| Previous Section | Back to Table of Contents | Lords Hansard Home Page |
The matters which were of concern to the committee have been thoroughly ventilated in the evidence which we took, in our report and in the speeches in this debate. I do not need to rehearse them again.
I had the impression that those who came to give evidence to us were so steeped in—I might almost say dazzled by—the beauty and complexity of the universal database of children which they sought to create that they were losing sight of whether the universality of the scheme was proportionate to the needs of the children whom it was intended to benefit, and to the costs and risks inherent in it. For the sake of catching as quickly as possible the 3.5 million to 5 million children who may be in need of specialist and targeted services, they will include in the database 5 million to 7.5 million children who have no such need.
The sheer size of the database, and the large number of practitioners who will have access to it, will maximise the costs and the potential risks of breaches of security which could be damaging to children as well as to the scheme, and the threat to privacy not only of the children who need the additional services, but also of those who do not. It is all in a good cause, no doubt, but I think that it is fair to say that the members of the committee were not convinced whether we really needed this universal sledgehammer to crack this partial, even if sizeable, nut.
The committee was told that it would be useful to include in the database the children who have no need of additional services, because it would enable the department to check whether they were getting the universal services to which they were entitled. Is that a good enough reason for a universal database in this case?
We were told that the universal database would be useful if a child became in need of specialist or
18 July 2007 : Column 326
As I say, the members of the Merits Committee were, for the most part, not convinced. I do not mean to say that they were against it; I intend to say no more than they were not convinced of the need to go ahead with the universal database. I hope that the Minister will reconsider that decision, which I think, with some experience of bureaucracy, is a bureaucratic dream that could easily turn into a bureaucratic and political nightmare. In the light of the reservations expressed by the committee and by so many bodies in their evidence to us and in other submissions, I hope that he will re-examine the advantages of establishing a system more narrowly tailored to children in need of specialist and targeted services.
8.15 pm
Lord Jopling: My Lords, I too must declare an interest as a member of the Merits Committee. I very strongly endorse what the noble Lord, Lord Armstrong, said, and what the noble Baroness, Lady Walmsley, said earlier about the reaction of the Merits Committee to this scheme. It was called “unenthusiastic” or “not convinced”. Most of us—I do not associate the noble Lord, Lord Tunnicliffe, with this—were very much less than convinced indeed about the merits of a scheme of this sort.
I find it very difficult to understand why there has to be 100 per cent inclusion of all 11 million children. I have listened to what the Minister said, and he had the benefit, I imagine, of reading the evidence of his officials who appeared before the committee. Really, he did not seem to have very much more to say tonight than they had to say when they appeared in front of us, which amounted to, as I heard it and as I heard him this evening, that it had to be 100 per cent because they did not want to hurt the feelings of those who were down because they had special needs, so you had to bring in the other 70 per cent, or 50 per cent, whichever way you look at it. I am not sure to what extent children would know whether they were on or off the register. If you have a partial register, I should have thought that it was not immediately apparent to them. It would be much less apparent, for example, than knowing in schools who had free school meals and who did not. But that is another matter.
I can see no sense, and a great deal of harm, in invading the privacy of 50 per cent, or even 70 per cent, of families in the country. The consultation has shown that there is no approximation to a broad consent from families and children for a scheme of this sort. The noble Lord, Lord Armstrong, in the
18 July 2007 : Column 327
I am particularly concerned about the problem of computer access. I have heard from the Minister about the various provisions—the layers which the noble Lord, Lord Tunnicliffe, talked about—but if a computer hacker can get into the computers of the Pentagon in Washington, it seems almost certain that hackers and those with malice in their minds would find little difficulty in getting into this computer system. As well as the abilities of hackers, there is also the possibility of using corrupt people—and there will be corrupt people among the 330,000 people who will have access to this system. When we held our evidence session, I cited a piece of evidence put before us by an organisation called Young NCB, which said—I think properly:
“Computer systems are never ever completely safe. The threat of hacking is always there. Plus there is always the danger that a professional might use the system to gain personal details about a child or children”.
