You are here: Parliament home page > Parliamentary business > Publications and Records > Lords Publications > Lords Hansard > Daily Hansard

Previous Section Back to Table of Contents Lords Hansard Home Page

Social Security Administration (Fraud) Bill

3.8 p.m.

The Minister of State, Department of Social Security (Lord Mackay of Ardbrecknish): My Lords, I beg to move that the House do now resolve itself into Committee on this Bill.

Moved, That the House do now resolve itself into Committee.--(Lord Mackay of Ardbrecknish.)

On Question, Motion agreed to.

House in Committee accordingly.

[The CHAIRMAN OF COMMITTEES in the Chair.]

Clause 1 [Information held by tax authorities]:

Baroness Hollis of Heigham moved Amendment No. 1:


Page 1, line 19, after ("may,") insert ("subject to section (Code of Practice on privacy) below,").

The noble Baroness said: In moving Amendment No. 1, the paving amendment, I speak also to Amendment No. 18, which is the substantive amendment.

With these first amendments, let me state on behalf of these Benches what we seek to achieve in the Bill by way of amendment. We made it clear at Second Reading that we support the broad thrust of the Bill: to use the new resources of information technology and therefore data matching to share information between central government and local government to target benefit fraud. We all agree that fraud is intolerable and should not be tolerated especially where it is serious, organised, high value, white collar landlord fraud. It is estimated that perhaps £1 in £5 of housing benefit is being fraudulently claimed. The new and sophisticated information technology makes this attack on fraud

11 Mar 1997 : Column 168

possible although we have some worries. With 600 different computer systems within the DSS alone we are not sure how intelligently and accurately computers will speak to each other.

Nonetheless, we are not convinced that the Government are tackling the issue of landlord fraud as seriously as they should. Therefore on Thursday from these Benches we shall move amendments to strengthen that attack and we hope the Government will support us.

We have the experience of Australia where in 1994-95 over 66 million DSS records were matched for accuracy. Most people of course have several files. Of 138,000 cases where there were doubts and which were therefore reviewed, 23 per cent. resulted in benefits being reduced or withdrawn. However, benefits were increased (that is, they had been under-paid) in nearly as many cases as there were of fraud; namely, 19 per cent. of cases.

Therefore, given that our first line of amendment is to tackle the issue of landlord fraud, our second line, which we shall pursue later today, is to ensure that the spine of information technology not only removes benefit from those who claim improperly but makes sure that benefit goes to those who need it but are not claiming it. We have seen that means-tested benefits in particular have major problems of take-up.

Thirdly, the Australian experience also showed the need to operate data matching within an adequately drawn code of practice to prevent its misuse or abuse, especially by individuals with access to government systems. With this Bill, we are taking a major step into the field of data protection in order to pursue fraud. These amendments seek to ensure that while we support that invasion in the pursuit of fraud, nonetheless any such invasion is protected, controlled, regulated and surrounded by a statutory code of practice.

Our Data Protection Act was drawn up in 1984--not, I suspect, because the Government were suddenly converted to data protection and privacy but as a means to comply both with our European requirements and those of global corporations which made it a requirement for investing here. Our privacy Act was passed in 1988; in other words, our data protection legislation is some 10 years old. Since then, there has been a growing sophistication in information technology which has outpaced the formal and legal capacity of our society to control and regulate it. If we are to be tough on fraud--as I hope we are--hand-in-hand with that we must be equally tough in our defence of personal privacy. That is the subject of these amendments.

In the United Kingdom, the Data Protection Act is 10 years old and therefore does not deal specifically with data matching. But the registrar interprets the principles to regulate that area. Prior to the proposals in this Bill, wholesale comparison of files between the DSS and local authorities and, with constraints, the Inland Revenue, Customs and Excise and the like, was not permitted unless that disclosure was required in law. Therefore local authorities in particular had to rely on efficiency studies from the Audit Commission and so on.

11 Mar 1997 : Column 169

The Data Protection Registrar has made it clear that in her view a wholesale extension of data matching, which we support in order to exterminate fraud, must be accompanied by a similar extension of regulatory powers to protect the privacy of the individual. Her letter to Mr. Lilley on 10th January this year bears re-quoting. She says:


    "When I commented on the text published for 2nd Reading, I expressed my concern at the very wide powers given in respect of data matching activities. In the light of this concern, I have come to the firm view not only that there should be a code of practice but that it should have statutory force. The existence of appropriate safeguards would go a long way to providing assurance to the public that data-matching exercises will be properly regulated to minimise the possibility of any adverse consequences for innocent individuals".

