Report - Guardian

More documents

Recommendations

Info

150 The LSE Identity Project <strong>Report</strong>: June 2005protected from cloning, duplication and other practices that might lead to identity fraud.The 1 st and 7 th Data Protection Principles will have to be adhered to closely if theNumber is to be properly protected and used.General IssuesThere are some general data protection issues that run as a common thread throughoutthe Bill and the next section aims to highlight those particular areas of concern.Fair and lawful processingThere are three main elements to the First Data Protection Principle: processing must belegitimate, fair and lawful. The very enactment of the enabling legislation will ensurethat any processing will be legitimate.There may be questions however, surrounding the other two elements of fairness toindividuals and lawfulness. Although the Bill does list more clearly the purposes forwhich the ID card and Register will be used than in earlier proposals, the provisionswithin the Bill for wide ranging powers of the Secretary of State to make amendmentsto the legislation by Order without full consideration by Parliament or public debatemean that the existing purposes and consequent disclosures may become less clear overtime and any Fair Processing Notices provided by either the Home Office orparticipating public bodies will become inadequate.The overall test of fairness may, in the view of some, not be satisfied either: chargingindividuals for the issue of the cards themselves and for keeping that information up todate may not be fair if it disadvantages certain groups of people. Cl. 2(4) states that anentry may be made in the Register for a person whether or not the individual has appliedto be, or is entitled to be in it.Furthermore, once the decision to make the ID card compulsory for all is taken, some ofthe safeguards in the Bill such as the Cl. 18 prohibition on making the production of anID card a condition of providing a service will be undermined and remove theopportunity for a person to choose to rely on alternative means of identification.The third element of the 1 st Data Protection Principle (that of lawfulness) brings intoplay the human rights considerations mentioned earlier. Both the European Conventionon Human Rights and the Human Rights Act allow for intrusions on the right of privacywhere they are necessary to safeguard national security, defence, public security…therights and freedoms of others… and is necessary in a democratic society. One of thequestions which needs to be asked is whether the actions being taken are a proportionateresponse to the harm seeking to be avoided. The Home Secretary has stated that hebelieves the provisions of the Bill are compatible with the Convention Rights but hasyet to demonstrate why he feels able to make this statement. However, it has long beenaccepted by the European Court of Human Rights that the storing of information and theuse of it amount to an interference with the right to respect for private life. 367Compatibility therefore remains to be tested in the courts.367 Leander v Sweden, March, 1987; Amann v Switzerland, February 2000, Rotaru v Romania, 2000
The LSE Identity Project <strong>Report</strong>: June 2005 151SecurityThe Bill proposes that the ID card and National Register will provide for an individualto establish his identity and obtain the services to which they are entitled. It is quiteclear therefore that the ID card and Register will become a target for identity fraudsters;protecting against unauthorized access, use and disclosure as required by the 7 th DataProtection Principle will present huge technical and logistical challenges which are notaddressed within the Bill apart from the expected criminalization of certain behaviours.Given the potential damage and risk to an individual whose information and identity isunlawfully obtained and used, the Bill is worryingly silent on how the infrastructurewill be kept secure and how individuals whose identities are stolen will be dealt with.Recent failures of existing governmental computer systems such as those at the ChildSupport Agency, Department for Work and Pensions and even the police fingerprintdatabase, illustrate the need for a robust, secure and foolproof technology.The Bill anticipates that various public bodies will be able to access the ‘registrableparticulars’ of the individual in question. A comprehensive set of standards ofprocessing and procedures are going to be necessary in order to protect the integrity ofthe National Register and the information held by those public bodies.The 7 th Data Protection Principle also requires data controllers to ensure their supplierstake steps to keep the information they process on behalf of the data controller safe fromloss and disclosure. If any of the functions of the ID card and Register are outsourced,the government will have to ensure the contractual arrangements are sufficientlyrigorous to protect the data and provide for the independent auditing of those outsourcedfunctions. Clearly if any outsourcing were to be overseas the 8 th Data ProtectionPrinciple would also be engaged.Data sharingOne of the main results of the provisions of the National Identity Register will be that agreat deal of information will be shared between public bodies. The governmentundertook a large exercise several years ago via the Performance and Innovation Unitwhich considered the obstacles to data sharing between public bodies. Some of thoseobstacles were overcome by legislation which established lawful gateways for datasharing but also required memoranda of understanding to ensure data was only sharedwhere necessary and that all the information held by various public sector bodies did notend up being pooled. This approach recognized that public bodies’ powers onlyextended to the extent of their enabling legislation and that there were also publicconcerns about their information being shared widely across the public sector. 368The proposals in the present Bill will undermine those protections and at the same timemake data sharing much less visible and transparent. Cl. 19(4)f gives the Secretary ofState powers to specify when the information contained in the Register may bedisclosed on top of those crime prevention, customs and tax purposes alreadyenumerated in the clause.368 Cabinet Office, Privacy and Data sharing – The way forward for Public Service, PIU, 2002.
Page 1:
The Identity Projectan assessment o
Page 5 and 6:
The LSE Identity Project Report: Ju
Page 7:
Page 11 and 12:
Page 13 and 14:
Page 15:
Page 19:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33:
Page 36 and 37:
22 The LSE Identity Project Report:
Page 38 and 39:
Page 40 and 41:
Page 42 and 43:
Page 44 and 45:
Page 46 and 47:
Page 48 and 49:
Page 50 and 51:
Page 52 and 53:
Page 54 and 55:
Page 56 and 57:
Page 58 and 59:
Page 60 and 61:
Page 62 and 63:
Page 64 and 65:
Page 66 and 67:
Page 68 and 69:
Page 70 and 71:
Page 72 and 73:
Page 74 and 75:
Page 76 and 77:
Page 78 and 79:
Page 80 and 81:
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
Page 88 and 89:
Page 90 and 91:
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Page 104 and 105:
Page 106 and 107:
Page 108 and 109:
Page 110 and 111:
Page 112 and 113:
Page 114 and 115: 100 The LSE Identity Project Report
Page 127 and 128: The LSE Identity Project Report: Ju
Page 157: The LSE Identity Project Report: Ju
Page 199: The LSE Identity Project Report: Ju
Page 215 and 216:
Page 217 and 218:
Page 219 and 220:
Page 221 and 222:
Page 223 and 224:
Page 225 and 226:
Page 227 and 228:
Page 229 and 230:
Page 231 and 232:
Page 233 and 234:
Page 235 and 236:
Page 237 and 238:
Page 239 and 240:
Page 241 and 242:
Page 243 and 244:
Page 245 and 246:
Page 247 and 248:
Page 249 and 250:
Page 251 and 252:
Page 253 and 254:
Page 255 and 256:
Page 257 and 258:
Page 259:
Page 262 and 263:
248 The LSE Identity Project Report
Page 264 and 265:
Page 266 and 267:
Page 268 and 269:
Page 270 and 271:
Page 272 and 273:
Page 274 and 275:
Page 276 and 277:
Page 278 and 279:
Page 280 and 281:
Page 282 and 283:
Page 284 and 285:
Page 286 and 287:
Page 288 and 289:
Page 290 and 291:
Page 292 and 293:
Page 294 and 295:
Page 296 and 297:
Page 299 and 300:
Page 301 and 302:
Page 303 and 304:
Page 305 and 306:
Page 307 and 308:
Page 309 and 310:
Page 311 and 312:
Page 313 and 314:
Page 315 and 316:
Page 317:
show all

Report - Guardian

Create successful ePaper yourself

Delete template?

Save as template?