TUESDAY 20 NOVEMBER 2007

MR RICHARD JEAVONS, MR TIM WRIGHT, DR STEPHEN HICKEY AND MR STEVE BURTON

  Q340  Mrs Dean: It was about drawing up the protocols for sharing the information with other departments or agencies.

  Mr Wright: I am not aware of any outward sharing, if you like, of information from the DCFS. We certainly rely upon other government departments to provide information to us. Contact Point again would be the best example of that where in fact we take national data feeds from three other Departments—the Department of Health, the Department for Work and Pensions and the Office for National Statistics—and we combine that in Contact Point with data from our own records from the pupil database.

  Q341  Mrs Dean: To turn to Contact Point, the Assistant Information Commissioner describes how the ambitions behind the database which is now Contact Base "started out as rather greater and have fallen backwards a little bit". Could you summarise the history of the Contact Point database in terms of the development of its objectives and scope?

  Mr Wright: I am not actually familiar with its long history. Clearly the history of the database goes back to 2001 and the Victoria Climbié case, but in the time that I have been engaged with Contact Point, the mission for the Department around Contact Point has not changed in any way. The system is an electronic index of every child in the country, with the sole purpose of bringing together those care professionals that work with children and need to be aware of other care professionals within the system that may be working with the same children.

  Q342  Mrs Dean: So you do not really agree with the Assistant Information Commissioner that there has been a pull-back from the ambitions that were once there?

  Mr Wright: I am not aware that there has been a pull-back. I have been with the Department for most of this year, I was not in the Department at that time, but I am not conscious that there has been any watering down or changing of the Department's ambitions for Contact Point.

  Q343  Mrs Dean: It may be something that you could look into for us?

  Mr Wright: I would be glad to.

  Q344  Mrs Dean: In designing Contact Point do you know what steps have been taken to ensure that the information collected about children is accurate and that the positive outcome in terms of child welfare outweighs any loss of privacy so early in life?

  Mr Wright: Yes, the basic data on which the system relies is taken from four other data sources. What the system actually does is bring those four data sources together and then matches the data sets. There is a significant amount of overlap in those data sources so you will be picking up children's names, home addresses, and so on from all those different data sources. What we do is use the technology to match those databases and prove by overlay, if you like, that the data is indeed correct for each of those children. There are exception reports which are produced on a routine and regular basis to highlight anomalies that may require further investigation.

  Q345  Mrs Dean: Which are the four data sources?

  Mr Wright: They are taken from the Department of Health, from the benefits system of the DWP, from the birth registers of the Office for National Statistics, and from our own national pupil database.

  Q346  Ms Buck. I was surprised to hear you list the three Departments and not include the DCLG. I just wonder if you could tell us a little bit about the relationship the Department has in respect of information from local authorities, in particular from all the sources in the DCLG?

  Mr Wright: We do have contact with the DCLG in relation to Contact Point but not in regard to data-sharing. Our particular contact with the DCLG is to ensure that the infrastructure over which Contact Point is delivered is going to be delivered in a way which will enable local authorities to most readily and easily use the system in a secure way. There is no output flow of data to DCLG and there is no data actually coming from them. The infrastructure of the system is actually something that from local authorities' point of view is extremely important because of course now and into the future the expectation is that they will wish to access a number of systems from different departments. We are very keen to ensure that the mechanisms by which they access those systems are compatible and it is not a burden put upon the local authorities to connect to lots of different systems.

  Q347  Ms Buck: In terms of the local authority Every Child Matters agenda your involvement in this is purely an infrastructure and data compatibility one?

  Mr Wright: Certainly from my own group's perspective but, no, a very significant part of the Contact Point programme is actually working closely with the local authorities to make sure that there is robust education about what the system can do, how it should be used, how it should be protected, and the security that is in place and so on, so there is certainly a very active dialogue with the local authorities to ensure that the system will be effective in its use.

  Q348  Ms Buck: How do you see local authorities' various sources of information currently within the Every Child Matters framework fitting into this? To give you an example that goes to the heart of it for me, and it goes to the heart of a lot of the data protection issue—the NOTIFY system for children in temporary accommodation because this is very much about children who drop through the net—I am not quite clear of the importance that local authorities should be putting on systems like that, which go very much to the heart of children at risk and child protection, and how they will fit into a national Every Child Matters data framework as you are describing it.

