Surveillance: Citizens and the State - Constitution Committee Contents

Memorandum by Trevor Bedeman


  This evidence is in the form of a paper provided as part of a briefing on data sharing to an invited audience held at at Lovells law firm, London on 5 June 2007. The paper in no sense represents Lovells' views.

  It addresses the current developments in both public and private data sharing, and is provided to the Constitution Committee for the comments contained on private development, comparisons between the two, and possibilities for their interchange. The comments just on the development of public sector data sharing are mostly drawn from the DCA Vision Statement and are thus not original.

  There is, arguably, a great deal to be learnt from the private sector data sharing developments, some of which are either very mature, or very technically advanced, or both, and I would draw the committee's attention to the brief comments on private sector governance.

  I am an independent consultant, specialising in data and information sharing. My past experience is as the lead author and negotiator of the "Principle of Reciprocity" which continue to govern the UK credit data scheme, and as previous Chairman of Insurance Database services Ltd, and Chair of the initial development of the Insurance Fraud Bureau. During this period I was an employee of LloydsTSB Group, latterly of the Risk and Compliance Department.


Data sharing development in the retail private sector

  Data sharing across the private sector has developed in more non-competitive areas of operational risk management, such as credit, insurance claims and financial fraud. Derivatives of that data support this processing, such as identity scores, and credit scores. Identity provides a common thread, and has been developed to a high level of sophistication.

  Some of these schemes are very mature, for example the UK credit scheme dates from the late 1970s and shares 800 million records amongst 500 participating companies, with major economic impact upon retail credit and the larger economy. Some are highly advanced technically, for example in the derivation of identity, and the searching of the combined insurance claims and policy databases for networks of claims signifying organised fraud.

  Within major retail groups such as those of the financial sector, the customer relationship management programmes of the 1990s on have meant that customer data is shared internally across many diverse constituent companies, and matched-merged into a single source for the entire group. Their ideal is that the entire individual customer relationship is available on demand at all customer touch-points and to the central analysis functions. These data sharing schemes can cover tens of millions of customers, and thus major fractions of the UK population.

  Across competing private companies this commercial competition is an inhibition on the sharing of many forms of data. Companies are also under commercial pressure to handle this information safely. Individuals have some choice of processor through competition, and lapses of security are highly publicised.

  The initial collector of the data has a key responsibility for the entire potential chain of use over the whole period that the data is held in any form.

  This sharing is typically reciprocal, meaning that all available data within a defined sector must be provided before any other shared data can be accessed. The private sector has developed various models of sharer (and some wider stakeholder governance). The governance varies from the banking reciprocity committee SCOR, to trusts and companies such as the UK fraud avoidance scheme CIFAS, the Motor Insurer's Database, Insurance Database Services Limited, and the Insurance Fraud Bureau.

The next five years in the private sector

  Credit data sharing is developing worldwide, with Experian as the first global scale reference agency, and there are various regional providers in development as well as nationally owned databases. The World Bank has assessed the UK's credit data sharing as the most effective, with the highest score of any scheme for the combination of availability of data (though not 100%) and efficacy of the regulatory framework.

  Credit databases have developed in a similar way in the UK as in the US, though without access to a national identifier as in the US. There are some restrictive national databases in individual European countries, such as France, and other countries with models similar to the UK. It may be that the UK scheme will adopt the UK national identity when that is available; it will depend whether the quality of that identity is higher than that the banks already have through the current account and related financial products.

  Individuals are increasingly searching their own data via the internet from the credit reference agencies. The uses are changing from those just driven by a failure to obtain credit, to a much more general need to regularly inspect the data held, for example as a protection against fraud. As in the US, it is likely that this shared data will come to be increasingly seen as also the property of the data subject, and not just of the contributing financial institutions, and thus the reference agency as also the individual's service provider.

Data sharing in and with the public sector

Cabinet committee MISC 31

  This committee meets regularly at ministerial level to advance data sharing, with the aim of improving service efficiency. The terms of reference for this committee are: "To develop the Government's strategy on data sharing across the public sector".

  The most complete statement of this strategy so far, and of public sector data sharing projects is contained in the document:

DCA Government Information Sharing Vision Statement

  "This Government wants to deliver the best possible support to people in need. We can only do this with the right information about people's circumstances. We are determined that information sharing helps us better target support to the most disadvantaged in our society. The Social Exclusion Action Plan shows how Government will achieve this through agencies working together to focus on the unique needs of any one person or family. The information needed to make this happen already exists, but it is not always being shared.

  That is why Government is committed to more information sharing between public sector organisations and service providers.

  We recognise that the more we share information, the more important it is that people are confident that their personal data is kept safe and secure. This Government has an excellent track record of strengthening individual's rights to privacy and the legislative framework, provided by the Data Protection and Human Rights Acts, offer a robust statutory framework to maintain those rights whilst sharing information to deliver better services".

  Catherine Ashton, DCA, September 2006

Existing examples of public sector data sharing

  The Homelessness Act 2002 requires local authorities to review homelessness and share information. The Benefits have been assessed as including a 75% reduction in rough sleeping since 1998, and ending bed and breakfast accommodation for families with young children.

  GMAC, Greater Manchester Against Crime, shares statistical information from a range of partners including health service, police, fire and transport, probation, and local authorities used to identify and map crime hotspots and determine how best to target resources across partner agencies. Example of benefits: 75% reduction in arson in some areas.

