Children Act 2004 Information Database (England) (Amendment) Regulations 2010

I start by thanking all noble Lords for joining me in this debate. As I hope my opening remarks made clear, ContactPoint is a significant part of the contribution that the Government are making towards promoting the interests of children in terms of identifying those potentially in need of additional services and playing a key role as a tool in our safeguarding strategy. This is an important database and it is therefore important that we should consider the regulations today. I shall try to respond in detail to the questions that have been put to me. The noble Lord, Lord De Mauley, made some important points about security. Even though only a minimal amount of data are kept on ContactPoint, security of information is absolutely paramount and something that we take very seriously. It is only right and proper that noble Lords should want to know more about that aspect. The noble Lord asked particularly why the Deloitte report will not be published. The background is that, on 20 November 2007, the Secretary of State for Children, Schools and Families decided, as the noble Lord knows, to commission an independent review of ContactPoint’s security procedures. This was announced in a Written Statement to Parliament on 27 November. The review was undertaken by Deloitte, which reported to Ministers in early February 2008. On 21 February 2008, the executive summary of the report was published, which included Deloitte’s recommendations. The Government’s response to those recommendations was also published on the same day. The Deloitte review confirmed that robust measures are in place for the security of ContactPoint and acknowledged that the importance of security is ingrained in the project. The review did not find any areas of significant weakness—that is a key point to stress. ContactPoint has undergone numerous levels of testing and review since the Deloitte review, involving all the kinds of testing that those interested in data management and security would expect. ContactPoint is government-accredited for security and is compliant with the international standard for information security management, ISO/IEC 27001. I was asked about the publication of the full report. The report contains sensitive information about the security of ContactPoint. It is important to state that publication would do the opposite of what noble Lords have asked for. I will maintain that line, as noble Lords would expect. Publication would compromise the security of the data by providing a rich amount of information on how the security of the system works. We believe that we have done absolutely the right thing by putting as much information on the Deloitte report into the public domain as we can. The noble Lord, Lord De Mauley, asked about security incidents. There have been a small number of incidents in which the correct procedures for the use of ContactPoint were not followed. I have been absolutely clear that there are very tight and correct procedures that need to be followed. The incidents were all investigated and appropriate action was taken. There is no evidence that any of these incidents indicated malicious intent or led to data in ContactPoint being at any risk. The fact that such incidents have been quickly identified and addressed demonstrates that the stringent security processes in place are working. I hope that I can offer the noble Lord the reassurance for which he is looking. The noble Lord also asked about shielding and adoption. We have considered carefully whether all adopted children should be shielded. Delivery of ContactPoint should not in any way put children at increased risk. That is why we have the functionality to shield the records of any children who would be at increased risk of harm if their whereabouts became known. That would apply to children whether they are adopted or not. Each adoption is of course an individual case, and assessment of whether to shield a child’s records needs to be carried out on a case-by-case basis. Guidance has been provided to local authorities setting out the circumstances in which shielding would be appropriate. Comprehensive and stringent security arrangements are in place to prevent inappropriate access to information. Shielding is an additional measure relevant to the minority of children who are already considered to be at an increased risk should their whereabouts become known. The noble Lord, Lord De Mauley, asked about feedback from the pilots. When we are talking about pilots, we are actually referring to early adopters. We have published a report that brings together all their experiences; it might be helpful if I send that to noble Lords, because there is an awful lot in it. There has been a lot of positive feedback about the usability of the system and how it helps people to do their jobs. I should be happy to send that report to noble Lords and to put a copy in the Library. The noble Baroness, Lady Garden, asked about the number of responses to the consultation. Occasionally when the Government consult, the number of responses is quite small. That does not necessarily indicate a lack of interest; sometimes it means that people feel comfortable with the proposals. We have developed ContactPoint by working closely with early adopters in local authorities, making sure that we work with the whole local authority community and with the voluntary sector. We have a close dialogue with the users of ContactPoint at every stage and receive a lot of feedback. I am confident that the consultation that we have undertaken has given us some very helpful feedback, which enables us now to go ahead with the amendments to the regulations. The