Identity Documents Bill

My Lords, I thank the noble Lord, Lord Phillips, for the time that he has taken to discuss this aspect of the Bill with the Bill team. His experienced views on these matters were very much appreciated. The best thing that I can do to reassure the Committee is to describe what we are going to do. I ask noble Lords to forgive me if that takes a moment or two. The national identity register is a generic term applied to the process of collecting and storing personal biographical and biometric data on ID card applications. At the moment, the core database is maintained in secure conditions on behalf of the Identity and Passport Service by its main contractors. Data held for dealing with applications, for subject access requests or for marketing purposes are similarly held in secure conditions by IPS staff and by contractors, such as Teleperformance. IPS and any other party which has or had access to information gathered in connection with the NIR is required to comply with data protection legislation. We certainly will ensure that that is the case throughout. IPS has adopted an active approach and has identified all sources where information recorded as part of the NIR is held. As a result of that exercise, three categories have been identified. The first is the core data where the central records for the NIR are held. Core data containing biographical and biometric data are held by contractors on secure production systems. The storage media such as hard disks and back up tapes containing the data will be physically destroyed by shredding. That shredding process will comply with requirements for destroying secret data set out in Her Majesty's Government Information Assurance Standard No 5—the Secure Sanitisation of Protectively Marked or Sensitive Information. This category represents by far the largest element in the destruction process. Secondly, I shall deal with data extracted from the NIR to write to cardholders, to deal with subject access requests or to obtain management information such as age or gender. As things stand, the IPS is continuing to explore options to remove the data from the backup storage tapes, but it may be that this can be achieved only at significant operational risk to the business. This data will be deleted from all systems and when the equipment holding the data reaches the end of its life, it will be cleared down using Government procedures for decommissioning restricted equipment. This means that the files will not be capable of being recovered. Thirdly, I turn to personal data associated with an application for an ID card but not extracted from the NIR. This includes data collected, for example, from the outsource company Teleperformance, which is used by IPS to deal with inquiries and interview bookings for applicants. As with the second category, this data will be deleted from all systems, and when the equipment holding the data reaches the end of its life, it will be cleared down using the procedures I have just mentioned. Again, this means that the files will not be capable of being recovered. I will make available in the Library a paper prepared by IPS on the destruction process. This sets out in considerable detail the work undertaken by IPS and the work required to comply with the provisions of the Bill. As has been mentioned, IPS has been in touch with the Information Commissioner’s Office about the proposed arrangements. The ICO has indicated that all relevant areas have been considered. I understand that the Committee will be interested to see that correspondence, and I suggest that the right place for it is in the report to the House in order to ensure that transparency is maintained. Clearly, we will want to satisfy the commissioner that the destruction process has been completed, and verifiably so. I mentioned during earlier consideration that the Minister with responsibility for immigration had informed the other place that a Written Ministerial Statement would be made to Parliament on completion of the destruction process. I should like to confirm that, and I have also said that today I will place a copy of the destruction process in the Library. We want to be entirely open about what we are doing and have already shared what we are doing with the Information Commissioner’s Office. We will publish the details which, I can assure the Committee, will comply with data protection requirements. We feel sure that the destruction process will conform to the higher standards. In the light of my response and particularly the assurances I have given about the action that has already been undertaken, I hope that the noble Lord will feel able to withdraw the amendment.