Those who gave evidence to us in the hearing did not reject that evidence. I listened to the noble Lord, Lord Tunnicliffe, who, to his credit, acknowledged that no system was entirely safe. I did not exactly hear that in the Minister's speech. He told us about hidden layers and all the rest of it, but I did not hear a clear acknowledgement that no system is entirely safe.
Paedophiles and terrorists, in particular, will have all the expertise to hack into systems of this sort or use their friends and collaborators to find ways to get into them. The point was made by the noble Baroness, Lady Morris of Bolton, in her excellent speech, that the fact that there is a screening-out process for those at particular risk shows the vulnerability of the whole scheme. I see ominous signs in the way that the computer system is presented to us, which reminds me of the computer system that was set up—or that we were told was going to be set up—for the Child Support Agency, which has proved to be a total disaster.
I will not go on much longer but, because computer systems are not secure, I can only read out the conclusion of the evidence from the Independent Schools Council, which is typical of a lot of the evidence given to us. It states:
“If the system cannot be secured, it needs to be adapted to ensure that it can be. Otherwise, it will fail expensively, it will fail publicly, and, most importantly, it will fail the very children it was designed to protect”.
I very much hope that the Minister will agree in his summing up to take the regulations away to think more about them, and to take notice of the evidence that has been given to the Merits Committee and in speeches tonight, and that we shall not be burdened with this bureaucratic sledgehammer. Of course, some good would come out of it, but overall it is not value for money and will not properly tackle the problems that it is intended to tackle.
Baroness Barker: My Lords, a couple of years ago, I was talking to a lady who had been adopted. One day, as an adult, she rang the hospital where she was born and asked what time of day her mother gave birth to her. She was told that she could not have that
18 July 2007 : Column 328
I mention that to draw attention to a key point that lies at the heart of the debate. The way in which professionals decide to use information and the parameters within which they share information have never been fully clear. In debates on the primary legislation from which the regulations arise, we talked time and again to the Government about the need to recognise that the point made by the noble Lord, Lord Laming, in his inquiry into the death of Victoria Climbié was not that there should be a large database but that professionals should have a clear understanding of the Data Protection Act and their rights and responsibilities under it.
As someone who sat through that inquiry, I think that the database is a way around trying to deal with those issues, which are ultimately those that make a difference to children. It will be no surprise to the Minister that I speak as someone who has an interest in records about children. I have an ongoing interest in the way in which adults formerly in care suffer because of incomplete records and their inability to access their records.
It would be tempting to go back into a Second Reading speech but, because we should not, I simply want to ask the Minister to answer four questions that I do not see answered in the regulations. First, is the right to challenge information that is wrong or out of date enshrined and clearly understood? Who can do that? Can subjects do it?
Secondly, what safeguards are there against the misinterpretation of information? That is a drawback of the system to which the noble Lord, Lord Tunnicliffe, alluded: the information is so sparse that it can be interpreted in a number of ways. The fact that a child has been to see their GP four times in a year can tell you something or nothing. One does not need to be a genius in databases or the Children Act to look at cases where professionals have pursued their own lines of inquiry and have drawn into their net hundreds of children who should never have been included in investigations into abuse.
My third question for the Minister concerns the responsibility of the organisations that hold the records. Social services departments regularly go out of business and new ones are created; so, too, in the health service. Very few elements of the health service other than GPs have been stable for a long time. What requirements will be placed on organisations that may go out of business because of legislation to ensure that those records continue to be kept and available for access?
Finally, what does the Minister think of the figure of 330,000 staff, taking into account the number of people who leave the caring professions? There is huge turnover and high rates of temporary employment in social services. From my limited knowledge of databases, I am aware that it is often extremely difficult to get people off systems once they have been allowed on to them. What will be the protocols for ensuring that that
18 July 2007 : Column 329
8.30 pm
Lord Mayhew of Twysden: My Lords, the Minister demonstrated his recognition of the almost instinctive, gut anxieties felt at the creation of what will be a very broad, indeed almost universal, database for all children up to age 18 when he said, “All use will be monitored by government experts in information technology”, or words to that effect. The only point I want to make centres on the dangers of breach of security, because I agree with so much that has already been said on this side of the argument that I need say no more. I acknowledge my indebtedness to a briefing prepared by the Independent Schools Council, which records that it is intended that retrospective tracking will enable local authorities to pinpoint abuse. The noble Lord, Lord Tunnicliffe, also attached great importance to this point in his interesting speech. The council goes on to point out that,
- “evidence presented last year to the management board of the Leeds NHS Trust showed that in one month the 14,000 staff logged 70,000 incidents of inappropriate access”.
