William Heath’s blog

Posted on Oct 2nd by William in Customer service, IdealGov stuff

Here’s my latest note in correspondence with Helen Bray at ONS about the 2011 census:

Dear Helen Bray

Thank you for your letter. I’m still uneasy about this and have sought advice.

The immediate advice is that that your letter is disingenuous, in that it refers to the duty of confidentiality but fails to mention the extensive loopholes available in the Statistics & Registration Service Act 2007. I was unaware of these. I’m sure you know them well; they are set out in s.39 copied below.

What they appear to say is that personally-identifiable census data can be made available, inter alia:

- if *any* law either expressly allows the disclosure, or even just *permits* it. This is extremely wide: there is no balancing of the privacy rights of the individual against whatever purpose any law may serve, and no requirement that the disclosure is “necessary” to serve an important public interest under such a law.

- if the disclosure is “made for the purposes of a criminal investigation or criminal proceedings (whether or not in the United Kingdom)”. This is separate from the previous exemption, so the police (and, no doubt others – HMRC? DWP? local authorities) dont even need a law to point to in relying on this exemption. Again there is no balancing at all: the disclosure need not be “necessary” for the investigation; it is enough that (the authority claims that) the data are to be used/useable for this purpose.

- if the disclosure is to the intelligence services, “in the interests of national security” (again, as defined by them, and without any “necessity” test).

- if the disclosure is to an “approved researcher” (subject to “criteria” to be drawn up by the board). Who are these people?

These rules do not seem to stand in the way of – indeed, almost seem to invite – the use of the census data for “profiling” purposes, by the police and the intelligence services.

I cannot see how surrendering the amount of sensitive data you will ask for in the census can be compatible with my right under European data protection law and the human rights act to private life, given these wide exemptions to your duty to confidentiality. I shall seek further advice on the matter but would glad of your comments.

Do you think the public are aware of these massive confidentiality loopholes? Will you make them aware, or is the plan simply to keep quiet about them (which seems to be the policy your letter to me follows) until someone makes a fuss?

I am copying this correspondence to the Foundation for Information Policy Research advisory council (to whom I’m grateful for expert advice) to the Open Rights Group, to a solicitor specialised in data protection matters and to the Quaker Civil Liberties Network (who raised the original concern about census work being outsourced to a weapons manufacturer). I propose to write to my MP and to the Information Commissioner when I have your further reaction and have received further advice.

WH

SECTION 39 OF THE STATISTICS & REGISTRATION SERVICE ACT 2007:
Confidentiality of personal information
(1) Subject to this section, personal information held by the Board in relation to the exercise of any of its functions must not be disclosed by—
(a) any member or employee of the Board,
(b) a member of any committee of the Board, or
(c) any other person who has received it directly or indirectly from the Board.
(2) In this Part “personal information” means information which relates to and identifies a particular person (including a body corporate); but it does not include information about the internal administrative arrangements of the Board (whether relating to its members, employees or other persons).
(3) For the purposes of subsection (2) information identifies a particular person if the identity of that person—
(a) is specified in the information,
(b) can be deduced from the information, or
(c) can be deduced from the information taken together with any other published information.
(4) Subsection (1) does not apply to a disclosure which—
(a) is required or permitted by any enactment,
(b) is required by a Community obligation,
(c) is necessary for the purpose of enabling or assisting the Board to exercise any of its functions,
(d) has already lawfully been made available to the public,
(e) is made in pursuance of an order of a court,
(f) is made for the purposes of a criminal investigation or criminal proceedings (whether or not in the United Kingdom),
(g) is made, in the interests of national security, to an Intelligence Service,
(h) is made with the consent of the person to whom it relates, or
(i) is made to an approved researcher.

Man, ONS appears for decades to have been the best government department at respecting the privacy of personal data. Now every department is data-grabbing and data sharing (not to mention losing it left right and centre) and ONS’ principles, enshrined in the latest law, are looking pretty flaky. Too flaky to trust, I’d say. Let’s see what Helen comes back with.

But once we lose trust in parts of government to deal wisely with our data (and who trusts Home Office, HMRC, the NHS, DCSF or the police now? Cabinet Office and CESG’s stewardship of this agenda in the last 15 years is disastrous) I suspect we just lose trust with the whole lot. If they want my trust back they’re going to have to earn it pretty much starting from scratch.

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.