UK data breach leads to review of other databases
- 27 November, 2007 06:33
The schools secretary, Ed Balls, has ordered an independent assessment of security for the ContactPoint database that is set to hold the details of every child from birth.
Balls announced the review in the wake of the HM Revenue and Customs (HMRC) data loss debacle that has seen details of 25 million people, held on two CDs, lost in transit between HMRC and the National Audit Office.
The HMRC data security breach -- Britain's biggest -- emerged on the same day that a report by the government's own children's rights director, Roger Morgan, revealed that a survey of children had found most were worried about the safety of information on the ContactPoint database.
ContactPoint will contain basic identifying information about all children in England from birth until age 18, along with contact details for their parents or carers and for professionals providing support services to them.
The establishment of the £224 million (AU$530.5 million) database follows a key recommendation of Lord Laming's inquiry into the brutal treatment and murder of eight-year-old Victoria Climbie in 2000.
But the project had already raised security concerns before the HMRC data fiasco, because of the number of people who are expected to have access to ContactPoint data -- more than 330,000 education, health, social care and youth justice professionals.
Earlier this month, information commissioner Richard Thomas included ContactPoint in a list of government projects that threatened individuals' data protection rights.
Morgan's report -- with the project-friendly title Making ContactPoint Work -- is based on a survey and discussion group with a total of 62 children in care, with foster parents, in residential schools or in receipt of other social services.
Concerns about the safety of the data were a key issue for the vast majority of those surveyed. Children felt that "eventually, the system would either break down, or its security would be breached" and that staff with access to the database could hand their passwords and electronic security tags to others.
Morgan said: "The children have told me that they are concerned about the safety of ContactPoint. Children want to be assured that their information will remain safe and confidential and have asked specifically that the government will never in the future put a child's photograph or telephone number on the database."
There would "always be a need to keep security under review, as the repercussions of information falling into the wrong hands could be extremely dangerous," he added.
A spokesperson for the Department for Children, Schools and Families (DCSF) said: "We are fully committed to the Contact Point program."
The announcement of who would carry out the independent security assessment would be made "as soon as possible," she added.
Ed Balls had also asked DCSF permanent secretary David Bell to conduct an immediate assessment of how personal data was stored and protected across the department. Bell had reported back within 24 hours "to confirm the department was confident that we have very robust procedures in place," the spokesperson said.