Home Office publishes response to its consultation on communications data

November 16th, 2009 by Robin Hopkins

The Home Office has published a summary of responses to its April 2009 consultation paper on ‘communications data’, i.e. information about a communication that does not include the content of the communication itself. At present, such data is owned by communications service providers and accessed by certain public authorities under disparate statutory powers for the purposes of combating, for example, fraud, terrorism and other serious crime. The government is considering an overhaul so as to bring all communication types (such as web chat) and all relevant service providers (some of whose contractual positions place them beyond the current statutory arrangements) within the system.

 

The attendant tension between individual liberty and public protection is reflected in the 221 responses to this consultation.

 

A substantial minority of respondents objected in principle to any ‘surveillance’ of communications. A majority (albeit a fairly narrow one) agreed that communications data served an important public purpose and that the government should therefore act to maintain the capability of public authorities to make use of this type of information.

 

As to what form this action should take, only one element of the government’s proposed approach was widely welcomed, namely its rejection of a central database for holding all data of this type. Reservations were otherwise expressed about technological feasibility, data security and the proportionality of public authorities’ use of communications data.

 

Nonetheless, such reservations were not deemed forceful or widespread enough to deter the government from its proposed course. A number of respondents’ suggestions have been rejected, including the specifying of categories of data which should not be retained, and the requirement for a magistrate’s authorisation before communications data can be accessed.

The government is also satisfied that the DPA 1998 and RIPA 2000 provide sufficient safeguards against abuse of such data. A legislative review is, however, proposed, to see if a single means of authorised access (through RIPA 2000) would be practicable. Fresh or consolidating legislation appears likely.

Tags: , , , , , ,
Posted in INFORMATION LAW | Comments Off

NHS SPINE - PERMISSION TO DELETE CARE RECORDS

May 27th, 2009 by Anya Proops

The creation of electronic summary patient records which can readily be accessed by medical teams on the NHS broadband computer system, known as the Spine, is one which has met with approval in many quarters. This is unsurprising given the potential health benefits resulting from clinicians being able to access such records. However, this approval has been tempered by concerns that the NHS, in common with other large-scale public authorities, may not be able to maintain appropriate levels of security with respect to this manifestly sensitive personal data. Yesterday the Guardian reported that, following talks between the ICO and Connecting for Health (CfH), the agency responsible for implementing the records scheme, CfH has now yielded to calls for NHS patients be given the right to have their summary care records deleted from the system (although deletion would not occur if the records had already been used, in which case they would be archived for medic-legal reasons). The right to have records deleted will be additional to the right already granted to patients to opt out of the scheme before a record is created for them. CfH’s decision to permit patients to have their record deleted represents a move away from earlier proposals that, where objections were made, the record would simply be ‘masked’ within the system. Notably, the news over changes to the care records scheme comes only days after it was revealed that records revealing personal data relating to tens of thousands of MOD personnel, which were lost last year, had contained not merely financial information but also highly sensitive vetting information. The revelations have been controversial because, whilst the loss was announced last year, neither Parliament nor the ICO were informed that the lost data included sensitive vetting data.

Tags: , , ,
Posted in Uncategorized | Comments Off

Recent conference papers

April 30th, 2009 by Timothy Pitt-Payne

On 11 KBW’s main website, you can now find some conference papers delivered this month by members of chambers.

There’s a paper that I gave at a Northumbria University conference.  The theme of the conference was information sharing; my paper is about the new law on breach of confidence (post-Campbell v MGN).

Yesterday, the LGG/11KBW legal update conference took place, with about 115 delegates.  Karen Steyn gave a paper on recent case-law affecting local authorities; the first section is about information law.  I gave a paper about employment vetting.  In discussion, delegates were clearly very interested in getting to grips with the new ISA barring regime.  Questions were raised about its implications for elected members of local authorities, and for volunteers (e.g. parents helping out in schools).  

Another subject  raised in discussion was the recent decision of the Administrative Court in R(G) v Governors of X School and Y City Council.  A music assistant employed at a primary school was dismissed; the allegation was that he had formed an inappropriate relationship with a 15 year old boy who was on work experience at the school.  The school’s disciplinary committee told the employee that they would be reporting the case to the Secretary of State for potential inclusion in “list 99″ (i.e. the statutory list of those banned from working in schools).  The Court quashed the decision because the school had refused to allow legal representation at the dismissal hearing or at a forthcoming appeal.  The disciplinary proceedings, and the referral to the Secretary of State for a potential banning direction, formed part of one and the same proceedings.  Those proceedings were not criminal in nature for the purpose of article 6 of the Convention.  However, their potential consequences were grave; and procedural fairness required the claimant to be allowed legal representation, before both the school’s disciplinary committee and its appeal committee.

