This is the Lord Chancellor's Department analysis of responses to the consultation contained within the report, Privacy and Data-sharing: the way forward for public services. The report was produced by the Performance and Innovation Unit (PIU) of the Cabinet Office. This unit is now called the Strategy Unit.
It covers:-
the background to the report
a summary of responses to the report
respondents' comments on specific recommendations in the report
the next steps following this consultation.
Further copies of this post-consultation report can be obtained by contacting the Business Support Team at the address given below:
Carl Pencil
Lord Chancellor's Department
Privacy and Data-sharing Division
Floor 4
MWB Business Exchange
10 Greycoat Place
SW1P 1SB
Telephone: 020 7960 6520
E-mail: Carl Pencil
The PIU report "Privacy and Data-sharing: the way forward for public services"" was published on 11 April 2002. The twin objectives of the report are to improve public services through better use of personal data, and to secure public trust in the handling of personal data by safeguarding personal privacy.
Responses were specifically sought on 3 of the 25 recommendations contained within the report.
The recommendations which were subject to consultation were:-
Suggested the development and adoption of a Public Services Trust Charter for the handling of personal information by public services.
| Recommendation 1: A draft Public Services Trust Charter is published here for consultation. The Charter sets out the guiding principles and key commitments made to the citizen in protecting their privacy and personal data in their interactions with public services. All public sector organisations should look to embody these principles in service-level privacy statements describing precisely in each case how personal information will be shared in support of service delivery or research and evaluation, and how individuals can get access to their personal data. In turn, these privacy statements will be key instruments to help inform the public and secure consent where information is shared to support delivery of public services. They must therefore be easily and readily available to the public, where appropriate at physical outlets and Web sites. To ensure implementation of these privacy principles and undertakings, each service-level privacy statement will need to be embodied in working-level codes of practice and information-sharing protocols, themselves underpinned by management guidance. These should also be made publicly available. |
Invited comments on the merits of introducing legislation to enable public bodies to share information with the consent of the data subject.
| Recommendation 24: |
Asked consultees to consider the establishment of data-sharing gateways through secondary legislation. This would include gateways for data-sharing without consent in specified circumstances and subject to a codified list of safeguards and adequate Parliamentary scrutiny.
| Recommendation 25: |
Recommendations 24 and 25 proposed that the government should consult on any changes to legislation.
A list of the respondents is at Annex A. For reasons of confidentiality comments or opinions referred to in the body of this analysis are not attributed to individuals or organisations unless these respondents have given their consent.
A total of 60 responses to the consultation paper were received. Of the 60 respondents listed in the Annex A, 18 responses came from local government and 11 from private companies. Figure 1 illustrates the backgrounds of those who responded.
Although responses were only sought on 3 of the 25 recommendations contained within the report, many respondents also commented on the other 23 proposals. Therefore a summary of these remarks is included in this response document.
Not all respondents commented on recommendations 1, 24 and 25. These were the recommendations which were the sole subject of the consultation. 43% of respondents commented on the Public Services Trust Charter (Recommendation 1). Of those just over 88% agreed with the idea of a Public Services Trust Charter. 83% of respondents commented on the proposal to consult on legislation to allow public bodies to data share and to create data-sharing gateways (Recommendations 24 and 25). Comments on recommendation 24 and 25 were not easily categorised as positive or negative. The section in this response document on responses to specific questions (page 14) goes into more detail on recommendations 1, 24 and 25.
A list of recommendations 1-25 is at Annex B.
Recommendations 2 to 6 proposed a range of changes to the procedures public sector bodies follow when handling personal information about individuals. These recommendations focused on improving face-to-face customer interaction and ensuring that customers are confident about how their personal information is handled. The recommendations included; producing statements on data-sets held and data-sharing practices, improving people's access to their data and producing clear explanations of people's rights over their data, procedures for correcting data and procedures for handling complaints.
7 respondents commented on these proposals. The main area of agreement between respondents was on the phraseology of the recommendations. They were concerned that the recommendations said that public sector bodies need only consider the introduction of these new procedures. Respondents felt strongly that the changes should be mandatory. One probable adverse consequence, if public bodies were not required to adhere to these procedures, was that service managers and data controllers would not treat them seriously as mechanisms for improved accountancy and transparency.
Recommendation 2. One respondent felt that it was not appropriate to add additional statements to the publication schemes that public bodies are currently preparing, as recommendation 2 suggested. They felt that to add additional requirements at this late stage, when public bodies already have to get used to the Freedom of Information requirements, was too onerous a task.
Recommendation 3. One respondent stressed that public bodies should be compelled to produce targets for performance in responding to information requests rather than merely considering it. Another suggested that the targets should be externally approved and validated. One respondent suggested that one way in which the public's access to their personal data could be improved was the reduction or abolition of access charges.
One respondent suggested that in recommendations 3 to 7 the meaning of a "public sector organisation" needed to be explored further as it was not self-evident which organisations this term applied to. The respondent felt that the recommendations should extend to all bodies that have statutory rights to demand information including government agencies, non-departmental public bodies, local authorities and any subcontractors to these organisations.
In relation to recommendations 3 to 7, commentators from the field of business warned against stimulating subject access requests unnecessarily and pointed out that that they take time, effort and resources to deal with.
Recommendations 5 and 6. Commentators felt that it was not enough merely to allow people to correct erroneous information. Instead, where damage is caused by error, they should be entitled to realistic compensation.
Recommendation 7 proposed the introduction of a senior named manager with clear responsibility for the handling of personal information in all public sector organisations. This would replicate the role of Caldicott Guardians in the NHS and social services, throughout public sector bodies.
7 respondents commented on this proposal. They all supported recommendation 7 and felt that it was a positive step. Respondents suggested that, in the short term, the main aspects of such a role should be ensuring that all staff are made aware of their roles and responsibilities when handling personal data.
However, a number of concerns were raised. The key concern was how the introduction of this new function would be resourced. It was suggested that the Caldicott Guardian model would be difficult to replicate across all public bodies if sufficient resources, training and staff management were lacking.
Two respondents said that they were already in the process of implementing recommendation 7. Essex County Council has created a new management post to fulfil this role and to align privacy and data-sharing matters with the Council's e-government action plans. The Aware Project of the Telford and Wrekin Partnership has already benefited from the expertise of Caldicott Guardians in the Health and Social Services agencies. In light of this, other agencies within the Aware Project have agreed to create similar non-statutory guardians.
