Children Act 2004 Information Database (England) Regulations 2007

rose to move, as an amendment to the above Motion, at end to insert ““but this House regrets that adequate safeguards are not in place to ensure the protection of the information collected””. The noble Baroness said: My Lords, I thank the Minister for his thorough explanation of the regulations. While the debate will and must focus on the safeguards of information-sharing and the safeguarding of young children, it is also important to discuss how to ensure more effective support for the professionals who work to improve the welfare of children. Whatever aspect of government policy we talk about in whatever department we must ensure that the resources of time and money are focused and used effectively to support those who need them most. The Motion I have tabled goes straight to the heart of my deep concerns about these regulations, which set up a database to store the intimate details of millions of children. Doctors’ details, contact with practitioners dealing with sexual and mental health and substance abuse and contact details of parents are just some of the information fields that will be included. The legislative web surrounding these regulations renders them far wider-reaching and threatening than has been made clear. Even though the Department for Children, Schools and Families has claimed that the ContactPoint database will not contain information on cases, since 2000 under the e-Government Interoperability Framework, otherwise known as e-GIF, it has been mandatory for all public sector databases to facilitate the sharing of data across systems. Currently, a range of databases holding detailed information about children already exist in education, social care and youth justice. Can the Minister give a guarantee that ContactPoint will be exempt from the requirements of e-GIF? What steps will be taken to ensure that the child in question may not be identified by other associations in the information provided? Indeed, what protection will be provided for the list of names behind the numbers? My first and deepest concern is for the children whose personal information is stored on the database and, if accessed by fair means or foul, could result in them being placed in great danger and in deeply vulnerable situations. It will be extremely difficult to secure such large quantities of sensitive information. Eleven million children will have their details stored on the database, and upwards of 330,000 people will have legitimate access to it. While I hope that those 330,000 people will be trustworthy, function creep develops at an alarming rate in data systems, which is all the more disquieting given the wider context of online fraud, growing at 300 per cent a year. It raises serious questions about whether we can, in reality, trust in the assurances that we are given, even though they are given in good faith at the time. I am grateful to the Minister for confirming what training those handling the information will have and what checks they will undergo, including enhanced CRB checks. However, noble Lords will know that CRB checks only cover known criminals and fail to cover overseas workers, who now comprise a large part of the health and social care workforce. Has the Minister considered the danger of exposing such sensitive information to the extremely wide range of users, including many subgroups. Is the Minister at all concerned that employees of contracted-out services—often temporary staff—might be given access to the database? Above all, it is vital that we do not unwittingly provide a resource indicating children’s whereabouts to anyone who is not acting exclusively in the very best interests of the child or anyone who may, however unintentionally, fail to protect that information. The Information Commissioner’s Office report to Parliament, What Price Privacy?, shows how easy it has been for private investigators to gain access to personal data by paying employees of the target organisation. Dr Ian Brown of University College, London, recently brought to our attention a report from the inspector-general of the United States Department of Veterans Affairs, who earlier this year found that the digitised medical records of 1.3 million individuals had been mislaid. That shows yet again how easy it is for security safeguards to be ignored and bypassed. I draw attention to the 27th report of the Merits of Statutory Instruments Committee and I pay tribute to the committee for its customary diligence and excellence. It was noted that while the DCFS may be acting with good intentions, the huge number of users of the database will, "““inevitably increase the risks of accidental or inadvertent breaches of security, and of deliberate misuse of the data … which would be likely to bring the whole scheme into disrepute””." I am sure that the Minister will remember fondly the amendment that I tabled last year to the Childcare Bill which would have ensured that any information collected under Clause 99 would have to be destroyed within a year. It was my understanding then that the regulations were intended to provide safeguards against the collection and processing of disproportionate amounts of information and that they would include stringent security and safeguarding measures; yet only a year later, the regulations before us contain a contradiction on the vital point of safeguarding. A particular concern is the drafting of Regulation 6. Regulation 6(2) places a duty on local authorities to ensure that no one can access sensitive service details, archives and ID numbers on other systems. However, Regulation 6(4) is so widely drafted that it appears to negate Regulation 6(2). In effect, when the two provisions are read together, they seem to say that a local authority must hide the details but can decide not to. To allow loopholes to rest in regulations of this importance and sensitivity is nothing less than unacceptable. A survey of local authorities carried out by my honourable friend Tim Loughton MP shows the state of disarray on the ground. Authorities do not feel ready for the system. Moreover, in light of the appalling records around the country, as expressed in the Information Commissioner’s latest report, councillors have expressed, "““practical and moral concerns at the mammoth task ahead of them””." The Government intend to use the system to improve the care of and provision for children. Their intentions are of the best kind and are shared in principle by all noble Lords. Yet it is the very system that they seek to rely on that risks stigmatising children and discouraging them from seeking help where necessary. The Minister said that the regulations had the backing of many children’s welfare organisations. However, the majority of young people and parents consulted by the DCFS oppose the measures, and the major children’s charities—the NCB, the NSPCC, Action on Rights for Children and a coalition led by BAAF—have voiced serious objections. Noble Lords will have received the excellent briefing from the Independent Schools Council. The ContactPoint system, we are told, is intended to prevent another Victoria Climbié situation. However, that is not quite accurate. The agenda for the collection of children’s data began with the programme originally called ““identification, referral and tracing””, which predates the Laming inquiry and does not mention child protection in its original criteria. Moreover, the child protection specialist Chris Mills has already ascertained that the system would not have applied to Victoria Climbié, given her temporary residency in this country. We all wish to see an end to the horrors that befell Victoria Climbié and others. Inasmuch as the system will create a culture of over-reliance on what will always be a flawed database, it would divert attention from the children who most need protection from those who profess to care for them. It appears that the children of the rich and famous may be exempted if there is a risk of kidnap. While I fully understand why that should be the case, it strikes me as the most damning admission of the inability of the system to protect the details of children, not to mention the injustice of treating one set of children differently from the rest. The Government’s financial estimates for ContactPoint leave much to be desired, as we shall hear from the noble Baroness, Lady Walmsley. The chief information officer and group director of programme and systems delivery at the Department for Work and Pensions estimated in May that only 30 per cent of government IT projects succeed. Given the huge complexity of the system—150 little databases wired into one national database—the system, as much as any other, risks becoming yet another hugely over-budget IT white elephant, and a very dangerous elephant at that. It is imperative that the regulations are not passed until much greater thought has been given to their information. Once the regulations are enacted, there will be no further opportunity to prevent the slackening of security around those precious and vital personal details. I beg to move. Moved, as an amendment to the above Motion, at end to insert ““but this House regrets that adequate safeguards are not in place to ensure the protection of the information collected””.—(Baroness Morris of Bolton.)