Informaticopia

Monday, March 23, 2009

Database State

Today the Joseph Rowntree Reform Trust published a major report on the Database State. In it Ross Anderson and colleagues chart the rise of public sector databases which impact on everyones lives.

The report arose from the loss by Her Majesty's Revenue and Customs of two discs containing personal information about nearly 50% of the population and a series of high profile fiascos and data loses and challenges over effectiveness, privacy, legality and cost.

The report assesses 46 databases across the major government departments, and finds that:

* A quarter of the public-sector databases reviewed are almost certainly illegal under human rights or data protection law; they should be scrapped or substantially redesigned. More than half have significant problems with privacy or effectiveness and could fall foul of a legal challenge.

* Fewer than 15% of the public databases assessed in this report are effective, proportionate and necessary, with a proper legal basis for any privacy intrusions. Even so, some of them still have operational problems.

* Britain is out of line with other developed countries, where records on sensitive matters like healthcare and social services are held locally. In Britain, data is increasingly centralised, and shared between health and social services, the police, schools, local government and the taxman.

*The benefits claimed for data sharing are often illusory. Sharing can harm the vulnerable, not least by leading to discrimination and stigmatisation.

* The UK public sector spends over £16 billion a year on IT. Over £100 billion in spending is planned for the next five years, and even the Government cannot provide an accurate figure for cost of its ‘Transformational Government’ programme. Yet only about 30% of government IT projects succeed.

The report uses a traffic light system to examine the databases - those achieving a red rating are "almost certainly illegal under human rights or data protection law and should be scrapped or substantially redesigned". These include three systems specifically relevant to health and social care:

* ContactPoint, which is a national index of all children in England. It will hold biographical and contact information for each child and record their relationship with public services, including a note on whether any ‘sensitive service’ is working with the child;

* the NHS Detailed Care Record, which will hold GP and hospital records in remote servers controlled by the government, but to which many care providers can add their own comments, wikipedia-style, without proper control or accountability; and the Secondary Uses Service, which holds summaries of hospital and other treatment in a central system to support NHS administration and research;

* the electronic Common Assessment Framework, which holds an assessment of a child’s welfare needs. It can include sensitive and subjective information, and is too widely disseminated;

Other databases in the field including the NHS Summary Care Record, which will ‘initially’ hold information such as allergies and current prescriptions, are rated amber which means "a database has significant problems, and may be unlawful. Depending on the circumstances, it may need to be shrunk, or split, or individuals may have to be given a right to opt out".

Out of the 48 databases studied only 6 are given a "green light".

I' still working my way through the whole 63 page report and I'm currently analysing the significance and likely impact of the chapter related to the Department of Health.

The report has already been highlighted by the Guardian in its report entitled "Right to privacy broken by a quarter of UK's public databases, says report". It will be interesting to see what other reaction it receives and, most importantly, whether the direction of travel for government IT is changed at all.

Labels: , , , ,

0 Comments:

Post a Comment

<< Home