Children Act 2004 Information Database (England) Regulations 2007

My Lords, I am grateful to all noble Lords who have spoken. I have been asked a huge number of questions and I cannot possibly answer all of them. However, I will write to noble Lords with responses to questions that I am not able to answer now. Perhaps I may deal with a number of questions to which I have answers before turning again to the two major themes encapsulated in the two amendments—one on the adequacy of the safeguards, moved by the noble Baroness, Lady Morris; and one on the proportionality, benefits and cost-effectiveness of the scheme, tabled by the noble Baroness, Lady Walmsley. I also thank all members of the Merits Committee for the consideration they have given to these regulations, both in the committee and in their contributions to the debate. I noticed that there were what is probably best described as a range of views expressed. I obviously agree with my noble friend Lord Tunnicliffe, who said that the scheme would bring real benefits and will be safe, more than I do with others, but I respect the views that have been expressed. I also note that all noble Lords who have spoken recognise the importance of child protection and seeing that information is available to practitioners where they deal with children who need additional services. They accept that this will be a very large proportion of children. The response I make to the noble Baroness, Lady Walmsley, is that when you are reaching proportions as high as 40 and 50 per cent, which are the kinds of proportions we are talking about, unless one has a clairvoyance—which, alas, is rarely granted to bureaucrats, or even mortals—and a universal system, there will be the huge job of adding and subtracting names constantly to and from a register. That in itself will introduce a big element of additional bureaucracy and cost and make the scheme less effective. The information will not be available until it is registered, so, by definition, it will not be available to practitioners before a child is entered on the register. Perhaps I may now deal with some of the questions. The noble Baroness, Lady Morris, thought that there might be a loophole in the regulations, in that she detected an inconsistency between Regulation 6(2) and Regulation 6(4) in relation to access to data. I can reassure her that Regulation 6(4) provides only for those in ContactPoint management teams in local authorities to have access to the data set out in Regulation 6(3). It does not therefore negate Regulation 6(2), which was the concern that she had. The noble Baroness also asked whether ContactPoint would be exempt from the e-GIF requirements on the mandatory sharing of information. I can assure her that ContactPoint information is limited by the Children Act 2004 to the purposes set out in Section 12. It will not be used for any other purpose. The noble Baroness, Lady Walmsley, asked about Capgemini, and whether the fact that it has contracts in other countries raises the possibility of information being disclosed abroad. I assure her that the Capgemini contract ensures that no data at all will be taken offshore. The noble Baroness asked what was the point of keeping information in the archive for six years. It is to support investigations or complaints. That period balances the Data Protection Act requirement not to retain information for longer than is necessary with the need to support and facilitate investigations. We have discussed our archive policy with the Information Commissioner’s office, which is content that we have the balance right in this respect. The noble Baroness also asked about scope creep. The purpose and scope of ContactPoint has already been made clear very precisely in the Children Act 2004. It has a clear purpose linked to the duty to co-operate and to safeguard and promote welfare as set out in Sections 10 and 11 of the 2004 Act. The data held on ContactPoint are kept to a minimum, as I described, and will not include case information. For example, in response to the noble Baroness, Lady Barker, I say that they will not include details of visits to GPs. Those case data are not there. The only information that will be on the database is the identity of the GP; it will not include any of the data that she feared could lead to misinterpretation. Therefore, the data held on ContactPoint are in pursuit of the Children Act 2004. There has been very little change to the proposed contact of ContactPoint since the passage of the Children Act 2004, so there has been no scope creep in its development. Any amendment to the regulations, which are in pursuit of the Children Act 2004, will be subject to the affirmative resolution procedure and therefore have the full scrutiny of Parliament. There could not be further scope creep without the consent of your Lordships and another place. The noble Baroness, Lady Walmsley, also asked about guidance to ensure that children and young people will give consent to sensitive services being included on the database. I reassure her that the guidance will address this issue and that consent must be, as will be made clear under the guidance, freely given and explicit. ContactPoint will not hold details of consent on the system, which was another issue she raised. The noble Baroness asked whether the audit records of ContactPoint usage would be monitored by computers or by human beings. I assure her that audit records will be monitored both by computers and by human beings, each complementing the other. She asked whether shielding the records of children meant that the system was not secure, a point also raised by the noble Lord, Lord Jopling. We do not believe that the fact that some records will be shielded indicates that ContactPoint will be insecure. It is simply an additional safeguard which is entirely consistent with the risk-based approach in the Data Protection Act, which requires security to be appropriate to the harm that may be suffered by the individual. The shielding mechanism is not unique to ContactPoint; it is already in place in a number of systems. The noble Baroness, Lady Walmsley, raised the issue of the views of young people about ContactPoint and whether we took them seriously. I assure her that we take their views very seriously, which is why we have taken considerable time and effort directly seeking the views of over 1,100 children and young people from a wide range of backgrounds. We have also looked at a wide body of research about the views of children and young people and taken on board the experience of local authority trailblazers, which developed local pilot systems and, as part of such development, consulted children, young people and families. I should stress that this consultation, as part of the development of the trailblazer pilots, generally showed that children understood the benefits of information-sharing and of ContactPoint. Understandably they wanted reassurance that the system would be secure and accurate. That is precisely why we are developing the system as we are—to ensure those robust protections. We will continue to engage children and young people directly, particularly to