In the design of its policies and systems for collecting data, the Government should adopt a principle of data minimisation: it should collect only what is essential, to be stored only for as long as is necessary.
We call on the Government to give proper consideration to the risks associated with excessive surveillance. Loss of privacy through excessive surveillance erodes trust between the individual and the Government and can change the nature of the relationship between citizen and state. The decision to use surveillance should always involve a publicly-documented process of weighing up the benefits against the risks, including security breaches and the consequences of unnecessary intrusion into individuals' private lives.
Our Report sets out a series of ground rules for Government and its agencies to build and preserve trust. Unless trust in the Government's intentions in relation to data collection, retention and sharing is carefully preserved, there is a danger that our society could become a surveillance society.
The potential for surveillance of citizens in public spaces and private communications has increased dramatically over the last decade, making it possible for what the Information Commissioner calls "the electronic footprint" we leave in our daily lives to be built up into a detailed picture of our activities. This has prompted growing concern about a wide range of issues relating to the collection and retention of information about individuals.
The commercial sector has driven a great many of the developments in this area, recognising the competitive advantage that information about customers can bring when used to target marketing and design personalised services. Government has also sought to harness this capability, to meet public expectations for similarly tailored and convenient services. Advances in technology have influenced the public's ideas about what it can deliver for the prevention and investigation of crime. The outcome has been the collection and sharing of increasing amounts of personal information.
The collection of personal information by public and private sector bodies can have clear benefits for the consumer, the patient and the recipient of public sector services. But it also involves significant risk. Mistakes in or misuse of databases can cause substantial practical harm to individualsparticularly those who have little awareness of or control over how their information is used.
The Government should make full use of technical means of protecting personal information and preventing unwarranted monitoring of individuals' activities. But safeguards are as much a matter of policy and protocol as of technology: the Government should also carry out rigorous risk analysis of any proposal to establish major new databases or other systems for collecting data, take full responsibility for protecting personal information, and ensure that its policies and procedures in relation to data collection and storage are as transparent as possible.
We examined aspects of the Home Office's responsibilities in relation to the collection and sharing of personal informationincluding CCTV or video surveillance, identity cards and the National DNA Databaseand considered how information collected in other public and private sector databases might be shared for use in the fight against crime. We recommend that the Home Office exercise restraint in collecting personal information, and address the question of whether or not surveillance activities represent proportionate responses to threats of varying degrees of severity.