Previous Section Back to Table of Contents Lords Hansard Home Page

Lord Grabiner: This amendment gives rise to a classic "chicken-and-egg" debate. One should always be wary of such a debate because there may not be a solution readily to hand. The origin of the debate in this context lies in the second paragraph of Article 8 of the convention. That provides:

that is, the right to respect for a private life and so on, which is contained in the first paragraph--

    "except such as is in accordance with the law".

The point about the Bill is that, if it were to become the law, that would be the law which permits the interference contemplated by paragraph 2 of Article 8. So the result will be that you have in place the Data Protection Act--which ultimately has its origins in these provisions in the human rights convention--and you have the Human Rights Act, both being statutes. In addition, you would then have this Act, if passed, which would be, on this hypothesis, the law.

The practical consequence of this is that the powers under this new Act will have to be exercised in accordance with the requirements of the Data Protection Act, the Human Rights Act and this Act, if passed. I would therefore conclude that it is certainly not necessary to have the safeguards suggested by the noble Lord, Lord Higgins. At the end of the day, if the powers granted under this Act are not properly complied with, there will be a breach of the Data Protection Act. We certainly do not need a provision in this Bill--and ultimately in this Act--to confirm the fact that the Data Protection Act is binding and effective in accordance with its terms. That is why I respectfully suggest that the amendment is not necessary.

Lord Higgins: I am sure that the noble Earl, Lord Russell, is right to say that it is sensible to clear up the data protection points at this stage of the proceedings. That is not to say that we will necessarily have dealt with all the human rights points, although the human rights aspect is part of the data protection argument. Some human rights points will arise later which we could more conveniently raise in detail on clause stand part--we have had detailed representations on the issue--but certainly let us get the Data Protection Act out of the way now.

The noble Earl touched a sensitive point when he referred to confusion over names. I have suffered for many years through confusion with the Terrence Higgins Trust-- although the Terrence is not spelt the same way. While it does excellent work, I am afraid it has over time caused considerable confusion--although I occasionally get contributions, which I duly pass on. It is a sensitive point. I have had to live with

1 Feb 2001 : Column 910

it for a long while. He was, unfortunately, the second person to die of AIDS in this country and the trust was named after him.

The noble Earl has rightly said that an Act of Parliament can, in one way, do whatever it likes. But clearly it would be undesirable to do something in one Act of Parliament which is in conflict or in dispute with another. I bear in mind the point made by the noble Lord, Lord Grabiner.

Perhaps I may pose one question to the Minister, which she may be able to clarify. If I understood him correctly, the noble Lord seemed to be saying that so far as concerns the doubts about the Data Protection Commission and whether something is done in accordance with law--that if you pass this Act then whatever it says is in accordance with law--as I understand it, that is not the position so far as concerns the Human Rights Act. It has to be in accordance with law in a much broader sense. You cannot simply pass a piece of legislation and that makes it in accordance with law.

It is an important point. We need to be clear whether there is any genuine conflict between what is now proposed by the Government and what is in the Data Protection Act. Perhaps the Minister can enlighten us.

Baroness Hollis of Heigham: As to the question of mistaken identity, I was required to be "of Heigham"--which is my former ward in the city of Norwich--otherwise I was assured, very emphatically, by we all know who, that I would be confused with a certain Lord Holles, I think of the late 17th century--I look to the noble Earl, Lord Russell--who was both illegitimate and died of an unmentionable disease with no heirs. I was told that without being "of Heigham" I would certainly, and regularly, be receiving his correspondence.

Earl Russell: If the Minister will forgive my interrupting her, as the other Lord "Holles" spelt his name with an "es", if our spelling had been up to it, the confusion would not have happened.

Baroness Hollis of Heigham: However, if I am correct, he did get a bit of land near Oxford Street named after him. So there is life after death.

The amendment seeks to place on the face of the Bill a requirement that,

    "Nothing in this Act shall authorise an inquiry which contravenes any provision of the Data Protection Act 1998".

