Lord Phillips of Sudbury: Is that a biometric test?

Baroness Scotland of Asthal: I think that it is an external characteristic which can be observed by the eye.

This provision is there to assist an individual, because an individual will be able to verify who has looked at his record and why. I hope that I will be able to satisfy the curiosity of the noble Lord, Lord Peyton, and assure him that we are not emulating the quartermasters whom he seems to know so intimately in terms of wanting to catch all. I thank the noble Lord, Lord Phillips, for making it a probing amendment because I hope that I will be able to explain it.

Sub-paragraph (c) would enable the Secretary of State to log who provided the information to the person and so will provide an additional safeguard against unauthorised release of information. Individuals working for the identity cards agency would know that if they provided verification information, their details would be recorded as well as those of the recipient. This is an important safeguard against abuse. It is an important safeguard for the individual. I am sure that the noble Earl, Lord Onslow,
 
12 Dec 2005 : Column 1001
 
will be anxious for the individual to have that sort of security. A further safeguard provided by sub-paragraph (c) is the recording of the technical material used on each occasion, such as the serial number used to verify an ID card. That would be a useful tool for ensuring the integrity of the register.

5 pm

The Earl of Onslow: Is the noble Baroness saying that this will show if somebody unauthorised has asked for information? It does not prevent the unauthorised person asking, or even being given the information—it just tells you that they are unauthorised and that they have been given unauthorised information. Have I got that right or wrong?

Baroness Scotland of Asthal: It enables you to check who has asked for information and who has given information about you. So when you made your inquiry it would be possible for you to check who had done that. Also it makes it clear to those who give information that they have to be absolutely certain of its accuracy and that they are entitled to give that information, because the individual concerned will be able to look at the log and check back. So if they have given information that they should not have given, you can look back and find out which reader was used and which individual was involved. You can track the information to try to bring people to account if they have done that which they should not properly have done.

We think this will be a useful tool for ensuring the integrity of the register and feeding our counter-fraud strategy. It would benefit both the cardholder and the user organisations as the information held through sub-paragraph (c) would support retrospective review of the audit logs to detect possible fraudulent use. If a card holder or user organisation disputed a particular transaction, being able to make recourse to detailed audit information would make repudiation very difficult. We think that is a very important safeguard for the individual.

Sub-paragraph (c) enables particulars of,

"the provision of the information"

to be recorded. It is apt to include the person by whom, and the means by which, information is provided; for example, whether the provision of information was by post or conveyed electronically. It does not provide carte blanche to record the purpose for which information has been requested or any other extraneous information; it is simply part of the audit trail. So that audit trail will have integrity.

The noble Lord, Lord Thomas of Gresford, says that the whole system is a nightmare. If it was as he thinks it is, I could understand him saying that, but I assure the Committee that, as we have drafted it, it is not. "May" means may; it does not mean must. Generally speaking, each provision of the information will, as I say, be recorded as a safeguard for the individual. But, for example, if someone uses their card to enter a government building every day, it would not
 
12 Dec 2005 : Column 1002
 
be sensible to record each occasion. It will also not be the case that all information will be kept for ever. The register needs to be maintained in accordance with Clause 3(4), and that is only for so long as it is consistent with the statutory purposes.

Individuals recorded on the register should be reassured that their details will not be provided without a record being kept of that request. That will provide a deterrent to anyone attempting to obtain information improperly as their details will be recorded. This is in line with data protection good practice. Clauses 19 to 20 set out only very specific circumstances in which information recorded in paragraph 9 of Schedule 1 can be provided to the intelligence and security agencies for their statutory purposes. Other agencies involved in the prevention or detection of crime, such as the police and Her Majesty's Revenue and Customs and government departments, can also be provided with information but only for purposes connected with the prevention or detection of serious crime.

Schedule 1(9) has important public interest benefits associated with it, as well as providing reassurance to the individual that information held on the register about them cannot be misused. I reassure the noble Baroness, Lady Carnegy of Lour, that there will not be a long list of people who will then make it seem as if the individual is in error. It will be possible for the individual to turn the tables, if you like, on them and look at the log and ask why people are making the inquiries, and be able to check it if they think that is appropriate.

Baroness Carnegy of Lour: I appreciate that. I am not thinking of the barrack-room lawyer who wants to find out what has been done wrong on the register on his or her behalf, but the innocent person who looks up their entry and wonders why on earth all those people have been asking all these things about him. It may be rather frightening. If it was printed out would there be pages of information under each person's name? How much information will be there? I cannot quite picture it.

Baroness Scotland of Asthal: One has to bear in mind that the individual or agency asking for information will only receive the information that it has asked for. The individual will be able to see it and the register will keep it, but when an individual asks for specific information from the register, and if they meet the criteria and have the right to receive information, they would receive it. Their details would be recorded on the audit log, so the individual could see the whole picture. The individual and the register would have the whole picture, but those making the inquiry of the register would receive only those bits of information that they are entitled to.

Lord Lucas: After that explanation I remain puzzled about one or two things. I have been searching in vain in this Bill for the right of a person to see their entry on the register. I would be very grateful if the noble Baroness would point that out to me. I am delighted
 
12 Dec 2005 : Column 1003
 
that she says that it is there. I am sure that it is just my blindness, but I would appreciate her help. If the police have access to the information, so must the defence in any situation in order to make things square. If that is the case, it seems enormously important that "may" should be replaced by "must". That gives the authorities the option not to record something in the register about when the information has been accessed if it would in some way be embarrassing to their case or their cause. It is dangerous for an individual that "may" can be used in that way.

The noble Baroness gave the example of going in and coming out of a government building. When we get our new security system here, I would very much like to be able to demonstrate when I was on the premises and when I was not. It might be extremely important for my case for a defence of murder. If I happened to be on the premises and for some reason the government had decided not to record that fact, I might reasonably be upset. It also allows these things to be done "at the discretion", so if for some reason they did not want me know what was being done or who was looking at what I was doing it could be hidden. That is a very dangerous way of doing things. If we are going to have this record, it must be complete and open. Anything else really is too open to manipulation.

Lord Thomas of Gresford: I follow the noble Lord, because I was going to ask that same question. Clause 14, on the provision of information to the individual or to a person authorised by the individual, does not appear to include Schedule 1(9). The noble Baroness has addressed us on the basis that a person would have a right to the information that is to be recorded under subsection (9). I thought that the whole point of subsection (9) was that the individual could not see who had been making inquiries or why or how or when. If the noble Baroness is telling us that somewhere in the Bill there is a power for an individual to see his own entry on these very important matters, I would be glad if she would point it out. If it is there somewhere else in the Bill, why is it not in Clause 14?