  NFI, is the National Fraud Initiative run by the Audit Commission. It is a biennial data matching of housing benefit and employment records. 1,300 bodies took part in NFI 2004-05. The estimated value of fraud and overpayments in 2004-05 exceeded £111 million.

  DVLA offers electronic re-licensing and off-road notification through internet and by telephone. The customer uses the renewal reminder sent by DVLA, or the reference number from the car's logbook and the vehicle registration number to identify the vehicle. DVLA links to MID, the Motor Insurance Database to check the vehicle is insured, and to the computerised MOT Test Certificate Database where necessary.

  HMRC, DTI, DEFRA, FSA, and are developing ITSW, the International Trade Single Window Project. The aim is that UK businesses will be able to provide information once, and ITSW will share this information with the main Government departments involved in authorising exports and imports. Initial phase estimated to save time for 150,000 small and medium-sized businesses and encourage others to trade internationally.

  DWP uses HMRC income and capital information to contact those people who could potentially claim pension credit.

Future developments

  The Social Exclusion Plan will provide for sharing across silos for the disadvantaged. Pilots will assess what information needs to be shared, such as police, housing and employment information.

  In May 2006 the Police and Justice Bill was amended to allow information on the recently deceased to be shared more readily.

  New Powers against Organised Crime and Financial Crime (Home Office July 2006) set out proposals for allowing public sector membership of CIFAS. The public savings have been estimated to be between £136-272 million per annum.

  The Hampton Review recommended a principle be established that businesses do not need to give the same piece of information twice.

  Sir David Varney's work on Service Transformation will consider the role of information sharing in improving the quality of service and result in efficiency savings for government.

  DCA will be promoting better understanding of the DPA so that front line practitioners in particular understand that the DPA is not a barrier to appropriate information sharing.

  DCA will explore how we might provide citizens with more information about which public sector bodies hold information and what they use it for.

  The Serious Crime Bill 2007 has provisions in part 3 for the creation of Anti Fraud Organisations designated to share data on fraud between the public and private sector, such to and from CIFAS, a reciprocal fraudster reporting scheme, based traditionally in the retail financial sector.

Codes of practice

  The Information Commissioner is developing guidelines against which information sharing proposals involving personal data might be assessed, and a framework Code of Practice which will help public sector organisations ensure that their sharing of personal information respects personal privacy.

  Existing examples recommended as models include those of the Audit Commission 206 and NHS Confidentiality 2003.


"Sleepwalking into a Surveillance Society"

  This phrase was originally coined by Richard Thomas August 2004 in response to the initial proposals for Government ID Cards. The "Surveillance Society" and the term "Privacy" have come to represent in part concerns over the wider sharing of personal data, especially by government, but also potentially by other parts of the public sector, and also within the private sector such as the risk schemes of credit and fraud. Both terms link visual records with symbolic data, and thus data sharing and visual surveillance are conflated. "Privacy International" recently ranked the UK along with a number of asian countries including China for very high levels of visual surveillance.

  The Bulger case in February 1993 provided a public endorsement for CCTV cameras and so far for visual surveillance generally. In August 2002 the Data Protection Act had a close call with the Soham murders, when the act was initially claimed as a justification for not sharing information. The DCA Vision Statement advice to front line public sector practitioners shows that these issues are still live.

  Street cameras are undergoing steady development, they can be miniaturised, and thus hidden; they may incorporate loudspeakers, as in a trial currently running in Middlesborough, and also sound receivers, to record conversations. Public acceptance of open air surveillance is not automatic, as speed cameras have shown, as has their vulnerability to a determined minority.

  The private financial sector, too, has had a close call with public confidence, in this case over extreme debt. Concerns on over-indebtedness were led by press and Parliament; in this case extra data sharing has formed part of the solution, overriding commercial concerns over the sharing of valuable current account transactional throughput information by banks.

  In both Houses of Parliament there are currently committees separately looking at issues of data sharing in the context of surveillance. The Commons Home Affairs committee is including a review of the extent and impact of credit data sharing. The Lords Constitution committee focuses on constitutional implications.

  Time will tell what models data exchange between public and private will follow. It is likely there will be more examples of a data flow from private to public. The DVLA example brings many benefits to the individual in terms of time saved and efficiency of service, but no direct data flow in return to the contributing insurance companies, though all benefit from better vehicle licensing and the information flow can be inferred from the presence of a vehicle licence. The reciprocal data sharing scheme with associated governance has been the private sector answer to the balance of commercial advantage; the Serious Crime Bill provision for public sector data sharing with CIFAS is an example of the public sector joining in with an existing reciprocal scheme, and accepting its governance.

  So far the public and private data sharing schemes are largely distinct, but as the public sector becomes far more interlinked, then it seems likely there will be greater interchange in addition between public and private, with implications not just for the commercial interest of affected companies, but of their staff and customers too.


Privacy and Data Sharing. The way forward for public services. Cabinet Office April 2002.

Public sector Data Sharing : guidance on the Law November 2003

Government Information Sharing Vision Statement September 2006

Code of Data Matching Practice 2006 (Audit Commission May 2006)

Confidentiality: NHS Code of Practice (Department of Health 2003)

"Privacy International" National Privacy Ranking 2006— visual surveillance UK ranks 1 along with Phillipines, Singapore, Malaysia and China.

June 2007

previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries index

© Parliamentary copyright 2009