noble Baroness also asked about our plans to survey practitioners. This picks up on the point made by the noble Earl, Lord Erroll, about how we evaluate the benefits of ContactPoint. It is important that we keep a close eye on what is happening as we evaluate ContactPoint usage. We plan a survey of practitioners in the summer of 2010. We published a baseline survey in 2009, which we can circulate to noble Lords. It covers the usage of the service, how people are finding it and whether it is saving the time that we expected. I will happily keep noble Lords informed about that. The noble Baroness, Lady Garden, asked about shielding and the power proposed for the Secretary of State to decide to exclude or shield records. As noble Lords know, shielding hides the contact details of the child or young person and their parent or carer, together with those of any practitioners involved with them. A shield is applied only where it is appropriate to do so and according to the criteria—this is the important point—in the ContactPoint guidance. The Secretary of State will take the decision to shield records only in cases that involve the most serious safeguarding and security concerns and after consultation with the appropriate law enforcement agencies. That will enable the process to be managed centrally in the most appropriate and secure manner. There are a very small number of these cases. In other cases, as the noble Baroness is aware, the decision to shield a record will continue to be the responsibility of the relevant local authority. The revised statutory ContactPoint guidance will clarify this. I reassure the noble Baroness that in DCSF only a small central management team, whose members have been through all the checks that you would expect—the ones that I have described—will be involved in using ContactPoint. Team members are cleared and trained in the same way as any other ContactPoint user. Shielding is a very rare occurrence and the Secretary of State must follow the same criteria as local authorities have done since the early adopters were rolled out. The noble Earl, Lord Erroll, asked about the number of ContactPoint users and the accuracy of the data. To be clear about the numbers, the national rollout of ContactPoint began in October 2009 and more than 5,000 authorised practitioners have now been trained and are using ContactPoint. Even at this early stage, we have promising evidence of the ways in which it is helping practitioners in their day-to-day work with children. The report to which I referred is a very good example. The speed at which practitioner use builds up over time will be agreed jointly by local authorities and national partners in the light of local needs. Access to ContactPoint is strictly limited to those who need it as part of their work, so there must be a specific reason for practitioners to want to use it. All users must have completed their identity checks and enhanced Criminal Records Bureau disclosure, which is renewable, as we know. The likely user numbers are estimated to be about 390,000, but we have tried to be clear that the ultimate number of users will be determined by local authorities when they deem what is the most reasonable use and what most improves their day-to-day practice. These decisions will be governed by regulations and guidance, by the criteria that we have talked about, but ultimately by capacity and resources in the local authorities. I am not expecting that the number will be revised either way, but in practice we will be monitoring carefully the usage and the benefits that we can identify from that usage. On the accuracy of data, obviously wherever possible ContactPoint will be automatically updated from existing systems. That is a key point. Practitioners will not need to enter the same information twice. That is done through the national data feeds. Data will be updated for other purposes anyway—for example, when a child moves school. We have had feedback from parents of children with disabilities, who have had to tell their story several times and give contact details of different therapists who work with their child. That kind of repetition of data will be much less problematic for parents and much more straightforward. To be clear again, the department recognises the importance of data quality to the effectiveness of ContactPoint, which is one of the points that I think the noble Earl was driving at. We have made a significant investment in supporting local authorities in discharging their responsibilities and making sure that they have good teams locally that know their job very well to ensure that the quality of data is properly looked after. Specifically, that includes training of ContactPoint data administrators in every local authority and the ongoing provision of ContactPoint data administration tools and guidance from DCSF. All data fed to ContactPoint undergo an accreditation process to ensure that they are submitted in the best possible form and are of the highest quality. Transmission must be secure and reliable. In the usual way, I shall check Hansard to ensure that I have answered all questions and I will send the reports, which are helpful. The amendments are modest and do not change the fundamental principles or the design of ContactPoint. They are necessary, though, to ensure that ContactPoint can operate in line with the policy intentions in the primary legislation, helping practitioners to work together to keep children safe and to improve their well-being. The amendment will legally enshrine good practice and improve the operation of ContactPoint in line with what practitioners and expert stakeholders have advised. I commend the regulations to the House. Motion agreed.