As my noble friend Lord Grabiner said, we have no intention of circumventing the Data Protection Act, even if we could. Schedule 1 to the Data Protection Act makes it clear that information can be disclosed where the person is authorised by any enactment to supply it. Should the Bill become law, organisations listed in proposed new subsection (2A) of Section 109B would be authorised to provide information to an authorised officer. These provisions would not therefore undermine the Data Protection Act.

The department is under duties by virtue of the Data Protection Act. These either originate from provisions in the Act or from the information commissioner's

1 Feb 2001 : Column 911

general duty to enforce good practice. We are under a duty to ensure that the information we obtain is information that we need. The Bill makes it clear that we can obtain information about a person only where it is legitimate to make him the subject of our inquiries, and the existing legislation into which these provisions would be placed makes clear that the information request must be "reasonable" in relation to explicitly set out purposes which relate to whether or not benefit is paid. Hence the noble Lord need have no fears that the Bill would allow us to obtain unnecessary information.

We must also ensure that what can be done with personal information is transparent. To this end, we shall ensure that benefit claim forms inform people that the information they give us may be checked with other organisations.

The DSS is also under a duty to tell a person what information we hold about that person, including what we have obtained from other organisations, if he or she makes a subject access request under the Data Protection Act. The only time we should not provide these details is when to do so would jeopardise an ongoing investigation.

We have agreed to publish a code of practice before implementing these provisions. The code will ensure that people are aware of the detailed operation of the powers.

In addition, information received from organisations included in the Bill can be passed on to third parties only in circumstances allowed for in the Data Protection Act. Unless we have statutory authority to divulge information, we may do so only if it would help prevent or detect crime. The reference, which was made by my noble friend Lord Grabiner, is to Section 29 of the Data Protection Act, which makes clear that that information may be divulged in those circumstances. In the debate on Amendment No. 1, I sought to make clear that benefit fraud is regarded as high-level fraud for these purposes. Any breach of the Data Protection Act's provisions regarding disclosure could leave an individual subject to criminal proceedings.

I should mention also that the Data Protection Commissioner, or information commissioner as she is now known, could serve us with an enforcement notice if she felt that we had breached our duties under the Data Protection Act. The Data Protection Act is not breached by this Bill. It will govern the way in which we operate our powers under the Bill and is enforceable via an enforcement notice. There is a lot of protection in the system.

The noble Earl, Lord Russell, thought that we needed additional penalties for the misuse of information. Existing legislation already provides very heavy penalties--and rightly so. For example, the Data Protection Act makes it an offence knowingly or recklessly to obtain or disclose information. It is subject to an unlimited fine in a Crown Court, so up to 5,000 in a magistrates' court. The Computer Misuse Act 1990 contains offences relating explicitly to the misuse of computers in order to obtain information.

1 Feb 2001 : Column 912

These offences carry a maximum sentence of up to five years in prison. If the noble Earl believes that additional powers are necessary, over and beyond those, I shall be happy for him to write to me and we shall pursue the matter.

I assure the Committee that my understanding is that the Bill will not infringe the Data Protection Act. The Data Protection Act will govern the way we operate our powers under this Bill. Should we trespass, then it is enforceable by an enforcement notice. With those assurances, I hope that the noble Lord will feel able to withdraw his amendment.

10.15 p.m.

Lord Higgins: I am grateful to the noble Baroness for such a reassuring response, although I shall need to study what she said. I have just one point requiring clarification. As I understand it, the noble Baroness said that, under the Data Protection Act, anyone drawing social security benefit could serve a form of notice--I have forgotten the Minister's exact form of words--requesting the department to reveal what information it holds on him. Presumably, that would cover the information already available if one wanted to know what one's credit rating was, and so on. But does that mean that an individual can ask to see absolutely everything that the department has obtained with regard to his personal affairs?

Next Section Back to Table of Contents Lords Hansard Home Page