Report - Guardian

More documents

Recommendations

Info

148 The LSE Identity Project <strong>Report</strong>: June 2005The Register will also include a great deal of transactional data such as dates ofapplications, modifications and disclosures of information on the Register; the purposesof the Register are insufficiently precise to understand how such data retention will notbe in breach of the 3 rd , 4 th and 5 th Data Protection Principles.The information held on the Register will be disclosable without the consent of theindividual to the Security Services, Chief Police Officers, Inland Revenue and Customs& Excise, any prescribed government department and any other person specified byOrder by the Secretary of State. Again the potentially wide audience to whom this largeand powerful amount of information might be disclosed to will go the fairness andtransparency features of the 1 st Data Protection Principle and the specificity requirementof the 2 nd .Section 29 of the Data Protection Act does make provision for disclosures to bodiessuch as the police and Inland Revenue, however, the body making the disclosures isrequired, in the absence of warrant, court order or other legal compulsion, to assess on acase by case basis whether the information should be passed on. Cl. 19 of the Bill doesnot require such an assessment, but is merely qualified by Cl. 23 which states it is notreasonably practicable to expect the requestor to obtain the information by other means.There is no exposition of this test and with a growing centralized database ofinformation about the UK populace one can imagine both security and law enforcementforces arguing that obtaining information from other sources will not be ‘reasonablypracticable’, particularly if they believe their request is likely to fail the s.29 test.If the argument for a National Register is accepted then the actual practical aspects ofadministration, maintenance and compliance with the information quality principles(3 rd , 4 th , 5 th ) present very serious concerns.One particular concern is the requirement upon individuals to notify the Secretary ofState of any changes to the registrable facts on the Register in Cl. 12 of the Bill. Underthe provisions of the 4 th principle, it is the responsibility of the data controller to take allreasonable steps to ensure the information they hold is accurate and up-to-date. Not onlydoes Cl. 12 shift this responsibility onto the individual but imposes a penalty of up to£1,000 for failing to do so even though later on at Cl. 37 an individual may eventuallyhave to pay a fee in order to alter their records. One can anticipate the difficulties thatare likely ensuring that it is up to date bearing in mind the range of information that isgoing to be held on the Register. There may well be issues about policing of suchrequirements.Finally, there are already several other initiatives underway to collate information aboutcitizens in the UK: the Citizen’s Information Project initiated by the National CensusOffice and the database of all children under the Children’s Bill. There is clearly furtherpotential for the amount of information to be linked or transferred to the NationalIdentity Register if the Secretary of State chooses to make this happen by Order. It isunclear at present how these initiatives are to work together in practice. Other policiessuch as the retention of communications data by communications service providers andthe tracking of vehicles for taxation of road usage also have the potential to becombined to provide the government with a comprehensive and all pervasive databaseon the lives of its citizens.
The LSE Identity Project <strong>Report</strong>: June 2005 149The Identity CardThe purposes of the National Identity Card still remain to be clarified: referring back asit does to the entries in the Register – the 1 st Data Protection Principle therefore remainsto be satisfied within the legislation itself. There is also general concern that even ifsuch purposes were to be listed in sufficient clarity within the legislation, the productionof an ID card would be required in order to access a wide number of as yetunanticipated services both in the public and private sector – the ‘function creep’referred to by so many commentators on the legislation. 365 The notion of function creepis nothing new; the same process happened with the ID card issued during World War IIwhen there were originally three purposes for the card (national service, security andrationing); eleven years later thirty nine government agencies made use of the recordsfor a variety of services. 