Tags: , ,
Posted in INFORMATION LAW | Comments Off

A problem shared is a breach of the DPA?

April 9th, 2009 by Timothy Pitt-Payne

It’s a good time for a conference about information sharing.  The data sharing provisions in the Coroners and Justice Bill have been withdrawn, in the face of widespread criticism - including from the Bar Council (for more background, see our previous posts here and here).   The question whether anything will be done to implement last year’s Thomas/Wolpert review remains an open one. 

Against this background, Northumbria University’s conference on 17th April is topical.  Speakers include Richard Thomas (coming to the end of his term as Information Commissioner), Marcus Turle from Field Fisher Waterhouse, and Steve Eccleston from Sheffield City Council.  I shall be delivering a paper about breach of confidence and its significance for information sharing (I will post it on the 11KBW website after the conference).

Tags: ,
Posted in INFORMATION LAW | Comments Off

The Age of Internet Surveillance

April 6th, 2009 by Anya Proops

With effect from today, all UK internet service providers (”ISP”) will be required to retain data relating to every email which is sent and every online telephone call which is made using their services. The data, which must be stored by ISPs for 12 months, will not include the content of the email or the call. It will however include the date, time, duration and routing of the online communication as well as information as to the internet subscriber or user. The obligation to retain this data is imposed under the Data Retention (EC Directive) Regulations 2009 (”the Regulations”). The regulations were enacted in order to bring into effect the provisions of the Data Retention EU Directive 2006/24/EC. The Directive was itself enacted in response to concerns that a lack of consistency of approach to data collection across Europe, particularly in the field of internet communications, was hampering the fight against crime, including international terrorism. The effect of the Regulations, which come into force today, is that the data retention principles which already apply to telecoms providers under the Data Retention (EC Directive) Regulations 2007 will now also apply to internet providers. As well as retaining the communications data, the internet service provider must afford access to particular data where they are required to do so by law (regulation 7). They must also abide by certain principles relating to the protection and security of the data (regulation 6).

Tags: , , , ,
Posted in INFORMATION LAW | Comments Off

A suitable case for recruitment

April 4th, 2009 by Timothy Pitt-Payne

 Information law overlaps with employment law in two main ways, in relation to employment vetting and employment monitoring. Broadly speaking vetting is about the enquiries that an employer can make before recruitment, and monitoring is about checking on the performance and behavior of existing employees.

 
The legal framework for employment vetting is changing radically, as the Safeguarding Vulnerable Groups Act 2006 is brought into force. The Act implements the Bichard Report, which followed an inquiry into the notorious 2002 Soham murders. It establishes a new vetting and barring scheme for those working with children or vulnerable adults, to be operated by a statutory body called the Independent Safeguarding Authority (ISA).

 
With effect from 20th January 2009, the ISA was given responsibility for decision-making under the 3 existing employment barring lists: the education list, (popularly known as “List 99″), the PoCA list (for those working with children) and the PoVa list (for those working with vulnerable adults). As from 12th October 2009 these 3 lists will be replaced by two new lists introduced by section 2 of the 2006 Act and maintained by the ISA -  the children’s barred list and the adults’ barred list.  Employers, social services and professional regulators will have a duty to share information with the ISA. From July 2010, new entrants to roles working with vulnerable groups and those switching jobs within the sector will be able to register with the ISA, and employers will be able to check registration status online. The legal requirement for new entrants and those moving jobs to register with the ISA, and for employers to check on their status, will come into force by November 2010. The intention is to bring the whole of the existing workforce into the scheme by 2015.

 
I will be delivering a paper about employment vetting at the Local Government Group conference on 29th April, and the paper will be available on 11KBW’s website after the conference.  For consideration of whether the existing PoVA list is compatible with articles 6 and 8 of the European Convention on Human Rights, see R (ota Wright) v Secretary of State [2009] UKHL 3.  For the timetable for implementing the 2006 Act, see here and here.

Tags: , , , ,
Posted in INFORMATION LAW | Comments Off

Rowntree Report on Database State

March 23rd, 2009 by Anya Proops

The Joseph Rowntree Reform Trust has today published its report ‘The Database State’. The report purports to amount to the most comprehensive map of central government databases yet created. In total 46 databases across the major government departments were considered in the report, including, for example, the national DNA database, the national pupil database, the NHS detailed care record system and the automatic number-plate recognition system. In summary, the report concluded that:

  • a quarter of the 46 databases reviewed were ‘almost certainly illegal under human rights or data protection law; that they should be scrapped or substantially redesigned’ (including, for example, the Contactpoint index of all children in England and the national DNA database - on the latter database, see further the January 2009 post on the Marper case);
  • ‘more than half have significant problems with privacy or effectiveness and could fall foul of a legal challenge’ (including, for example, the NHS Summary Care Record and the National Pupil Database);
  • fewer than 15% were ‘effective, proportionate and necessary with a proper legal basis for any privacy instrusions’;
  • Britain was generally out of line with other developed countries as a result of its comparably greater tendancy to centralise and share records on sensitive matters like healthcare and social services; that ’the benefits claimed for data sharing are often illusory’.

