Mr Michael Wills MP and Ms Belinda Crowe

25 JUNE 2008

  Q972  Chairman: Good morning. Can I welcome very warmly to the Committee the Minister, Michael Wills, and Ms Crowe. We are being televised so could I ask you please to identify yourselves for the record and then the Minister will make a very short opening statement.

  Mr Wills: Thank you very much, my Lords. I am Michael Wills; I am the Minister of State in the Ministry of Justice with responsibility for data handling issues. On my left is Belinda Crowe who is the Head of Information Rights Division within the Ministry and who has responsibility for a team of officials who deal with these issues not only within the Ministry of Justice but provide advice and support throughout Whitehall as well. Thank you for this invitation to come here. It is a timely meeting because today we are going to see the actual results of one of the reviews that was set up by the Prime Minister towards the end of last year looking at a whole range of data handling issues, reviews into what has happened in the Ministry of Defence, in HMRC and across Whitehall as a whole. What these reviews reflect in a fundamental sense is what a huge challenge data handling has become for all organisations. This is not just the public sector, it is the private sector as well. Technology has moved so dramatically fast that organisations are really struggling to keep up with the implications. The advantages of what these new technologies offer are manifest and developing all the time, but the consequences of how data is handled are really also dramatic and organisations have found it difficult to keep pace. As I say, there have been some very well publicised incidents within the public sector, but the private sector is not immune from this as well and there have also been some slightly less well publicised incidents. A lot of financial institutions have had catastrophes with data handling. Mobile phone companies, retail companies, all of whom keep and use huge quantities of data, when you talk to them they will all say how valuable this is to them but there are consequences for how they protect the privacy of their customers' information and for the public sector the burden is equally intense. We are running to keep up and that is the lesson that I have certainly come away with from my last year in this job. The advantages of these new technologies and what they offer in terms of data sharing are immense, and I may come on to that in response to some of your questions. It is clear that we do need a radical change of culture within Government about how we handle data. Over the years I think Government has become very scrupulous about how it handles money; there are very clear systems of financial accountability and transparency in place and everybody realises the need for that. I think the case with data is less clear. Clearly we do not handle data in the same way as we handle money and we should. That is the cultural challenge that all of us face—ministers, politicians and officials alike—and that is the challenge with which we are now grappling.

  Q973  Chairman: Can I just press you a little further on that? Apart from the issues you have touched on, certainly the security of personal data against loss and breaches, how satisfied are you that the development of Transformational Government has resulted in the Government that you have touched on that minimises the collection of these data and processes them in line with the spirit and not just the letter of the Data Protection and Human Rights Acts?

  Mr Wills: I think by its very nature the Transformational Government agenda should implement the minimisation of data principle because what it is trying to do is to use data more efficiently so instead of having a lot of separate and often quite large databases we are trying to integrate them. That should actually minimise these separate databases and ought to improve the security and handling of data, but it is not a panacea on its own. Its primary motivation is to improve delivery of public services for the citizen and all the other things that are necessary for the security and proper handling of data have to be put in place. It is not a solution to it but I think it is absolutely consistent with the minimisation of data principle.

  Q974  Chairman: Apart from the Government's Information Sharing Vision Statement what did the Ministerial Committee MISC 31 achieve in attempting to resolve cross-governmental disagreements and fragmentation concerning data sharing and privacy? Why was it dissolved before announcing any final solid policy conclusions? What lessons, if any, have been learned from this episode and what plans are there for the future?

  Mr Wills: It pre-dates my time in this role so, if I may, when I have made a few responses to your various questions I will perhaps ask Belinda Crowe to add from her own experience of MISC 31. It was, as I understand it, an attempt to bring together across Government all the ministers with responsibilities in this area to see how we could join up what we do in this and that is clearly crucial. I think everybody accepts that collaboration across Government in these issues is vital. There have been some very good examples of it and I think MISC 31, from what I have seen, did do a good job in starting a process of collaboration across Government. It became overtaken by events and perceptions that we needed to look at this afresh when this prime minister took office before the very well publicised incidents of data loss and, as it were, inadvertent data sharing. He felt there were real issues that needed to be addressed here and that is why we set up some of these reviews before these incidents took place, such as the Walport/Thomas review. In answer to your question I think it did a valuable job in promoting collaboration. Some of the fruits of it we are still taking through and I will perhaps allude to those in response to later questions. However, that mechanism needs to be updated and what we are planning to do is to wait for the results of the data handling review that is being published later today, the other reviews will follow shortly afterwards. Once we have got those reviews and have taken stock and evaluated them then I think we will have to look at a new mechanism that promotes that sort of collaboration.