- “misuse of ContactPoint could run to 1,650,000 incidents a month; leaving the claim that such tracking will be effective incredible. It will simply not be possible to spot anywhere near all those who through commission or omission misuse the system”.
That is deeply worrying, and I hope that the Minister will be able to offer some reassurance on this. If not, it seems to me to be almost decisive.
The Earl of Erroll: My Lords, I should declare an interest as a member of the advisory board of the Information Systems Security Association. We have here a database which is supposed to provide proactive protection purporting to save time and therefore money and so on, and yet we have very sparse data on it. I do not understand how such a sparse dataset is going to save a huge amount of time. The data should be sitting in files already that could easily be exchanged at the local level with quite small databases, which would probably be more secure and easily managed.
I have been thinking about this. If you have a big national database, how do you get it to work? There are some silly things in it. For example, when children go abroad for three or more years, they are taken off the system but archived for six years. But they may come back after eight or nine years, and then everything has to be found out about them and re-entered. There is some stuff in here that will go against its purposes.
The archive will be enormous, at least half as big again as the main database—although we do not think about that in the context of dealing with the whole problem. What use is the archive? It is to be restricted to only a few people, when actually CEOP, the child protection agency, probably should be the body with access to it because there could be some useful information for trying to find out about child abuse later on. Some things may not manifest themselves until later. I could not see why the agency was not included in the body of people allowed to look at it.
18 July 2007 : Column 330
I turn to setting security standards. ISO 27001 is the industry standard, but I hope that the department has also consulted CESG, which sets much higher standards. A good point was raised earlier about the people working on the database having access to it. Unless the database scheme is encrypted so that the data cannot be accessed by the programmers working on it, there is a huge security problem. Some people will be able to get in through the back door. I was always able to do so in the days when I wrote software and designed systems. Further, if the security systems are too cautious, the same problems will arise as those in one of the hospitals—Nottingham or Northampton—used in the trial runs. It took so long to log on to the system that all that happened was that one person would log on at the beginning of the day and everyone else used that one point of access. In effect, the terminal was left open. Care must be taken to make sure that the security is not unworkable. I warn the Minister about that, just in case.
I am delighted to see that something will be done about increasing the penalties for leaking data and selling data. This has been long needed because something like 30 per cent of all lost data has nothing to do with hackers. That is not the problem these days; rather, the problem lies with people who are authorised to use the system. At the same time, we should look at the powers of the Information Commissioner to check that all the procedures and processes are correct and sensible. At the moment the commissioner has to wait until a complaint is filed and then pretty much has to be invited in by the data controller. Unless he has sufficient powers, he cannot find out what is going wrong.
The Minister may have underestimated the cost of keeping the database up to date. If there are around 11 million children—an average of 2.2 children in 5 million households—it should be noted that some 40 per cent of London households change address every year. That would translate to something between 0.5 and 1 million changes of address to record on the children’s database every year. If 300 people are monitoring the database for accuracy and a further 300 are trying to update it, I calculate that the 300 people in charge of updating it will have to handle something between 1,000 and 3,000 changes of address a day each, which will keep them quite busy. I am not sure that the Minister’s money estimates are quite right, even with 600 extra staff. The temptation will be to link the database to the proposed “Tell us once” database, where someone tells the Government once about a change of address and the information ripples over everything else. My challenge on that rests once again on the law of unintended consequences in the security world. If you are an abused partner and trying to hide your new address, or you are in a witness protection programme, it is likely that at some point someone could access your address through the back door of one of these other databases where people do not realise that the address is sensitive. I am worried about having yet another database where parents’ addresses are to be maintained. Quite a few addresses will have to be kept on the database.