Along with the House of Lords Report on the Surveillance Society published in February 2009 (see further the February 2009 post on the Lords Report), this report is likely to increase pressure on the Government to reexamine a raft of policies on data collection, management and storage.

http://www.jrrt.org.uk/uploads/Database%20State.pdf

Executive Summary:

http://www.jrrt.org.uk/uploads/Database%20State%20-%20Executive%20Summary.pdf

Tags: , , , ,
Posted in Uncategorized | Comments Off

BMA Expresses Concerns about New Data Sharing Powers

February 18th, 2009 by Anya Proops

The Coroners and Justice Bill was introduced in the House of Commons on 14 January 2009. Clause 152 of the Bill provides for the Data Protection Act 1998 to be amended to include a number of new provisions on data sharing. Those provisions include a section which creates a broad general power enabling any ‘designated authority’ to make an ‘information sharing order’, which is to say an order which enables ‘any person to share information which consists of or includes personal data’ (new section 50A(1)). The relevant designated authorities’ are ‘appropriate Ministers’ (i.e. Secretaries of State, the Treasury and Ministers in charge of government departments); Scottish Ministers; Welsh Ministers and a Northern Ireland Department (new section 50A(2)). Whilst these broad powers are subject to a number of limitations including those provided for under new sections 50C, 50A(4) and 50A(6), this has not prevented concerns being expressed as to the potential risks entailed upon these new provisions. Most recently, in an interview with the Guardian (14 February 2009), the British Medical Association’s Chairman, Hamish Meldrum, confirmed that he was ‘extremely concerned’ about these new data sharing powers, not least because they would potentially enable Ministers to allow patient data to be shared not merely within the NHS but also with other ministries and even private companies. Mr Meldrum said that the trust between doctors and patients would be destroyed if the Bill became law as it stands. The new powers embodied in clause 152 of the Coroners and Justice Bill follow in the wake of the development of another significant and controversial data sharing scheme under which the medical records of everyone in England are to be uploaded onto a national database, known as the Spine.

The Bill:

http://www.publications.parliament.uk/pa/cm200809/cmbills/009/2009009.pdf

Guardian Articles:

http://www.guardian.co.uk/technology/2009/feb/14/medical-records-nhs-privacy

http://www.guardian.co.uk/society/2008/sep/18/health.nhs

Tags: , , , ,
Posted in 1 | No Comments »

Appeal in Data Sharing Case

January 28th, 2009 by Anya Proops

The Information Tribunal has been seized by an appeal against a decision of the Information Commissioner in a case on data sharing. The Appellant requested information from the Cabinet Office relating to a Cabinet Committee which had been set up to consider data sharing in the public sector. The Cabinet Office disclosed some information. However, it refused to disclose minutes of the Committee’s meetings on the basis that they were exempt from disclosure under section 35 FOIA (policy exemption). The Cabinet Office also refused to disclose the names of junior civil servants who attended the meeting on the basis that this information was exempt under section 40(2) FOIA. The Commissioner held that that the Cabinet Office’s refusal to disclose the minutes was lawful. The Appellant is now appealing the Commissioner’s decision to the Tribunal.

Information Commissioner’s Decision Notice:

http://www.ico.gov.uk/upload/documents/decisionnotices/2008/fs_50177136.pdf

Tags: , ,
Posted in INFORMATION LAW | No Comments »

Government Superdatabase

January 27th, 2009 by Anya Proops

Over the last few months, there has been considerable media coverage of Government plans to introduce a new ’superdatabase’ designed to track all internet and telephone use. The stated purpose of the database is to assist law enforcement agencies by facilitating access to information currently held by individual Telecoms companies. It is expected that the Government will publish its detailed proposals later on this month. However, the new Director of Public Prosecutions, Kier Starmer QC has already expressed the view that, provided that proper safeguards are put in place, the database would be legitimate. Mr Starmer’s assessment contrasts starkly with that of his predecessor, Sir Ken MacDonald, who expressed the view that the database would create a ‘hell-house’ of personal privae information. The Information Commissioner has previously warned that the creation of such a database would raise serious data protection concerns (see his 15 July 2008 Press Release).

Draft Communications Data Bill:

http://www.commonsleader.gov.uk/output/Page2461.asp

Information Commissioner’s Press Release

http://www.ico.gov.uk/upload/documents/pressreleases/2008/annual_report_web_version.pdf

Tags: , , ,
Posted in INFORMATION LAW | No Comments »

« Older Entries