Recommendation 8 states that the Information Commissioner should continue, and expand, activities to promote public understanding and awareness of their rights and obligations. 4 respondents commented on this recommendation and were in favour of it. One point raised was that this recommendation should be explicitly tied to additional funding for the Commissioner's office.
Respondents were positive about the suggestions for improving data accuracy and reliability. 13 respondents commented on recommendation 9, 7 respondents commented on recommendation 10, 6 commented on recommendation 11 and 8 commented on recommendation 12. These figures include respondents who commented on more than one of these recommendations. Recommendations 9 to 12 focused on the need for improved data quality.
Respondents took issue again with the voluntary tone of the proposals, particularly in recommendation 12, and felt that all public bodies should introduce standards for recording common items of data and for labelling data sets. They also commented that those charged with overseeing recommendations 9 to 12 should produce up-to-date, clear time scales for implementation and ensure that they work together and that each area of responsibility complements the others. A strong lead from the centre was identified as crucial to ensure that developments and best practice were translated to consistent action across the public sector.
Two respondents commented in detail on the deficiencies in the way data use was being tackled. In particular, they felt strongly that too much reliance was being placed on having accurate and reliable data. In their opinion, there had not been enough forethought about how this data would then be translated into knowledge on which better service-delivery and policy-making could be predicated. They were keen to stress that data collection, even of accurate data, is not the end product. An essential next step is that it must be analysed for information which can then be interpreted to provide knowledge. One respondent felt that the report was devoid of an overall strategy for analysing data including; who would do this, what tools they would use and what training they would get.
These respondents and others suggested further means for ensuring data-accuracy and reliability. These included:-
data cleansing (especially prior to data being shared or integrated with other sets),
regular checks on data accuracy both by organisations and an independent central body,
using location references to link and check the reliability of shared information.
Respondents commented that the Lord Chancellor's Department should conduct a widespread public consultation on form and content before introducing model data-sharing protocols, codes of practice or an audit methodology.
Respondents commenting on data security were positive about the proposal to match best practice in the private sector. One respondent felt that it was imperative for the public sector to adopt the same security standards as the private sector to ensure commonality of approach so that data-sharing between the public and private sector would be possible.
However, another respondent added to this that consideration should be given to improving on private sector standards and best practice. In effect, to aim for a greater degree of security than exists in the private sector. The respondent recommended this course of action because they believed that, to a certain extent, the public could choose whether or not to provide personal information to private companies but were often compelled to give information to public bodies.
This respondent also believed that there should be an open recognition that no system is ever 100% secure. If this stance is accepted then public bodies should also realise that the more comprehensive a data bank is, or the more links there are to shared data, the more attractive it becomes as a target for misuse of information.
Respondents also suggested further means of ensuring that data remains secure:-
the introduction of biometrics coupled with less reliance on passwords,
systems which are unable to print out sensitive data or which can only print it out in anonymised form,
varying levels of access on a "need-to-know" basis,
publicly accessible audit trails.
Recommendation 18 suggested the appointment of a Chief Knowledge Officer (CKO) to ensure that information management issues were integrated into business planning. Respondents were generally favourable but again, felt that the recommendation should prescribe for the appointment of a CKO rather than allowing public bodies to decide whether to create this position.
In a similar vein, respondents felt that there needed to be more clarity and central decision-making as to when it might not be appropriate to appoint a CKO or when this position could be modified to suit a specific organisation's needs.
One local authority respondent said that it would not always be possible to integrate legal compliance, business planning and IS strategy within one Council.
There were 12 responses commenting on the Analytical Framework. Overall respondents felt that introducing a means of identifying the effect of a proposed initiative on privacy at an early stage and then taking this into account during the decision-making process was a positive step.
However respondents also felt that the Framework should make specific reference to consent or the lack of it as a factor in assessing the impact on privacy of any project.
Respondents felt that a cost-benefit analysis was too simplistic particularly if no detailed guidance on the benefit of privacy was provided. It was also felt that the benefits of privacy were difficult to quantify and that as a result there should be some definite predetermined barriers to data-sharing. In other words, the bottom line should be drawn before any analysis was applied to a project.
One respondent also commented that undertaking a privacy assessment and judging the effect on privacy should not be a task for the officials responsible for carrying forward any given initiative.
30 respondents commented on the recommendation 23 which proposed that the Lord Chancellor's Department should develop guidance on the interpretation of administrative powers and key principles within the Data Protection Act. This is 50% of the respondents and constitutes a higher percentage of the total respondents than those who responded on recommendation 1 (Public Services Trust Charter). Recommendation 1, along with recommendations 24 and 25, was the subject of the consultation. Of these 30 respondents, just over 50% were from local government. Many of these respondents (and others) also addressed the issue of interpretation of existing law in response to recommendations 24 and 25. A breakdown of respondents on this topic is shown below at figure 2.
Specific problems identified by respondents are considered on page 33 in the analysis of responses to recommendation 24. However, respondents were unanimous in calling for greater clarity on the interpretation of the Data Protection Act in relation to local authorities. Respondents felt that prior to any changes being made to the current law to allow for data-sharing, a through review of the practical effect of the existing legal position had to be undertaken and published. This would clarify the extent to which the current legislative framework will allow data-sharing. Any reforms could then build from any lacunae identified.
One respondent suggested that if the guidance were sufficiently clear and robust then this could potentially reduce the extent of any legislation proposed under recommendations 24 and 25. Respondents also asked to be involved in a full public consultation on this issue before a final draft of guidance was published.
Numerous situations where local authorities are unsure of the legal position in relation to their proposed data-sharing plans, examples of which are dealt with in the analysis of responses to recommendation 24, were identified as requiring swift action. Respondents commented that they were "desperate" to improve the way they use personal data to implement the modernising agenda and deliver better services. Respondents to recommendation 23 called for action on this recommendation to be given the highest priority.
Two respondents also expressed concern that local authorities are being encouraged to seek legal advice on data-sharing on a case by case basis and high levels of resources go into analysing the legal issues of each situation.
Although respondents felt that the production of clear guidance on the legal framework for data-sharing was imperative, they also felt that there was a lack of practical guidelines for data protection officers to follow.
1.1 26 of the 60 respondents commented generally on the Public Services Trust Charter. Figure 3 shows the breakdown in organisation type of respondents. Of these 26 respondents, 23 expressed broad support for the concept of a Charter.
