|Previous Section||Index||Home Page|
There are broader questions. Clearly, the Chancellor is responsible for his Department and his agency. It is proper that he responds to questions about that. However, every question that we ask the Chancellor could equally be posed to every other Secretary of State in Departments that have agencies handling data. Is the Chancellor aware of any other Departments that are involved in the same sort of transmission of data as that in which his Department is engaged? The same thing could clearly
happen with the Department for Work and Pensions and with highly sensitive data in the Home Office and its agencies. Are the Government as a whole considering database management and security? Surely that is the crucial question.
Mr. Rob Wilson (Reading, East) (Con): I was contacted yesterday by a constituent, Mr. David Kauders, who told me that when trying to renew his car tax disc he found that he was inputting his credit card details into an insecure website. Does the hon. Gentleman agree that the Chancellor should look into that immediately and, if my constituent is found to be correct, warn people that their credit and debit cards are at risk?
Dr. Cable: I am not sufficiently informed of the structure of Government to know whether the Driver and Vehicle Licensing Agency comes under the Chancellor. However, clearly a Department should check that out.
The broader issue is how IT systems in Governmentnot only in HMRC and the Treasuryare managed. What role does security play in the objectives of massive IT programmes? Of course, many work perfectly well, but IT systems exist to provide convenience, cost reduction and security. How much is security weighted in the current management of the systems? The hon. Member for South Norfolk (Mr. Bacon) among others has persistently asked about the way in which Members of Parliament gain access to the Governments evaluations of their IT programmes in HMRC and elsewhere. There is an issue about the so-called gateway reviewsthe way in which IT programmes are judged and evaluated. My understanding is that we are not allowed access to them. The Public Accounts Committee, too, is not allowed access to them. Perhaps the Chancellor will confirm whether he, like his predecessor, is determined to go to court to block public or parliamentary access to the gateway review on HMRC. Is that the case?
Dr. Cable: It does ultimately rest with Ministers, although I am not calling for the resignation of the Chancellor. We obviously need to find out a great deal more, but accountability indeed goes higher. The point that I made in response to the original statement was that in Departments such as the Home Office that principle has been accepted.
Mr. Graham Stuart: There is obviously culpability at ministerial level, and not only for incompetence. Does the hon. Gentleman have questions about the way in which the episode was eventually announced in the House and the so-called junior official was forced into flight, holed up in a hotel in secret and hung out to dry, just as the Government have hung other public officials out to dry when seeking to save themselves rather than the public interest?
I am not quite sure what else could have been done with that junior official to protect him from the media. I am not critical of how the Chancellor handled the issue in the House. It seems to have been
dealt with promptly and properly, as far as it went, so that is not my line of criticism.
I should like to move on to the issue of cost cutting. The hon. Member for Tatton quite properly raised the particular e-mail in the batch that we received. Perhaps I should read out one sentence from the communication, to explain where the problem lies:
I must stress we must make use of the data we hold and not over burden the business by asking them to run additional scans/filters that may incur a cost to the department.
Obviously cost-consciousness is important, and I do not criticise civil servants for being conscious of cost. However, in this casethe right hon. Member for Fylde (Mr. Jack) put this question perfectly wellwhat is the cost of doing a basic test, with the stripping out of sensitive data? I gather from people in the profession that it probably costs a freelance consultant something in the order of £10,000 to do a job of that kind. Other estimates might be available, but that is in the context of budgets of £8.5 billion, which is the value of the Capgemini contract. Who is making an assessment of the costs and benefits of particular choices? Who is assessing proportionality?
That links in with the issue of staffing and staff cuts in the department. Again, I have no fundamental objections in principle to trying to raise the efficiency levels of HMRC and Departments. No public servant has a job for life. However, I have always been critical not so much of the principles behind the Gershon savings, but of how they operate through crude head-counts, which anyone who has worked in a large company will know are the most inefficient way of trying to increase efficiency. They often result in the wrong people being evicted, staff being demoralised and a lack of supervision. That has undoubtedly been a factor in the operation of HMRC and not only lies behind the tax credit fiasco, but probably plays a part in this situation.
The fundamental issue that I wish to raisethis relates to why I think the Opposition motion is too narrowis the danger, which has now been highlighted, of big centralised databases. The hon. Member for Tatton is right that one of the major lessons from this episode concerns the problems that could arise from the ID card system. However, the underlying issue is that we have big centralised data systems, with large numbers of people who have access to them, so any mistake is compounded on a large scale. Quite apart from whether we get to the ID cards system, there are big Government central databases about which important questions now need to be asked.
For example, there is a new child protection database system called ContactPoint, which was created in the wake of the Climbié inquiry. As I understand itI stand to be correctedin the order of 300,000 professionals could have access to that database. It is difficult not to imagine that at least a few of them might have some malign intention. The problem lies in the sheer scale of the database to which they have access, however well managed it is and however good the protocols.