The Select Committee on the Scrutiny of Delegated Powers, in its 18th report, commenting on the Bill, quoted the registrar's letter. The committee stated at paragraph 8:


    "It considers that a statutory code of practice would afford further protection against the potential misuse of the delegated powers in this bill, which the Government admits are wide-ranging".
The committee added that such a code would be "of great significance" and should therefore be laid before Parliament. Those are the words of a committee of this House.

Why? At the core of the Bill is that information collected for one purpose may be used for another. That flouts most of the principles behind data protection. It certainly flouts the 1981 European convention on data processing. Paragraph 4.3 of the convention states that,


    "personal data should not be communicated outside the framework of social security for other than social security purposes except with the informed consent of the person concerned or in accordance with other guarantees laid down by domestic law".
To flout that principle may be justified--as I believe it is--in pursuit of fraud. But it must not be abused.

As was argued in the other place, it is essential to provide a clear, legal base for the use and disclosure of information, particularly since, with privatisation and the contracting out of so much information technology work, the data collected will be handled by private operators.

The DSS research by Alan Hedges, entitled Confidentiality: the public view (research report 56), was published last year. It showed a real and growing concern about privacy, and a fear that disclosure of personal information which should be only on a need-to-know basis was going beyond that remit and was being used for purposes other than those for which it was collected. The research also showed that taxpayers believed that where information was revealed, it should be limited, controlled and regulated, and that the information should be notified to and agreed by the subjects themselves. The research showed that matters concerning finance and health were regarded as particularly sensitive. The DSS deals with benefits, sometimes issues of health, paternity, cohabitation, immigration and other extremely sensitive issues. The research showed that people were worried about wider access; the loss of privacy; the proliferation of error; the greater possibility of leaks or misuse; and the transfer of power from individuals to organisations and the like.

11 Mar 1997 : Column 170

They want to know why information is being collected; who has access to it; under what circumstances it can be disclosed; how long it is kept; how often it is updated; and whether they can check their own records.

In response to a series of case studies presented to people, those views were shown to be very real. In one such example, a large company offers the DSS access to payroll records so that it can check whether the employees are claiming benefit. The respondents were asked: should the DSS accept that offer? Two-thirds of those questioned thought that the DSS would accept the offer; the same two-thirds thought that the DSS should not accept the offer. In other words, DSS official policy of not accepting such an offer was widely endorsed--and equally widely disbelieved. The research therefore showed that the DSS already has a rather poor reputation for its handling of sensitive information, and the notion of a shared, pooled database was widely disliked. Most people believed that they had a tacit bargain with the state: they were required and prepared to provide sensitive information provided that, in return, the state protected its confidentiality. As one man told the researcher, "I think you are allowed to live your life in a reasonable manner without interference from outside agencies".

The Government accept all that in their Green Paper, government.direct, which I wish briefly to quote. It states that,


    "people want to be assured that their interests--such as their reputations, their finances, their entitlements and their prospects in life--are properly safeguarded. Information about them must not be misused, wrongly disclosed, accidentally revealed or fraudulently obtained".
That was the Government's view; and it is one we wholeheartedly support.

This pair of amendments will help both to alleviate public concern and to meet the Government's objectives as listed in the Green Paper, government.direct. What they propose is that there should be a statutory code of practice. What they do not propose is what should be in that code. We believe that that should be a matter for public consultation. It would need to be reviewed as technology is developed. What such a statutory code would do, together with consultation, is to reassure people that in pursuit of fraud the use of and access to highly sensitive personal information are properly controlled.

The Minister may say that sufficient protection is afforded by the EC directive. Perhaps I may assure the Committee that that is not the case because large swathes of government activity are not covered by the EC directive and would therefore go unprotected.

Such a code of practice will in no way hinder data matching. It will merely ensure that it is carried out in a scrupulous manner, especially when combined with later amendments to be moved by my noble friend on reports to Parliament and the like. In other words, it will provide the guarantees that the European convention which the Government signed requires. At the moment the registrar has only the weapon of the principles of data protection, under which a government department cannot be prosecuted because it is exempt. Precisely because so much of government departmental work has

11 Mar 1997 : Column 171

been contracted out that the public service ethic is inevitably diluted, so equally the public need greater protection.

We want this Bill to work. We want to pursue fraud vigorously, but we want to do so in ways that do not trample on the civil rights, and especially the legitimate right to privacy and confidentiality of information, to which ordinary citizens are entitled. In the Bill the Government ask for a wholesale extension of powers to invade privacy; to use information collected for one purpose to advance another. We are entitled to demand that such an extension of powers be accompanied by an extension of the guarantees to prevent misuse. I beg to move.

Next Section Back to Table of Contents Lords Hansard Home Page