  Mr Wright: Contact Point, as you rightly describe, is a national system to be accessed and used by every local authority. Each local authority in the country will also have a number of its own support systems and case management systems that do actually hold detailed information about particular child cases. What is important to us is to ensure that we are delivering the infrastructure of Contact Point in a manner in which it can be integrated at the local authority level with their local data sources to present a full picture, but of course the case information that local authorities hold is solely for their purposes.

  Q349  Ms Buck: So none of that will be uplifted into—

  Mr Wright: No, no lift goes upwards but we need to be able to connect systems at the local level.

  Q350  Ms Buck: Can I just ask you about the potential of developing biometric data in education and schools. Where has that got to, where is the thinking and does the Department expect there to be a time in the near future when children will be expected to carry some form of biometric recognition?

  Mr Wright: Surely. Biometric systems are used within a number of schools within the UK. There is no drive from the DCSF to promote the use of biometric systems but we are very conscious of the fact that a number of schools find them quite beneficial. They are used in schools for the purposes of monitoring attendance, of providing children with facilities to remove library books or to purchase school meals. There are a number of benefits of using biometric-based systems over other technologies such as smartcards, principally the fact that the child does not have to carry anything with them and therefore do not lay themselves open to bullying tactics from other children that may wish to get hold of their card in order to access the services that they have.

  Q351  Ms Buck: Do you think that we should be comfortable with the idea of biometric recognition for getting out a library book?

  Mr Wright: Certainly the Department is quite content with the use of biometrics in that way by school children. It is a very effective mechanism. Biometric data that is held by these systems is of quite a low quality in the sense that it is only held at a level which will enable a school to differentiate amongst the school community, so there is no value in that biometric information outside of the school environment.

  Chairman: Thank you, Karen Buck. Margaret Moran?

  Q352  Margaret Moran: Given your technological capacity and capability and the fact that you are dealing with a number of children's databases, how much further do you think there will be progress or otherwise in relation to further data-sharing and data-gathering? Is there greater scope for any of that?

  Mr Wright: I think over the next few years we are certainly going to see significant progress around the initiatives that we have already started. I mentioned when I started about being able to join up this very large and quite complex education system that we have in the UK, so it is about improving choice for learners. Our expectation is that there will be a number of other future participants in the initiatives that we have already started. We have a programme we call MIAP (Managing Information Across Partners) which is very specifically to support the Government's drive for reforming the 14 to 19 age group. MIAP actually underpins the diploma environment and it is going to be very important that children can take their information from one institution to another and can have their qualifications recognised on their lifetime journey. I do not see on the horizon any particularly new initiatives at this time. I think it is quite inevitable that we will find that we will wish to continue to provide that kind of shared information infrastructure across the education system. I do draw a distinction perhaps between education and the care and welfare of children, and when it comes to systems like Contact Point there is very clear regulation in place for systems such as Contact Point, so I see no drift from that. Contact Point is there for a very specific purpose and that is the backstop to what that system will be used for.

  Q353  Margaret Moran: I want to come back to Contact Point later. You are talking about data-sharing from pre-school nursery through to 19, to the end of HE, something like that?

  Mr Wright: Well, in fact in information terms I am talking about what we would refer to as the lifetime journey of the learner, so I am talking about, yes, from the early years right through to adult and workplace training. In the changes in government this year the Department for Education and Skills was split to create the Department for Children, Schools and Families and the Department for Innovation, Universities and Skills. In terms of lifetime information-sharing that effectively cleaved a line at aged 19 in that learning journey, but with colleagues in the DIUS we see a very strong need to continue that co-operation between the two Departments to ensure that the education system in the country remains joined up.

  Q354  Margaret Moran: It is very expensive data-sharing based on very different systems very often. How can you ensure inter-operability and ensure that there is no rubbish-in rubbish-out? Where do you think the technology will take us next? Are we looking at data-mining, profiling, prevention?

  Mr Wright: Sorry, can you just repeat the first part of your question.

  Q355  Margaret Moran: I have forgotten it myself! Where do we go next in terms of technology and interoperability?