1.2 The majority of respondents commented favourably that the Charter would introduce broad, clear and consistent principles across the public sector. Respondents identified that some public bodies were already introducing similar measures to the Charter and protocols in order to comply with the Data Protection Act 1998. In this vein, one respondent supported the Charter if it was intended to replace existing data protection statements but added that they would not be willing to introduce the Charter as an additional source of information for the citizen.
1.3 Two respondents thought that, in subsequent drafts, greater links between the Charter and the underpinning legal framework should be made, either on the face of the document or in the underpinning documentation. Another respondent suggested that the Charter did not fulfil the Data Protection Act fair processing code.
1.4 Respondents generally shared the Government's view that there were two specific benefits from adherence to Charter principles in the future. First, increased public awareness of the principles. This was identified as a factor leading to greater public trust in the way public sector organisations handle personal information. However, one respondent said that the Charter should be more explicit about the benefits to customers of data-sharing. In particular, the respondent felt that the Charter should contain a commitment to share data only where a tangible personal benefit could be demonstrated to the individual or others. A second identified advantage was the establishment of a culture of sound information management across the public sector, using the Charter as a tool.
1.5 The Charter was identified as "only a starting point" which would need to be built on with underlying documentation, management guidance and training. One respondent commented that, "the principles are sufficiently vague not to cause great comment, but also not to provide great comfort". Emphasis was placed on ensuring that the Charter does not become an empty token. To prevent such tokenism it was suggested that adherence to the Charter should be built into officials' job descriptions, reward and penalty structures and into monitoring and accountability systems.
1.6 Some concern was expressed that the Charter created a presumption in favour of data-sharing rather than privacy. This was a view particularly strongly held by respondents in the medical field. These respondents said that the existence of a Charter (and underlying documentation) should never be used as a basis for assuming consent.
1.7 On a practical level, one respondent was particularly concerned that informing patients about how their data would be used within the NHS was a much more onerous task than simply notifying them. And that the current software used by general practitioners did not allow patients to opt out of the system. They also highlighted that this concern was relevant to other public bodies.
1.8 Principles One and Two are linked. Both relate to the issue of consent to data-use and data-sharing. Principle One guarantees that people will be enabled to give their consent, where consent is required, and has at its core the procedures for obtaining consent. Principle Two details instances where data-sharing could be undertaken without the individual's knowledge.
1.9 Six consultees responded on this principle. Figure 4 shows which categories of respondent commented on Principle One.
1.10 Respondents queried whether it would always be possible to obtain consent to data use. The example given was of information obtained through a letter rather than a form, or information obtained from a third party. The means by which personal information is transmitted to an organisation impacts upon the ability of the organisation to enable the individual to consent to data-use and data-sharing. This is particularly so where the individual provides personal information without this being solicited.
1.11 Respondents also felt that requiring "informed consent" for data-sharing within different service-areas of a single local authority would make internal data-sharing very complex. One way of removing this complexity which was suggested by respondents was to allow authorities to state that they would use information provided to them for any of their lawful purposes.
1.12 One respondent raised the question of the duration of consent. They asked whether, and under what circumstances, there should be a set period during which a consent remains valid, such as a number of years. Or whether a renewal of consent would be triggered by a life event. The respondent also questioned whether the duration of a valid consent should differ for different categories of people, and gave the example of minors. The respondent said that consents with an indefinite duration should be considered problematic.
1.13 In a similar vein, one respondent flagged up the fact that if consent is asked for, it must be able to be withdrawn. For this reason, it would be imperative for there to be procedures in place to ensure that all organisations that had received information on the data subject ceased processing it when consent was revoked.
1.14 Eleven respondents commented on Principle Two. Figure 5 shows which categories of respondents responded on this principle.
1.15 There was general consensus amongst respondents that the circumstances in which personal information could be processed without knowledge under the draft Charter were too wide-ranging. One respondent commented that they seemed to represent a service to the government rather than the public.
1.16 Respondents recognised that, with the exception of statistical analysis, the criteria for processing without knowledge were the only criteria given under Article 8(2) of the European Convention on Human Rights, for legitimate interference with the right of the individual to respect for their private and family life. Respondents suggested that a link to Article 8 on the face of the Charter would greatly assist in putting the criteria in context. Generally respondents were in favour of making the connection between existing data protection and human rights law and the Charter absolutely clear in the body of the Charter. One respondent felt that the criteria for processing without knowledge went beyond the current exemptions from the subject information provisions of the Data Protection Act 1998. This respondent highlighted that all processing without knowledge must be consistent with the Data Protection Act 1998.
1.17 One respondent noted that the criteria for processing without knowledge potentially went further than the Article 8(2) Human Rights Act 1998 criteria. By using the words "such as" before the stated occasions when data may be processed without the knowledge of the individual, the Charter indicates that personal information can be used without consent for wider purposes than those listed. As the respondent identified, this suggests that this is not a definitive, exhaustive list of when the state may process information without the knowledge of the data subject.
1.18 Other suggested improvements to Principle Two included, the Charter giving examples of when processing under the criteria might take place and explaining how to challenge a decision to process made under these criteria.
1.19 Those working in the health field were sceptical that the second principle of the Charter would operate to allow the correct balance to be drawn between the twin objectives of the report. There was a feeling that not enough weight was given to consent and that individuals needed to be given a real opportunity to say no to data sharing.
1.20 Another viewpoint was that it would not always be practical to specify all the circumstances when information could be processed without the individual's knowledge. A suggested alternative was that public bodies specify that processing without knowledge would only take place where this was lawful and fair. Again consultees wanted to see examples of such processing included in the Charter. One respondent highlighted that the Data Protection Act provided that the data subject should be provided with information about the purposes of processing "as far as practicable" and that this was recognition that it might not always be possible to provide this information in every instance of processing.
1.21 4 respondents commented on the specific criteria for data-sharing without an individual's knowledge. Their comments may be summarised as follows;
Public safety - this may go beyond what is permitted by existing law.
Statistical analysis - the Charter must make it clear that data for statistical purposes will be anonymised before use. Personal data can only be used for statistical purposes if the data subject has been informed in advance, even if consent is not necessary.
Protection of the economy - too wide without clarification. Not sufficient reason for violating privacy.
Prevention of crime or disorder - this should also include detection of crime. One respondent felt that the prevention of crime and disorder was a legitimate reason for non-consensual processing provided adequate safeguards are in place.
Protection of morals - this is too wide a catchall.
1.22 No responses.
1.23 Three respondents (Local Government, Government Agency and a Professional Body) responded on Principle Four. One respondent felt that the principle would be misleading to the public as it did not take into consideration the capacity for human error and systems failure. The respondent said that this greatly misrepresented the reality of data processing and would have a deleterious effect on public trust in public bodies to handle their personal information with care.