The hon. Gentleman is making a serious speech, to which we are all listening attentively. Does he not agree that the key issue for IT access is which data fields can be accessed, rather than whether they are grouped in one or several databases? In the case of the child database to which he has referred, the key
question is how many people can access the address or contact details of a child, rather than whether a certain number of people can access the database at all.
Dr. Cable: The hon. Gentleman has an advantage over me, given his technical knowledge. However, my hon. Friend the Member for Birmingham, Yardley, who I suspect has even more technical knowledge, has suggested that the fundamental problem is not the number of fields but the number of records and the sheer scale of the databases.
That issue arises not only in relation to ContactPoint. There is also the looming issue of the NHS spine, containing highly sensitive medical data to which well over 300,000 people will have access. I am told that some journalists are willing to pay £10,000 or something of that order for access to the medical records of a celebrity. The temptation for somebody to use and abuse the database in that way is obvious. Although there are disadvantages to a fragmented system in which GPs have their own records on paper, it is significantly better for security.
Kali Mountford: I am grateful to the hon. Gentleman for giving way, because I wanted to raise similar issues in my speech, which can now be shortened. Is not the problem that whatever system we introduce and however perfect we try to make it any system can be made open to abuse by people who want to get information to which they should not be allowed access?
Dr. Cable: The hon. Lady is absolutely right. However, although it is easy to be wise after the event, my point is that one of the lessons that we should learn from this episode is that big is not necessarily beautiful and that there is advantage in a small scale. That may well result in reduced efficiency, but when we are concerned about massive data loss and security, there is an argument for smallness. We should start to adopt that approach for some sensitive database systems.
Julia Goldsworthy (Falmouth and Camborne) (LD): Does my hon. Friend also agree that there is an issue with responsibility for error? I recently became aware of a Child Support Agency case, where the contact details of an individual were wrong, which was causing problems in processing payments. However, the Child Support Agency said that since it was not the only organisation that could have changed those details, it could not be deemed responsible for the problem.
My next point relates to what this sorry episode suggests to us about data protection legislation. The subject arouses great annoyance in many quarters, and I believe that the Conservatives have suggested that they will repeal the data protection legislation. There is an appalling contrast between how individuals encounter the workings of the Data Protection Act 1998, which are about form filling and obstruction, and what members of the public see in the conduct of government, which is inefficiency and leakage. That lack of balance and accountability is at the heart of a great deal of disillusionment. In the light of that, I wonder whether we should return to the 1998 Act and introduce some
new principles, one of which is that individuals should have access to the data that the Government hold on them and the right to correct that data.
Another principle that stems directly from the current affair is that where data managers have committed serious errors or been negligent they should be open to some penalty. Apparently no penalty currently exists. It might have been a bit of a joke that the Metropolitan police were fined several hundred thousand pounds for the shooting of de Menezes, but the data managers in HMRC face no penalties whatever under existing legislation. Surely that should be addressed.
Chris Mole: The inappropriateness of the contrast between what has happened in this case and ID card legislation is that there are penalties in the Identity Cards Act 2006 for unlawful access to the ID cards database. Perhaps we should consider a specific penalty for unlawful access to Government data across the piece, measured on a data-by-data basis.
My final point is that although the purpose of todays Opposition day motion is to hold the Chancellor to account on matters relating to a serious breach of privacy and data, it highlights the fact that we have no regular mechanism of doing so in the House. One of the purposes of reforming the 1998 Act could be to ensure that we have a proper ongoing Select Committee system concerning privacy and data, perhaps involving both Houses of Parliament, so that it is not necessary to have these occasional and highly politicised attempts to deal with issues that should be dealt with in the House systematically.
Kali Mountford (Colne Valley) (Lab): Thank you for calling me so early in the debate, Mr. Deputy Speaker. I apologise to the House for having other business that will call me away, but I shall endeavour to return as quickly as possible, as this is an important debate and I want to be a part of as much of it as I can. I want to distil the important issues on which we need to focus from among those that the Opposition are tempted to dwell on and have fun with, which simply create hot air and bring little more to the debate than a few headlines and some enjoyment for those who like to see people squirm.
When people make mistakes, the first thing that they should do is to apologise. I congratulate my right hon. Friend the Chancellor on doing that immediately; it was the right thing to do. When we make mistakes, we should also do our best to put things right. In order to do that, we need to know what went wrong. My right hon. Friend is right to say that, when there has been a catalogue of mistakeswe cannot pretend that that is not the casewe need to know what lies behind it.