  Mr Wright: Thank you, I think the key word was "interoperability". Joining up across government is extremely important in lots of different areas. I have a role within the Department for Children, Schools and Families to support the policy directorates in managing information, but I also have another role as a member of the information community across government, so we have mechanisms at a higher level, if you like. We have a CIO Council that comprises members from all government departments, and a very significant part of our agenda and our thrust through the CIO Council is to ensure that we have a common framework for data standards and can share best practice across government departments, so in areas such as data security, for instance, those thrusts to ensure that we have the right levels of security in place and we are using technologies that are available as wisely as possible is the sort of thing that is done at a higher level, if you like, through the CIO Council, and that is quite an active community.

  Q356  Margaret Moran: Just very quickly on Contact Point, you will be aware, more than anyone I guess, that there are serious concerns about the amount of data being collected on children and whether lack of confidence in the ability to keep that data confidential will deter people from accessing the services and indeed possibilities that having all that data together could actually put children at greater risk. What research has your Department done to ensure the effectiveness of communication about what is actually happening on data-gathering and data-sharing in that context?

  Mr Wright: I would describe Contact Point itself as an electronic index. It is true that it will include data on every child in the country but it is only basic demographic information, so it is child's name, date of birth, address, parents' names, the learning setting/the educational setting in which they are currently residing, GP's name, and other specialists that they may have contact with. There is no case information within Contact Point whatsoever. Whilst the Contact Point programme is a significant technological challenge, we recognise that communication across the community of users of Contact Point, of which there are many thousands, is a crucial part of the success of the system, and that is a very active dialogue with that community. As part of the first phase of the use of Contact Point, which will commence during next year, we will be working, and have started working very closely, with 17 early adopter local authorities so that we can work closely with them and learn the lessons of early adoption and make sure that that knowledge and that practice, if you like, is shared and cascaded to other users of the system.

  Chairman: Thank you very much, Margaret Moran. We are now turning to some questions to Dr Stephen Hickey from the Department of Transport and we are going to start with Martin Salter.

  Q357  Martin Salter: Dr Hickey, I was interested in your memorandum of evidence to the Committee and in particular in paragraph 4 where you talked about clarity about the legal authority under which data may be shared, including using the Data Protection Act, being critical. I want to tease out a couple of examples. Has your Department had any requests for data from other government departments or other areas of government which you have considered not to be lawful?

  Dr Hickey: I cannot think of one offhand where we have specifically rejected it on that ground, but we certainly do review the legal basis on which we do data-sharing. Most of our data-sharing is fairly long-standing but we would certainly want to know on what basis any approach was made to us and what was the legal justification.

  Q358  Martin Salter: Because at the moment the way the process works is that government departments and other agencies seek advice from the data protection authorities and also from the Information Commissioner and it is possible that cracks could open up and people could end up with different advice and different practices could emerge.

  Dr Hickey: But we would need to look at it from both ends of the telescope. We need to look at it both from have they got the power to seek the information but also have we got the power to give it, so we will ask both those questions.

  Q359  Martin Salter: One final question from me. I notice in paragraph 2(7) of your evidence there is perhaps a more contentious area than a government department, which is the sharing of data with parking enforcement companies. It says here that you will do this where they can show reasonable cause to receive the data. Of course some parking enforcement companies are nothing more than licensed thugs to clamp vehicles in dubious circumstances. Do some of the clamping—I will not even call them organisations—outfits benefit from data provided by your Department?

  Dr Hickey: There was a big review of this done last year and ministers announced 14 improvements to the processes around reasonable cause. Reasonable cause are the words used in legislation but there is not a definition in law. 14 measures were announced last year to tighten up on the processes around reasonable cause and who should get the information. Amongst those is a lot more transparency around the information which is now, for example, on the DVLA website and on Directgov, so there is a lot more visibility to people on the circumstances in which information can be provided. As far as parking companies are concerned, there are two set of processes, one is for ad hoc individual requests, and the companies have to go through a process to justify why that is needed and they are asked various questions about their business and the purposes and so on, and that can be checked and audited, and refused of course if those answers are not acceptable. In addition, for companies who are doing it on a regular basis, which of course some of them are, and where we have electronic links, they are required to register with us, and they go through processes of validation including of their internal processes and they are also asked to be members of an approved association which itself has various processes for control. All of that is much more transparent now than it was two years ago. As I say, a lot of this is now on the website and our feeling is that the processes are now working more satisfactorily than when this issue was raised quite strongly a couple of years ago.