1.24 Another respondent raised the practical issue of creating levels of access for each user of a system on which personal data is processed and when the data is shared. Such a system would operate by ensuring that the level of access for any member of staff is determined beforehand and is appropriate for the requirements of their job.
1.25 One respondent felt that the Charter should state clearly that staff who handle personal information as part of their job have to adhere to relevant legislation. Also that they should be obliged to have a contractual obligation of confidentiality.
1.26 No responses.
1.27 One response to Principle Six suggested that the principle is confusing and that government information is not reliable enough to make a statement of this nature.
1.28 One respondent felt that the commitment to protect information was not explicit enough on how this would occur. They suggested the addition of a statement to the effect that organisations would put appropriate safeguards and systems in place, in order to make this principle a reality.
1.29 Six respondents commented on this principle. Figure 6 shows the breakdown in organisation type of respondents. Most mentioned subject access under the Data Protection Act 1998. One respondent felt that the links to the Data Protection Act 1998 must be made clear in the Charter. They also commented that it was not appropriate to qualify the provision of information in the Charter with the words "normally provided". They felt that all circumstances in which personal information would not be provided on request would have to be permitted by the Data Protection Act 1998 or mirror the European Convention on Human Rights. Similarly the idea of providing information "on request" should be linked to the 1998 Act requirement to provide information within forty days of the request. This would ensure that people did not assume that all information requested would be dispatched immediately.
1.30 Respondents also commented on the issue of charging for the provision of personal information. However, there was no consensus on this. One respondent felt that the £10 fee under section 7 had been eroded by inflation while another felt that the current charging system deterred people from making subject access requests. One respondent also felt that this principle could stimulate unnecessary subject access requests. As subject access requests are costly to deal with, prompting individuals to make them was considered a bad idea by this respondent.
1.31 6 respondents commented on principles nine and ten. Figure 7 shows the breakdown in organisation type for respondents. There was agreement that the public should be able to check and correct their information. One respondent felt that once an individual had consented to a specific use of information they should not need to spend time correcting errors in the files of a third party public body.
1.32 Respondents also said that correction of incorrect data was not enough. Remedies for failures to process in line with the Charter and realistic compensation, where errors are made and damage ensures, should be taken into account in the Charter.
1.33 Thirteen respondents suggested areas where the Charter could be improved upon by removing or adding statements or principles. Figure 8 shows the breakdown in organisation type for respondents who suggested further principles to be included in the Charter.
1.34 Three respondents (Professional Body, Local Authority and Private Company) felt that the application of the Charter principles to just "some" paper records as opposed to all electronic records drew an unnecessary distinction between these two means of holding information. In particular respondents said that if records are to be excluded they must be specified in public documentation and the exceptions must be consistent with the Data Protection Act exemptions.
1.35 One of the key areas which respondents wished to highlight as requiring review and further work was the issue of consent, in particular the means for establishing consent. A variety of comments on consent were made, most of a precautionary nature.
1.36 First, that it is not enough to describe the purpose for data processing, individuals need to be told the risks involved in processing, otherwise they will not be able to give "informed consent" under the first Data Protection Principle.
1.37 Secondly, respondents felt that where data was used without consent, there should be a general presumption that consent would subsequently be obtained. Also, that in circumstances where consent to processing was not obtained there should be an overseeing public body to approve this processing and maintain a constant check.
1.38 Furthermore, in relation to the sharing of data about young people, children and vulnerable adults, there is a question of at what age, or with what mental capacity individuals can be deemed responsible enough to make a decision about the use of their data. One respondent flagged up the Lord Chancellor's Department consultation on decision-making for people under a disability and felt that the issue of consent should be tied in with this exercise.
1.39 The second point on which respondents agreed was that the Charter should have more visible links to the underpinning legislation and supporting documentation. This was flagged as a positive point that would benefit data protection officers in their day-to-day use of the Charter and supporting framework and also give customers a more detailed and complete picture of how an organisation handles their data. It would be a good way of securing public trust and gaining the confidence of data protection officers. Another suggestion was a mission statement in the Charter saying that the public sector is committed to working within the data protection legislative framework.
1.40 One respondent also felt that there should be greater emphasis on continuous review and consultation built into the Charter.
1.41 Fourteen respondents commented generally on the proposed service-specific privacy statements. Figure 9 shows a breakdown of respondents by organisation type. The responses were generally supportive of the idea of a privacy statement based on a standard model, although one respondent felt that tailoring the documents to fit each organisation's needs would cloud the issue and draw attention away from the law and the concept of one set of standards.
1.42 Three respondents commented on the terminology used in recommendation one, specifically the statement that individual service providers "should" look to having privacy statements. They felt that privacy statements should be required of all public sector organisations and that this should be made clear.
1.43 In addition, one respondent from local government felt that the concept of a "service" in relation to privacy statements needed to be clearly defined. If the definition were to be too narrow this could mean over 100 privacy statements for a single authority, each one relating to a different function undertaken by the authority.
1.44 Two respondents also felt that the timetable for the production of supporting documentation was not conducive to ensuring the success of the initiative. The Charter is to be finalised and individual organisations are expected to produce codes of practice and protocols, with the Lord Chancellor's Department supplying best practice and guidelines. However, the respondents felt that the Charter needed to be grounded in the practical documentation in order to succeed.
1.45 It was also thought that the privacy statements and codes of practice should be developed centrally to reduce the costs and effort, particularly with reference to local government. One respondent suggested production by the Lord Chancellor's Department, another suggested that the Local Government Association (LGA) should publish model documents to ensure there is consistency among local authorities. Another consideration was preventing local authorities from "re-inventing the wheel" and all producing similar documentation but without a co-ordinated approach.
1.46 Moreover, organisations would need to be ready to act on the wishes of customers before putting up a Charter or introducing a privacy statement. This would involve identifying data sets and data flows and training staff on enquiries from the public on any aspect of the Charter framework.
1.47 A number of respondents raised the issue of consistency of privacy statements across the public sector. It was felt that if these were to be developed by individual organisations there was a danger of not providing the level of uniformity necessary for them to operate successfully. One respondent thought that those organisations sharing data with each other needed a greater degree of similitude between their protocols. Otherwise, individuals could find that as their data moved between organisations, with their consent, its status was changed and the data was used in a manner they have not consented to. To combat this eventuality, it was suggested that people needed to be made aware of exactly the level of privacy that would apply throughout the processing of their data.