inform the development of communications material. We are doing so in collaboration with the Information Commissioner’s Office, the Office of the Children’s Commissioner and the Children’s Rights Director. The noble Lord, Lord Armstrong, asked whether eliminating some delays—he thought that they would be short delays—when a child first exhibits a need for a service was not itself a justification for a universal database. The key issue, we believe, is that practitioners are not able to make good decisions in all cases about need when they do not have the full circumstances of the child available. It is not simply a question of the delay in making entries on a database, but the quality of the decisions that will be made by practitioners in the first place, whether or not they have this information available. The noble Baroness, Lady Barker, asked me a number of questions. Would children and families have the right to challenge information that is wrong or out of date on the database? Yes, they will. That right is enshrined in the Data Protection Act 1984. A child or their parent can ask to see their data and, if the data are incorrect, they must be corrected. She asked what safeguards were in place to prevent misinterpretation, such as children visiting GPs several times a year, but as I said, that kind of information will not be on the database. She also asked what processes would be followed to ensure that staff who left would have their access revoked—the 330,000 are staff in service, with a right to see the information on the database. I can assure her that the accounts of users will be cancelled immediately the user’s supervisor notifies ContactPoint. Staff debriefing will recover the access control token, so that the user will not be able to access the system thereafter. The first broader theme raised was adequate safeguards. I reaffirm the importance of security as a priority in the development of ContactPoint. First, we will ensure that ContactPoint is built with robust and reliable software, which is configured to remove all known weaknesses. The system will then be tested before being put into use by licensed security testers approved by the Communication Electronics Security Group in Cheltenham, which is an arm of the Government. They will, in effect, try to hack into the system and will undertake software inspection. ContactPoint will not be put into live use until it has passed the security tests. The system will be actively monitored to detect attempted hacking or penetration, and any part of the system where such attacks are detected will be shut down. Secondly, all data are secured by encryption or scrambling while moving between computer systems, so that anyone trying to monitor communications will not be able to see the information. Thirdly, it will only be possible to access ContactPoint from computers that are either known directly to ContactPoint or connected to corporate or local networks approved by ContactPoint. The biggest risk for hacking is through the internet and from public access into computer systems; we are countering this by ensuring that any attempt to access ContactPoint from any system other than those known to be legitimate systems for access is rejected. Furthermore, we are taking active steps to ensure secure use. Systems that use passwords alone are vulnerable to misuse. ContactPoint users will therefore need to have an identifier, a password, a PIN and a physical token. We are restricting the user numbers, as I described in my opening speech. Finally, the ContactPoint system will monitor every user activity and record that securely in an audit log. The audit log will look for patterns of unusual or potentially suspicious behaviour, which will be reported to the user’s manager. I also refer directly to the submission made to the Merits Committee by the Information Commissioner, in which he reported that he had had considerable involvement with my department during the development of ContactPoint. For noble Lords who have not been so closely engaged in discussions about the development of the scheme, I quote from what the Office of the Information Commissioner said: "““It is the case that we had reservations about certain aspects of early proposals for creating an index of Children ... However, we have enjoyed very constructive relations with those responsible for implementing ContactPoint. We are pleased that our suggestions concerning the privacy, transparency and security aspects of running ContactPoint have been taken on board ... we are satisfied with the overall design of ContactPoint … We are pleased that the ‘ContactPoint Guidance’, which we have worked closely with DFES on, sets out a practical set of rules and procedures for those using ContactPoint. This guidance will provide a sound basis for developing the training that DFES will be carrying out, and which the Information Commissioner will participate in. It is also encouraging””—" this takes up the point of the noble Earl— "““that sanctions have been put in place to deter those having access to ContactPoint from abusing their access””." The Information Commissioner concludes: "““We will, of course, continue to keep close contact with DFES, and with ContactPoint end-users … We are prepared to devote the resource necessary to make sure that ContactPoint is ""operated properly and that the privacy interests of the individuals included on the database are safeguarded properly””." On balance, our arguments in favour of the security of the scheme are justified. That is not to say that there is no risk whatever, in response to the noble Lord, Lord Jopling. No Minister could stand here and say that. However, we have taken all reasonable precautions against it. The Information Commissioner looked objectively at the safeguards we have put in place, and they are of the most robust kind. We must set aside the continuing risk that there may be on that front against the huge gain to be had from the database. The judgment of Parliament should lead us to want the gain that could be had from making the information on children available to practitioners to help those who may, at some point in their young life, be at risk. I dealt with most of the arguments about proportionality and cost in my opening remarks so, rather than rehearsing all those points again, I shall deal with some of the specific issues raised by the noble Baroness, Lady Walmsley, to show that her concerns are substantially either unfounded or exaggerated. She queried the £88 million annual saving, but a robust case for that saving is set out in the memorandum—whose methodology she did not seek to undermine—which my department submitted to the committee. The noble Baroness specifically asked, and this was a key point, whether the £88 million and all the hours of practitioner time that would be saved would predominantly affect front-line practitioners. I assure her that it will. At the moment those practitioners’ time is often used or wasted in having to get in touch with other practitioners or in making duplicate referrals, which would not be necessary if the database was available and access could be gained much more quickly.