Holding the inquiry is exactly the right thing to do. To say that we had some data first in one place and then in another, and that we do not know exactly where some discs are, and to pretend that we know what happened during that series of events and not to hold an inquiry would be quite ludicrous. I congratulate my right hon. Friend on immediately instigating the inquiry. It was the right thing to do.
We need to look to our laurels and find out what went wrong. We also need to determine whose responsibility it was. This certainly cannot be laid at the door of junior officials. I always think that it is quite wrong for politicians ever to lay the blame at the door of officials.
Mr. Graham Stuart: I wonder whether that is a subtle chastisement of the Prime Minister and the Chancellor of the Exchequer, both of whom explicitly used the term junior official, which would have been entirely unnecessary if they were not trying to suggest where the responsibility lay.
Kali Mountford: Absolutely not at all. That is a gross misunderstanding of what was being said. If someone has taken an action, as that junior official clearly did, it is one thing to understand that action, but to blame that person for it is quite another
Kali Mountford: The hon. Gentleman needs to wait for the inquiry. Why did that junior official take that action when, in the light of the procedures that should have been followed, it clearly should not have been taken?
Kali Mountford: The hon. Gentleman must calm down, stay in his seat and think about what I am trying to say. There is a set of procedures; why were they not followed? If there are pressures in the department, why did that person not follow the procedures? Which level of senior managers did not ensure that those procedures were properly followed? What breakdown took place that resulted in those procedures not being followedif, indeed, that is the case? In future, what new, easier-to-follow procedures shall we need to put in place to ensure that this kind of thing cannot happen again?
Mr. Kemp: Does my hon. Friend agree that the loss of data should not reflect on the vast majority of staff who work at Waterside Park and who do a good job? Many MPs here will struggle to remember the last time that they had a complaint about the delivery of child benefit; it is an efficient benefit that has delivered to millions of families and helped to alleviate child poverty in this nation.
Kali Mountford: My hon. Friend brings me to my next point. As a former civil servant, and as a former member of the CPSA union who represented members of the department that he has mentioned, I can tell the House that they are grand people. To suggest that they could be in any way accountable for this mistake would be wrong. The Government have made decisions to increase the level of child benefit and to ensure that people rightly get the money that they deserve, but many of them would not get it on time without those people who live and work in my hon. Friends constituency making sure that that can happen. It is right to acknowledge the work that they do
Mr. Stuart: There are so many questions that have not been answered by the Chancellor because there is going to be an inquiry, yet the Chancellor and the Prime Minister both managed to divulge one fact very early. It turned outallegedly, and perhaps not entirely correctlyto have been a junior official who had released the data. May I suggest that that revelation was entirely unnecessary? The fact that that person has been hounded out and has been in hiding is a disgrace and a shame for the Government.
Kali Mountford: Oh dear, oh dear, oh dear. The hon. Gentleman really does need to stay in his place, stay calm and not get so excited. Would he rather that that person were flogged and hanged by hon. Members in the street [ Interruption. ] Would he rather that that person were hounded by the press and not protected? I see this rather differently. I would rather that that person were kept away from the press so that they were not hounded every day, but the hon. Gentleman sees this rather differently. I see this as a way of protecting the person. The hon. Gentleman will have it his way; I will have it mine. It is better that we get to the facts, then look at what we need to do in the future. That is what the inquiry is about.
We have heard today that this matter has reached another stage. I anticipated that this would happen, but I regret that two other questions have, quite spuriously and wrongly, been thrown into the debate: what should we do about the department, and what should we do about ID cards? They are both wrong, but let us look at the matter. The department is the right way to go. I know that some of my hon. Friends might agree with the Opposition, but I disagree with them.
The way in which the system has been set up ensures that people who need tax credits can have them, and it is thanks to the constituents of my hon. Friend the Member for Houghton and Washington, East (Mr. Kemp) that most people have now got the benefits that they deserve. It would be wrong to jiggery-poker about with a new department yet again. It would still have the same computer system, and it would still have the same employees. To pretend that it would be a completely different system would be to do a disservice to the public, and it would be wrong to try to reinvent the wheel. That is what Opposition Members want to do, but it would be a mistake and a diversion. It would be misleading, and it is not the right thing to focus on.
The Oppositions suggestions about ID cards would result in our throwing the baby out with the bathwater. ID cards are a separate issue. Everyone always forgets that our biometrics stay with us continually. We would not have to carry cards; that is a separate issue. We cannot leave home without our biometrics; they are with us always. To say that, because of this one mistake [ Interruption. ] It is a huge mistake; I do not take issue with that fact. But however big it is, and wherever those discs are, my biometrics are with me now, and no one can take them off me. Wherever I go, they are with me. I could go into a bank and put my fingerprint down, but it would not be on that database because it would be separate from my biographical details.
|Next Section||Index||Home Page|