1.48 Furthermore, respondents thought that there was already a large quantity of privacy statements in the public arena. To this end the development of new statements across the board should focus on eliminating existing confusion and streamlining process rather than adding additional procedures. One respondent felt that the Charter and surrounding documentation were too lengthy and would not fulfil their organisation's plain English requirements.
1.49 Respondents were also keen to re-iterate that links to the Data Protection Act 1998 should be explicit. It was highlighted that statements and protocols cannot be used to circumvent the Data Protection Act and that although protocols could improve administrative arrangements, they would not broaden the scope of permissible data-sharing. One respondent felt that it was not sufficient for organisations simply to "publish" privacy statements. Rather they must make the statements available to individuals in an appropriate manner before the data is collected. This was considered a much more onerous task than simply publishing statements on the web or for public consumption.
1.50 No responses
1.51 One respondent felt that a simple list of justifications for data-sharing should be compiled. It was not clear whether this was intended to be a definitive list or a guide to completing this area of the privacy statement.
1.51 No responses
1.52 Two respondents commented on a suitable period for deletion of personal information. One commented that the data subject should be told how long their data was in use up until it was deleted.
1.53 In the field of crime and fraud, one respondent was keen that the data subject should not be made aware of when information on them will be deleted when data are shared for crime or fraud prevention purposes. If the data subject were to be informed, and they were involved in fraud or crime then they would know when it was safe to commit the crime again, with a lower likelihood of being detected. The respondent suggested instead that the Charter should mention Data Protection Principle 5 - personal data should not be kept for longer than is necessary.
1.54 No response or covered elsewhere in this consultation response.
24.1 45 respondents commented on recommendation 24, which proposed that the Government should consult on legislation to enable public bodies to share personal data with the consent of the data subject. Figure 10 illustrates the percentages from each organisation type that responded to recommendation 24. Of these respondents, 23 of the 45 expressed general support for the proposal. However the majority of responses did not categorically express concern or support. Instead they raised questions and highlighted particular areas of interest.
24.2 A number of respondents commented only on the proposal that the Government should consult on this issue. Others explored in greater detail the possible content of the legislation, the issues it should address and the form it should take. Figure 11 shows which aspect of recommendation 24 the 45 respondents to this recommendation commented on.
24.3 Four main areas of interest or concern can be identified from the responses:
consent needs to be explored in more depth, in particular the meaning of "consent" and also the means by which consent is to be obtained;
the vires of local government bodies to share data, both internally and with central government or other branches of local government;
the possibility of the development of a United Kingdom Privacy Act;
the need for further consultation on any legislative proposals and comments on the means of consulting on the PIU report.
24.4 Respondents to the consultation exercise commented on consent in response to many of the recommendations. However, the majority of respondents who commented on recommendation 24 focussed on consent.
24.5 Two main areas of concern were apparent:
What is consent?
What process will be used to ask for consent?
24.6 Respondents thought that a clear concept of consent was lacking and needed to be established, although one respondent elaborated on this by acknowledging that a precise definition would be difficult.
24.7 Respondents said that consent to data-sharing should be specifically stated to be "informed consent" and some explained what this should mean for individuals and organisational procedures. Some of the criteria for informed consent given by respondents were that:
Individuals:
Furthermore respondents felt that data should be anonymised or pseudonymised wherever possible before data-sharing takes place.
24.8 Respondents identified two means of establishing consent. First, on a case-by-case or transactional basis whenever an individual is asked to hand over personal information. The other option would be a "general" consent clause used by organisations specifying that, with the individual's consent they may share information with certain other organisations. However, two respondents commented that asking for consent to data-sharing should not be a "tick box" exercise.
24.9 Respondents identified a number of positive points about the first option. It would give more control over data use to the citizen. Furthermore, it would raise privacy issues at the point of disclosure of information by the citizen and could be seen as creating a climate of transparency. Respondents who commented, generally favoured a case-by-case approach to obtaining consent to data-sharing. The negative side of this option, as identified by one respondent was that it could be time-consuming and costly.
24.10 On the other hand, one respondent suggested that a standard informed consent clause would be useful for ensuring consistency across the board. This was identified as particularly relevant to statistical information. This respondent suggested a monitoring body to check that consent was being obtained in the correct manner.
24.11 Respondents identified some general problem areas surrounding consent. Two respondents highlighted that there are situations where, although consent would be desirable, it may not be practical to obtain it. For example, where the data subject becomes uncontactable. It was suggested that in that instance other pathways, not involving consent, would need to be used to data-share.
24.12 Another respondent drew to attention the fact that if individuals are able to opt-out of data-sharing on a case-by-case basis, then inevitably they will develop complex stipulations as to which of their personal data can be shared, with whom and for what purpose. Organisations would need to be able to accommodate these preferences.
24.13 The question was also raised as to what would happen to data and consent specifications when departments or organisations ceased to exist, merge, or when existing remits and responsibilities are amended.
24.14 14 respondents commented on data-sharing and local government in response to recommendation 24. 10 respondents commented on this topic in response to recommendation 25. Some respondents commented on the situation for local authorities in response to both recommendation 24 and recommendation 25. Of the 20 respondents who commented on local government in response to recommendations 24 and 25, 19 perceived that data-sharing within local government, both inside local authorities, between local authorities and between local authorities and central government was not viable or was problematic at the moment. Figure 12 shows the breakdown of respondents who commented on local government in response to recommendation 24 or 25 (or both) by respondent type.
24.15 The problem identified was that administrative law and the First Data Protection Principle, which specifies that all processing must be fair and lawful, are interpreted to prohibit data-sharing outside the scope of express statutory powers. The issue does not rest on consent because even if local authorities have the consent of individuals to data share, it will still be considered ultra vires.
24.16 6 respondents suggested that the question of vires for local authorities to data share should be addressed separately from data-sharing within central government. Figure 13 shows a breakdown of these respondents by organisation type. These respondents also felt that this issue should be dealt with first, in advance of any work on central government gateways. This was because it was felt that this area needed the most urgent attention and changes would have an immediate effect on service delivery because local authorities are the major holders of public information in the public sector. Two of these respondents also felt that local authority gateways for data-sharing would be more acceptable to the public as they believed that the public were more confident that their privacy would be respected at a local level.
24.17 One respondent also felt that early progress and quick wins could be made by empowering local authorities to share personal information with different departments within the same authority where the data had been collected for different statutory purposes. This suggestion was borne out by comments from other respondents who were finding that their e-government programmes for joined-up service delivery were floundering as they were not able to tackle problems holistically.
