Children Act 2004 Information Database (England) Regulations 2007

My Lords, I should declare an interest as a member of the advisory board of the Information Systems Security Association. We have here a database which is supposed to provide proactive protection purporting to save time and therefore money and so on, and yet we have very sparse data on it. I do not understand how such a sparse dataset is going to save a huge amount of time. The data should be sitting in files already that could easily be exchanged at the local level with quite small databases, which would probably be more secure and easily managed. I have been thinking about this. If you have a big national database, how do you get it to work? There are some silly things in it. For example, when children go abroad for three or more years, they are taken off the system but archived for six years. But they may come back after eight or nine years, and then everything has to be found out about them and re-entered. There is some stuff in here that will go against its purposes. The archive will be enormous, at least half as big again as the main database—although we do not think about that in the context of dealing with the whole problem. What use is the archive? It is to be restricted to only a few people, when actually CEOP, the child protection agency, probably should be the body with access to it because there could be some useful information for trying to find out about child abuse later on. Some things may not manifest themselves until later. I could not see why the agency was not included in the body of people allowed to look at it. I turn to setting security standards. ISO 27001 is the industry standard, but I hope that the department has also consulted CESG, which sets much higher standards. A good point was raised earlier about the people working on the database having access to it. Unless the database scheme is encrypted so that the data cannot be accessed by the programmers working on it, there is a huge security problem. Some people will be able to get in through the back door. I was always able to do so in the days when I wrote software and designed systems. Further, if the security systems are too cautious, the same problems will arise as those in one of the hospitals—Nottingham or Northampton—used in the trial runs. It took so long to log on to the system that all that happened was that one person would log on at the beginning of the day and everyone else used that one point of access. In effect, the terminal was left open. Care must be taken to make sure that the security is not unworkable. I warn the Minister about that, just in case. I am delighted to see that something will be done about increasing the penalties for leaking data and selling data. This has been long needed because something like 30 per cent of all lost data has nothing to do with hackers. That is not the problem these days; rather, the problem lies with people who are authorised to use the system. At the same time, we should look at the powers of the Information Commissioner to check that all the procedures and processes are correct and sensible. At the moment the commissioner has to wait until a complaint is filed and then pretty much has to be invited in by the data controller. Unless he has sufficient powers, he cannot find out what is going wrong. The Minister may have underestimated the cost of keeping the database up to date. If there are around 11 million children—an average of 2.2 children in 5 million households—it should be noted that some 40 per cent of London households change address every year. That would translate to something between 0.5 and 1 million changes of address to record on the children’s database every year. If 300 people are monitoring the database for accuracy and a further 300 are trying to update it, I calculate that the 300 people in charge of updating it will have to handle something between 1,000 and 3,000 changes of address a day each, which will keep them quite busy. I am not sure that the Minister’s money estimates are quite right, even with 600 extra staff. The temptation will be to link the database to the proposed ““Tell us once”” database, where someone tells the Government once about a change of address and the information ripples over everything else. My challenge on that rests once again on the law of unintended consequences in the security world. If you are an abused partner and trying to hide your new address, or you are in a witness protection programme, it is likely that at some point someone could access your address through the back door of one of these other databases where people do not realise that the address is sensitive. I am worried about having yet another database where parents’ addresses are to be maintained. Quite a few addresses will have to be kept on the database. The point about the number of people who will have access to the database is very valid. I have worked out that during a child’s life, it is theoretically possible that some 1.5 million people will have had access to that child’s database—although it is segmented into local authorities and so on. We have to remember that the turnover in social services is running at about 330,000 people a year. Lastly, some people will be needed to keep an eye on the project to see that it is going well and being run properly. The department should not fall into the same trap as HMRC did when it allowed the same company that provided the system to decide when the benchmarks were going to be run. The department should keep control of when the benchmarks will be run on the project.