366It is also unclear from the Bill precisely what information will be held on the face of thecard and which parts will be encrypted on the card chip, and even where some parts areencrypted, who will have access to the full information on the card. The 1 st and 7 th DataProtection Principles may be breached if there is insufficient security surrounding theinformation on the card. Without clear limits on who may access information on thecard and then go on to retain the information they have obtained there is a danger of the3 rd and 5 th Principles being breached.The issue of ID cards to those applying for the issue or renewal of certain documentssuch as driving licences and passports will not only contribute to the lack of clarity as topurposes but will also undermine the idea that the compulsion to hold an ID card will bethe subject of scrutiny in Parliament before it is extended to the wider populace. Whenan individual is asked to present an ID card based on one of these documents it is verylikely that not all information will be relevant on every occasion. The risk is thatexcessive information will be disclosed and possibly retained even where it is notnecessary for the particular circumstances in which the card was presented and the 3 rdPrinciple will again be breached.If the aim of the ID card was to merely confirm identity it would be possible to achievethis purpose through a far simpler process and much less personal information wouldhave to be gathered and retained than that which is being proposed by the Bill. Thiswould present far fewer difficulties with compliance with the Data Protection Act andHuman Rights Act.National Identity Registration NumberThe introduction of a unique identifier which will be linked to information stored in theNational Identity Register and linked to other nationally used numbers such as NationalInsurance and Driving Licence numbers raises further concerns particularly in terms ofsecurity. The value of the National Identity Registration Number will mean that stepswill have to be taken to ensure the number does not gain common currency and is365 Information Commissioner’s evidence to Select Committee on Home Affairs, 3 rd February 2004.366 Information Commissioner, Response to the Government’s Consultation on Legislation on Identity Cards, 2004,http://www.informationcommissioner.gov.uk/cms/DocumentUploads/the%20information%20commissioners%20response%20to%20the%20draft%20bill.pdf.
Page 1:
The Identity Projectan assessment o
Page 5 and 6:
The LSE Identity Project Report: Ju
Page 7:
Page 11 and 12:
Page 13 and 14:
Page 15:
Page 19:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33:
Page 36 and 37:
22 The LSE Identity Project Report:
Page 38 and 39:
Page 40 and 41:
Page 42 and 43:
Page 44 and 45:
Page 46 and 47:
Page 48 and 49:
Page 50 and 51:
Page 52 and 53:
Page 54 and 55:
Page 56 and 57:
Page 58 and 59:
Page 60 and 61:
Page 62 and 63:
Page 64 and 65:
Page 66 and 67:
Page 68 and 69:
Page 70 and 71:
Page 72 and 73:
Page 74 and 75:
Page 76 and 77:
Page 78 and 79:
Page 80 and 81:
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
Page 88 and 89:
Page 90 and 91:
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Page 104 and 105:
Page 106 and 107:
Page 108 and 109:
Page 110 and 111:
Page 112 and 113: 98 The LSE Identity Project Report:
Page 114 and 115: 100 The LSE Identity Project Report
Page 127 and 128: The LSE Identity Project Report: Ju
Page 157: The LSE Identity Project Report: Ju
Page 199: The LSE Identity Project Report: Ju
Page 212 and 213:
198 The LSE Identity Project Report
Page 215 and 216:
Page 217 and 218:
Page 219 and 220:
Page 221 and 222:
Page 223 and 224:
Page 225 and 226:
Page 227 and 228:
Page 229 and 230:
Page 231 and 232:
Page 233 and 234:
Page 235 and 236:
Page 237 and 238:
Page 239 and 240:
Page 241 and 242:
Page 243 and 244:
Page 245 and 246:
Page 247 and 248:
Page 249 and 250:
Page 251 and 252:
Page 253 and 254:
Page 255 and 256:
Page 257 and 258:
Page 259:
Page 262 and 263:
Page 264 and 265:
Page 266 and 267:
Page 268 and 269:
Page 270 and 271:
Page 272 and 273:
Page 274 and 275:
Page 276 and 277:
Page 278 and 279:
Page 280 and 281:
Page 282 and 283:
Page 284 and 285:
Page 286 and 287:
Page 288 and 289:
Page 290 and 291:
Page 292 and 293:
Page 294 and 295:
Page 296 and 297:
Page 299 and 300:
Page 301 and 302:
Page 303 and 304:
Page 305 and 306:
Page 307 and 308:
Page 309 and 310:
Page 311 and 312:
Page 313 and 314:
Page 315 and 316:
Page 317:
show all

Report - Guardian

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?