24.18 In particular, Worcester County Council has an e-government programme that will deliver services across the county. It will be applicable countywide. However two potential problems have been anticipated:
transfer of change of address data (originally supplied by an individual) from one local authority to another within the programme (or possibly even within different service functions of the same Authority) seems not to be lawful (due to a lack of vires) and therefore does not comply with the first data protection principle;
transfer of data from individual authority databases to a shared database within the 'Hub' itself (which is an aim of the Programme) seems to be unlawful and therefore infringes the first data protection principle.
24.19 A further example, where there is a specific statutory block on data-sharing was given by Shepway District Council which runs a Change of Address Transformation Service (COATS). If an individual notifies the council of a change of address, notification will be sent to any other section of the council who may require it. The council has identified a problem when information is received by the Council Tax department. Under the Local Government Finance Act 1992, distribution of information regarding the change of address is prevented. The Council identified that they would be acting ultra vires in sharing it with other sections of the Council.
24.20 Respondents felt that there should be a single source of powers governing local authority data-sharing. A possible method of achieving this identified by respondents would be to remove the vires problem where condition 1 in Schedule 2 of the Data Protection Act 1998 was satisfied, in other words, the individual consented to the processing in question.
24.21 The benefit of greater data-sharing at the local level would be the ability to create strategic partnerships amongst bodies and authorities to tackle problems which straddle boundaries of responsibility, including social exclusion and regeneration of communities.
24.22 The question of operating outside traditional departmental barriers was touched upon by two consultees who felt the public did not see government departments as distinct entities but as a singular organisation authorised to serve citizens.
24.23 In a similar vein, one cautionary note touched upon by a number of consultees was that many existing barriers to data-sharing could be as much linked to internal culture and policy issues as to uncertainty in the legal framework.
24.24 3 respondents (1 Professional Body and Two from Local Government) suggested that the current legal framework was too complex and that the lack of a solid legal right to privacy or Privacy Act was problematic. It was felt that this legislative lacuna would jeopardise implementation of the Data Protection Act 1998, Human Rights Act 1998 and Freedom of Information Act 2000. One outcome of this would be confusion amongst the public as to their rights and responsibilities, leading to a lack of public trust in the government's ability to handle their personal information with due care.
24.25 All respondents who commented on the proposal to consult on legislation for data-sharing with consent felt that full public consultation should be a prerequisite for the introduction of such legislation. In this vein, two respondents felt that views had not been sufficiently canvassed in the current consultation exercise. Respondents also felt that concrete proposals had to be offered for public scrutiny.
24.26 There was a divergence of opinion on how detailed consultation on possible future legislation should be. One respondent who commented on the need for legislation to empower local government bodies to share personal information felt that this it was urgent to undertake consultation as soon as possible with legislation following at the earliest opportunity. The majority of respondents felt that a full public consultation should be over a lengthy time period and give sufficient time for the proposals to be considered and for the respondents to comment in detail.
25.1 The majority of respondents who commented on recommendation 24 also commented on recommendation 25 which suggested that data-sharing gateways should be established via secondary legislation for data-sharing without consent. This was proposed to be subject to a codified list of tangible safeguards and Parliamentary scrutiny.
25.2 Opinions were divided as to whether data-sharing without consent would be a legitimate activity to pursue by legislation of any kind. There was general support for a further consultation exercise once specific proposals are drawn up, as was indicated for recommendation 24. Those working in the field of health dealing with personal patient information were most vociferous in their condemnation of any moves to increase data-sharing without consent, although they focussed solely on their own area.
25.3 Respondents working in the areas of fraud and crime prevention and detection pinpointed areas where data-sharing without consent would enable them to work more effectively. Similarly, a number of respondents identified particular instances where data-sharing without consent might be appropriate.
25.4 Two respondents in the fraud prevention sector identified a need for data-sharing between the private and public sector in their line of work. They suggested that under the current legislation, the private sector face heavy costs to comply with the Freedom of Information Act 2000 and the Human Rights Act 1998 if they want to share data with the public sector. It was suggested that the benefits of fraud are often channelled into more serious crime and that in order to tackle both successfully there needs to be intra-sector co-operation. If not, one respondent said that crime would simply be displaced from one sector to the other.
25.5 Another area which was flagged as appropriate for data-sharing without consent was data matching in relation to debt recovery. It was highlighted that individuals who owed money would often refuse to consent to matching for this purpose but that public finance would benefit from opening this up as an option. Whilst it was important to allow local authorities to share personal information with the consent of the individual, in the narrow context of data-sharing for debt recovery, the current difficulties would remain if consent were to remain as the key to data-matching.
25.6 7 local authority respondents also flagged up data-sharing without consent as a useful tool to bring empty properties back in to use where it proves impossible to locate owners or previous owners or where the data subject is trying to evade the Council in question. These respondents felt that government should be looking to enable a free flow of information on the ownership of empty homes through all relevant public sector departments. It was suggested that if this were not possible, empty property strategies would never progress successfully.
25.7 Respondents acknowledged that where data-sharing was undertaken without consent a great deal of energy would need to be directed towards gaining the trust and confidence of citizens that such action would be in the public interest and that safeguards would be respected.
25.8 One respondent also highlighted that proposals to share without consent would need a strong public interest justification with full and proper consideration of whether a legitimate aim under article 8(2) of the European Convention on Human Rights was being pursued and whether the aim could be achieved by a method which is less intrusive of privacy.
25.9 Respondents who were averse to, or sceptical about, data-sharing without consent felt that the case for this course of action had not been adequately argued. It would be important to be absolutely clear about the reasons why it was not possible to obtain consent in any situation before legislation was introduced. In particular, extensive explanation and debate needed to be directed at identifying whether, and in what specific circumstances, data-sharing without consent would be necessary. The emphasis should also be on the safeguards that would be put in place. Furthermore, data-controllers should be required to identify and keep under constant check circumstances in which they could move to a position of informed consent for data-sharing.
25.10 Three respondents from the field of health expressed great concern at any proposals to data-share without consent in their area and felt that any move to share patient information without their consent would undermine the commitment to putting patients' rights to privacy at the heart of NHS care. They felt that section 60 of the Health and Social Care Act 2001 already provided adequate means to share information without consent for research, education and public health work and that there could be no other reasons for sharing patient data without consent.
