention is still the same in respect of the code of practice and the data sharing principles. My objection to this amendment is the same as my objection to the earlier one requiring the data sharing code to be approved by both Houses of Parliament before it is published. The Information Commissioner was specifically appointed to be the independent regulator responsible for monitoring compliance with the Data Protection Act. The Audit Commission will be required to consult him when preparing or revising the code, and to send a copy of the code to the Secretary of State, who will be under a duty to lay it before Parliament.
Given the arrangements that Parliament is in the process of putting in place, I wonder whether it is necessary, or right, for it to involve itself in approving the code. As I indicated earlier, such a step would duplicate the functions entrusted to the Information Commissioner by Parliament and encroach on his supervisory and regulatory remits. The Information Commissioner answers to Parliament and can, if he wishes to do so, report to the House if he is unhappy with the way in which powers are being used.
As I said earlier, if we ask Parliament to approve the code of practice, where will that leave all the existing codes, which have not been approved? The question follows, should Parliament be asked to approve all codes of practice as they come up for renewal? I am not sure that that would be an economic use of Parliaments valuable time. I hope that my explanation has reassured the hon. Gentleman and that he will be willing to withdraw the amendment.
James Brokenshire: We will reflect on the Ministers comments on the ability of the Information Commissioner to report back to Parliament on the code of practice, and on whether that gives this place sufficient oversight to ensure that the protections that we would like to have in the code are properly maintained.
On the basis of what the Minister has said, I do not wish to press amendment No. 241 to the vote. The work of the Audit Commission on the national fraud initiative has been very effective, and I recognise that the powers are intended to bring that within a statutory framework. We shall reflect on the Ministers reassurances, including those about the Information Commissioner, and consider whether the issue needs to be revisited on Report.
Mr. Browne: In light of the comments from both sides of the Committee room, I am not minded to press a vote on the amendmentnot least because of the Ministers reassurances. Although I am not averse to heroic one-man charges, I have, like the right hon. and learned Member for Sleaford and North Hykeham, no taste for
Amendment, by leave, withdrawn.
Amendments made: No. 149, in schedule 7, page 78, line 38, leave out from beginning to end of line 40 and insert
(iv) a body to which Article 90 of the Health and Personal Social Services (Northern Ireland) Order 1972 (S.I. 1972/1265 (N.I. 14)) applies;.
No. 150, in schedule 7, page 84, line 25, leave out from beginning to end of line 27 and insert
(i) a body to which Article 90 of the Health and Personal Social Services (Northern Ireland) Order 1972 (NI 14) applies;.[Mr. Coaker.]
Schedule 7, as amended, agreed to.
|©Parliamentary copyright 2007
|Prepared 6 July 2007