  Ms Crowe: I would just reinforce the point that the creation of MISC 31 and, if you like, the official support that accompanied ministers did highlight the need for greater collaboration across Whitehall in the development of new policies and the way that data sharing and data protection issues were handled across the piece. Certainly in terms of the work that I do, when we looked at what the barriers to data sharing were in order to transform the way that public services are delivered, in actual fact data sharing and data protection was a small part of that and actually the main part was joining up together and different departments working together in order to deliver a particular policy outcome. It started to create a culture shift in terms of collaborative working on these issues which, as Michael says, was then taken forward and actually passed onto the Walport/Thomas review hopefully to feed into their thinking.

  Q975  Baroness Quin: Do you think there is a case for some kind of formal ministerial committee on privacy? In your time in your present post have you had many discussions on privacy issues with colleagues in other departments?

  Mr Wills: The answer to the last part is yes because it comes up all the time. When you talk about privacy, there clearly is a role for some kind of formal mechanism for ministerial collaboration on these issues, precisely what it is I think we will have to wait and see what these reviews recommended. That is why they were set up and we will act on it, there is no question about that. It is important that this is not only about privacy, it is also about how we maximise the benefits of data sharing. These are real and I do not think we can ever look at these things in isolation. All of us often want two separate things at the same time. We are all very careful about our own privacy; we want our own personal details to be kept confidential. However, we also want more efficient public services. To give two brief examples, if I may, why this is so important, we know for example that there is a big problem with the take up of free school meals and a lot of young children are not getting adequate nutrition even today in this country because their parents are poor and they are not, for a whole variety of reasons, able to have the free school meals to which they are entitled and their nutrition is, without doubt, suffering as a result. The information that would enable us to identify those young children is available to us and it has taken Belinda and her team quite a long time to find a mechanism by which we can actually share that data so young children can have adequate nutrition. That is a good that everybody can subscribe to but it does depend on data sharing to improve that level of take up. Similarly Sir David Varney when he was looking at this quotes an example of a bereaved family who had lost a family member in a road accident. In these tragic circumstances the last thing you want to do is to be badgered with lots of information. I think they had 44 different contacts with the state in different ways and that is unacceptable. These things need to be done but if you could share the data the level of intrusion into a family in grief is minimised. That again must be a good that all of us could subscribe to but you do need to have data sharing. The question is how do you do that without, at the same time, compromising people's quite proper sense of their own privacy and confidentiality? That is the challenge. When we talk about privacy I think we have always got to balance it with data sharing. We always have to keep the two things in our minds at the same time.

  Q976  Viscount Bledisloe: If I have some information which is private to me surely I am entitled to have that retained absolutely even if you in Government think it would be useful to share with other people?

  Mr Wills: Of course there are all sorts of rights to privacy; it is embedded in the Human Rights Act, not the right to privacy as such but certainly something that comes quite close to it. There is a nice legal point about whether there is an emerging right to privacy or not as you will be aware, but certainly of course that is right. However, where the data exists already, where it has been voluntarily given or where, as a society, we have decided it should be given—details about our income, for example, to the tax authorities or whatever—then we as Government have a duty to the public to look at ways in which, consistent with the legislative framework, consistent with the political consensus at the time, we use that data for the benefit of everybody. These are difficult questions of judgment; there are no absolutes here and it has to be done on a case by case basis. I do not think that these things are incompatible at all. We strike these balances every day in our personal lives as much as anything else.

  Q977  Viscount Bledisloe: You say in your ministerial statement—or it may have been issued before your time—that once information has been collected the Government is very careful to ensure that sharing can only take place when it is not incompatible with the original purposes of a collection. Can you give me any example where sharing would be incompatible with the original purposes of collection? Is it not virtually a meaningless protection?

  Mr Wills: I do not think it is a meaningless protection at all; that is embedded in the Data Protection Act.

  Q978  Viscount Bledisloe: Give me an example of where any sharing that Government might do would in fact be incompatible with the purposes for which it was collected.

  Mr Wills: Rather than give you a theoretical example, these are the kinds of issues that Belinda Crowe and her team are actually tackling all the time. When she gives advice and support to colleagues throughout Whitehall these are real issues and the advice and support that Belinda and her team give is precisely delineating what is compatible and what is incompatible. I do not know whether this is compatible with the principles we are talking about, but if it were to be compatible perhaps you could give some indication of an actual case that you have dealt with in the last couple of years on this.

  Ms Crowe: I might have to disappoint you only insofar as we just would not allow that situation to arise. I think that is the general thrust behind the statement; the statement was meant to be both reassuring but also how in practical effect the policy is developed. A theoretical example, if that will do, might be that if the HMRC were to pass over details of your income to your GP for example; I cannot think for what purpose that might be but HMRC do not collect information about your income for that purpose so it would be incompatible to pass that information, for example, if there were some mean test medical services, to pass that information on.

  Q979  Viscount Bledisloe: I have to say, Ms Crowe, if that is the best example you can give I am not really very deeply impressed. Would it not be much better if the answer was that you could not share my data outside the purpose for which I gave it unless you had my express permission?

  Mr Wills: You cannot; that is one of the principles. There are eight principles of data protection and that is one; it can only be used for the purpose for which it was collected.