25.11 Respondents also pointed out that to use section 60 organisations would need to justify their requirement by going through a rigorous approvals process to be overseen by the Patient Information Advisory Group (PIAG), an independent statutory body. Respondents felt that a similar body could be established to approve and oversee data-sharing without consent outside the health field.
25.12 Respondents identified a number of additional safeguards where data-sharing without consent is proposed.
A judge or other similar authority with complete independence from the organisations who want to share data should have the final say. This is particularly true where the information has been given in confidence.
Use of an Analytical Framework to ensure consistency of decision-making.
A mandatory internal Code of Practice with standard internal sanctions for abuse.
Information Commissioner to be given a prominent role in enforcing any legal safeguards and also to introduce a whistle blowing regime to be instigated when data is used inappropriately.
25.13 7 respondents commented on whether secondary legislation was the right vehicle for creation of the suggested gateways for data-sharing without consent. Figure 14 shows the breakdown of respondents by organisation type. 5 of these respondents felt strongly that secondary legislation should not be considered and that any changes to data-sharing gateways should be laid down in primary legislation and subject to the full scrutiny of Parliament.
25.14 While there was recognition that the report suggested safeguards to be applied to secondary legislation and consultees acknowledged that there was pressure on Parliamentary time the following concerns remained;
secondary legislation does not enhance public trust,
a piecemeal approach would backfire,
a full debate is required if further powers to share information are to be conferred on officials,
secondary legislation on this subject might not be compatible with Article 8 of the European Convention on Human Rights.
25.15 One respondent felt that prior to introduction of any secondary legislation there should be a requirement for ministerial consultation with the Information Commissioner and that the Lord Chancellor's Department should consult on the proposed legislation. They also felt that before such a scheme came into force the following safeguards should be considered;
requirement for prior authorisation by the Information Commissioner before commencement of any particular scheme;
requirement for an authority to publicly state which data sharing powers it may at any time be relying on, and in relation to which operations it relies on such powers;
requirement for such information to be included within a local authority's Community Strategy or similar document;
requirement for relevant data sharing protocols and codes of practice to be drawn up;
requirement for such protocols and codes of practice to be lodged with the Information Commission;
further requirements for such protocols and codes of practice to be made publicly available and accessible;
requirement for authorities to comply with or have due regard to further guidance issued by way of circular or otherwise by relevant government departments.
25.16 One respondent who expressed no strong preference for the format of legislation suggested that continuous and full scrutiny of any legislation ensuing from consultation should be put in place.
25.17 The majority of respondents felt that further detailed consultation was required on all three of the proposals for consultation and that the maximum possible number of safeguards against abuse should be put in place.
The Government is grateful to those individuals and organisations who responded to the consultation. However, the very small scale of response on what is such an important issue, which directly impacts on everyone in society, is disappointing. In addition, over 50% of the responses came from the public sector - central government departments and agencies and local government - many of whom had the opportunity to feed into the development of the PIU report. As a result, the consultation has not exposed any significant new information or lines of argument. In addition, the very low level of response from individuals (just 3 out of 60 responses) has made it impossible to gauge informed public reaction to the proposals. In particular, it has not been possible to assess the extent to which those elements aimed at enhancing individual privacy will succeed in building the necessary levels of trust and confidence in public sector use of data. Similarly, the proposals for legislation to enable data sharing attracted comment mostly from public sector bodies, and so provided little evidence of public reaction.
Regardless of the reasons for the poor level of response, we have to conclude that the result of the consultation cannot confidently be used as a firm basis for taking forward policy.
The Government therefore intends to test public reaction in this area further. Building on consultation responses received, together with further discussions with responders and other stakeholders, we will revise the Public Service Trust Charter. When that work has been completed, there will be a further round of consultation, specifically targeted on the revised Charter and model supporting documentation - service specific privacy statements, codes of practice and data sharing protocols.
The further consultation on a revised Charter will take place alongside a series of public meetings, which are aimed at engaging public interest in the issues around privacy and data sharing more widely. They will also provide the opportunity to gain a better picture of public reaction to the Charter approach and principles, one not reliant on formal written responses to a consultation document.
The responses to the PIU report have also highlighted the need for a better understanding on the part of public sector bodies of how the various elements, particularly legislative, interact to either enable or create barriers to data sharing. Recommendation 23 of the PIU report charges the Lord Chancellor's Department with taking this work forward. Priority will be given to producing guidance in the local authority area, where there is the greatest uncertainty, and also among the greatest potential for realising the benefits of data sharing.
Professor Allan J. Brimicombe University of East London
Professor Charles D. Raab University of Edinburgh
Improvement and Development Agency for Local Government (IdeA)
Environment Agency
Society of Information Technology Management
Financial Services Authority
Office for National Statistics
Public Audit Forum
Local Government Association
Passport and Records Agency
Department of Education and Skills
Office of the Deputy Prime Minister
Scottish Executive
Scottish Executive Legal & Parliamentary Services
Department of Health & Members of P.I.A.G.
Ordinance Survey
3 individuals responded.
Nabarro Nathanson Solicitors
Renfrewshire Council (Corporate Services)
Leeds City Council
Dover District Council (Environmental Health)
Cambridgeshire County Council
South Holland District Council
Essex County Council
Northampton Borough Council
Warwick District Council
London Borough of Hammersmith & Fulham
Worcester County Council
Shepway District Council - Civic Centre
Ipswich Borough Council
London Borough of Lambeth
Surrey County Council (Legal Services)
Gateshead Council Civic Centre
Association of Community Health Councils
Swindon Borough Council
Seven Oaks District Council
Metra Martech
TVC (UK) Limited
Collections (Europe) National Australia Group
QCI Assessment Limited
Infoshare Limited
C.I.F.A.S.
Professional Service Centre Limited
Telford and Wrekin Partnership
Probex Services Limited
Edentity Limited
Chichester Road Surgery
Association for Payment Clearing Services
National Association of Data Protection Officers
The European Information Society Group
British Medical Association
Law Society
Liberty
National Housing Federation
C.B.I.