18 July 2007 : Column 331
The point about the number of people who will have access to the database is very valid. I have worked out that during a child’s life, it is theoretically possible that some 1.5 million people will have had access to that child’s database—although it is segmented into local authorities and so on. We have to remember that the turnover in social services is running at about 330,000 people a year. Lastly, some people will be needed to keep an eye on the project to see that it is going well and being run properly. The department should not fall into the same trap as HMRC did when it allowed the same company that provided the system to decide when the benchmarks were going to be run. The department should keep control of when the benchmarks will be run on the project.
Lord Adonis: My Lords, I am grateful to all noble Lords who have spoken. I have been asked a huge number of questions and I cannot possibly answer all of them. However, I will write to noble Lords with responses to questions that I am not able to answer now. Perhaps I may deal with a number of questions to which I have answers before turning again to the two major themes encapsulated in the two amendments—one on the adequacy of the safeguards, moved by the noble Baroness, Lady Morris; and one on the proportionality, benefits and cost-effectiveness of the scheme, tabled by the noble Baroness, Lady Walmsley.
I also thank all members of the Merits Committee for the consideration they have given to these regulations, both in the committee and in their contributions to the debate. I noticed that there were what is probably best described as a range of views expressed. I obviously agree with my noble friend Lord Tunnicliffe, who said that the scheme would bring real benefits and will be safe, more than I do with others, but I respect the views that have been expressed. I also note that all noble Lords who have spoken recognise the importance of child protection and seeing that information is available to practitioners where they deal with children who need additional services. They accept that this will be a very large proportion of children.
The response I make to the noble Baroness, Lady Walmsley, is that when you are reaching proportions as high as 40 and 50 per cent, which are the kinds of proportions we are talking about, unless one has a clairvoyance—which, alas, is rarely granted to bureaucrats, or even mortals—and a universal system, there will be the huge job of adding and subtracting names constantly to and from a register. That in itself will introduce a big element of additional bureaucracy and cost and make the scheme less effective. The information will not be available until it is registered, so, by definition, it will not be available to practitioners before a child is entered on the register.
Perhaps I may now deal with some of the questions. The noble Baroness, Lady Morris, thought that there might be a loophole in the regulations, in that she detected an inconsistency between Regulation 6(2) and Regulation 6(4) in relation to access to data. I can reassure her that Regulation 6(4) provides only for those in ContactPoint management teams in local authorities to have access to the data set out in Regulation 6(3). It does not therefore negate Regulation 6(2), which was the concern that she had.
18 July 2007 : Column 332
The noble Baroness also asked whether ContactPoint would be exempt from the e-GIF requirements on the mandatory sharing of information. I can assure her that ContactPoint information is limited by the Children Act 2004 to the purposes set out in Section 12. It will not be used for any other purpose.
The noble Baroness, Lady Walmsley, asked about Capgemini, and whether the fact that it has contracts in other countries raises the possibility of information being disclosed abroad. I assure her that the Capgemini contract ensures that no data at all will be taken offshore.
The noble Baroness asked what was the point of keeping information in the archive for six years. It is to support investigations or complaints. That period balances the Data Protection Act requirement not to retain information for longer than is necessary with the need to support and facilitate investigations. We have discussed our archive policy with the Information Commissioner’s office, which is content that we have the balance right in this respect.
The noble Baroness also asked about scope creep. The purpose and scope of ContactPoint has already been made clear very precisely in the Children Act 2004. It has a clear purpose linked to the duty to co-operate and to safeguard and promote welfare as set out in Sections 10 and 11 of the 2004 Act. The data held on ContactPoint are kept to a minimum, as I described, and will not include case information. For example, in response to the noble Baroness, Lady Barker, I say that they will not include details of visits to GPs. Those case data are not there. The only information that will be on the database is the identity of the GP; it will not include any of the data that she feared could lead to misinterpretation. Therefore, the data held on ContactPoint are in pursuit of the Children Act 2004.
There has been very little change to the proposed contact of ContactPoint since the passage of the Children Act 2004, so there has been no scope creep in its development. Any amendment to the regulations, which are in pursuit of the Children Act 2004, will be subject to the affirmative resolution procedure and therefore have the full scrutiny of Parliament. There could not be further scope creep without the consent of your Lordships and another place.
| Next Section | Back to Table of Contents | Lords Hansard Home Page |