General Medical Council
National Association of Empty Property Practitioners
National Consumer Council
| Recommendation |
Lead Responsibility |
|
| 1. | A draft Public Services Trust Charter is published here for consultation. The Charter sets out the guiding principles and key commitments made to the citizen in protecting their privacy and personal data in their interactions with public services. All public sector organisations should look to embody these principles in service-level privacy statements describing precisely in each case how personal information will be shared in support of service delivery or research and evaluation, and how individuals can get access to their personal data. In turn, these privacy statements will be key instruments to help inform the public and secure consent where information is shared to support delivery of public services. They must therefore be easily and readily available to the public, where appropriate at physical outlets and Web sites. To ensure implementation of these privacy principles and undertakings, each service-level privacy statement will need to be embodied in working-level codes of practice and information-sharing protocols, themselves underpinned by management guidance. These should also be made publicly available. |
The Lord Chancellor's Department (LCD) should lead consultation and subsequent development and adoption of the Public Services Trust Charter. Service-specific statements will be the ultimate responsibility of individual public bodies, building on LCD's work and identified best practice. Lower-level documentation - Codes of Practice, Management Guidance and data-sharing protocols - are for individual service providers to resolve, building on established good practice. |
| 2. | In order to provide better information to the public on information held by public services, those public bodies covered by the Freedom of Information Act should consider publishing a statement on sets of data held and data-sharing practices as part of the Publication Schemes which public sector bodies are required to publish under the Act. |
Publication Schemes are the responsibility of individual service providers, although much of the information will already appear in Information Asset Registers and, as such, could be easily replicated. |
| 3. | Public service providers should consider ways to improve the public's access to their personal data. As part of this, they should also consider setting clear targets for performance, which should ensure steady improvements against the statutory target for response to information requests, and monitoring performance against these targets. |
Internal subject access - and less formal access - procedures are the responsibility of individual service providers. |
| 4. | Public sector organisations should develop clear explanations of the public's right to access personal data and of access request procedures. This should include a clear point of contact. The information should be provided to customers at point of service, whether on Web sites or in other publications. |
Information on specific services will be for the relevant public body to produce, but LCD should also develop model publications and build up a 'library' of good practice. |
| 5. | Public sector bodies should examine existing procedures to enable the public to correct their personal information to identify whether procedures can be simplified and improved. They should also consider setting targets for response, and monitoring and publishing performance data. |
Procedures are the responsibility of individual public bodies, but LCD should also look to monitor performance and share best practice. |
| 6. | The public should have access to quick and efficient procedures for dealing with complaints about the handling of personal information. Public service providers should therefore consider improvements to existing complaints procedures and new mechanisms for dealing with complaints, including an examination of the potential for adopting Alternative Dispute Resolution procedures. |
Internal complaints procedures are the responsibility of individual public bodies, although LCD will need to share best practice. |
| 7. | All public sector organisations should have a named senior manager with clear responsibility for the handling of personal information. They should also have a clear first point of contact for members of the public on personal data issues. Internal measures to identify and sanction staff for misuse of personal data should be reviewed. |
Identifying and publicising these roles will be the responsibility of individual organisations. Once identified, these senior managers should work with Personnel Units to review internal sanctions for misuse of data. |
| 8. | The Information Commissioner should continue and expand current activities to promote public understanding and awareness of their rights and obligations. Public services should also promote greater understanding through plain language explanations of DPA and FoI. |
The Information Commissioner has a separate, ongoing role to ensure the public are aware of legal provisions and their rights. Publications are produced by individual organisations, although from time to time central guidance may be issued. |
| 9. | To improve the accuracy of data, and reduce the potential for mistakes or inappropriate use when data are shared, public services should consider introducing standards for recording common items of data and for labelling data sets (in terms of their purpose, scope and limitations). A simple quality field in which key quality measures are recorded should be included, where appropriate. As part of this, the Office of the E-Envoy should continue to give high priority to progressing the development and implementation of the Data Standards Catalogue of standardised data fields, giving emphasis in the work to those most commonly used and of most value to data-sharing, such as name and address. This should draw upon the data quality work done by ONS. The Office of the e-Envoy should also continue to give high priority to driving forward the implementation of its recently published metadata standards. |
The Office of the e-Envoy is leading work on standards and metadata. ONS and PRO have also completed important work in this area, and it will be important for public services to draw on their expertise. |
| 10. | To encourage widespread adoption of such standards, the Lord Chancellor's Department, working in conjunction with the Public Record Office, should facilitate development and dissemination of model data-sharing protocols and codes of practice as a resource to public sector organisations. This work will need to draw on a wider understanding of the overall information architecture of government, which maps the creation, flows and uses of information sets, establishes criteria for its sharing, retention and disposal, and allocates responsibilities for sustaining access, quality, reliability and safe-keeping. |
The Lord Chancellor's Department will take the strategic lead for this work, working in conjunction with the Public Record Office (PRO) and ensuring that the results can be accessed easily by all public bodies. |
| 11. | Methods for measuring data accuracy and reliability for privacy and data-sharing purposes should be developed to enable public sector organisations to assess their performance and benchmark against others. The Lord Chancellor's Department should draw on and integrate the work already being done in ONS, NAO and the Information Commissioner's Office to develop a body of knowledge and a set of agreed methodologies for measuring and improving data quality. |
The Office of National Statistics will need to lead this work, building on the expertise and work already completed by the National Audit Office and the Information Commissioner. |
| 12. | Internal and external audits should be used across the public sector to improve data accuracy and reliability. Using the Information Commissioner's data protection audit manual as a starting point, the Lord Chancellor's Department should draw together the strands of work in the public sector to develop a data quality audit methodology. When developing new data-sharing proposals, public services should consider using the audit methodology as a diagnostic tool on order to assess the quality of the data in question. Public service providers should also consider whether the results of data quality audits, as part of an overall assessment of fitness for purpose, should be included in any consultation on new data-sharing proposals. As progress is made in implementing the strategy outlined in this report, public audit bodies should also consider giving more attention to information management issues in the public sector, adopting an agreed audit methodology for information management studies they undertake, and publishing data quality measures. |
LCD, working in partnership with the Office of National Statistics and the Public Records Office should lead work on developing an audit methodology, building in legal admissibility requirements as necessary. Individual organisations will need to consider including audit outcomes in consultation on a case by case basis. Public Audit bodies will need to consider how they approach information management issues in their work. |
| 13. | The public sector should at least match best practice in the private sector for information security. As part of this, the ISO17799 standard and its associated processes should be adopted across the public sector to provide privacy safeguards. The Office of the e-Envoy and the Communications-Electronic Security Group should continue to actively monitor the development of new technologies and safeguards which could enhance the protection of personal data, building on the existing Security Framework and the e-Government Interoperability Framework. |
Central government is already committed to achieving ISO17799 accreditation. The wider public sector should also consider adopting this standard. The Office of the e-Envoy and the Communications Electronic Security Group should also continue to monitor developments in this field. |
| 14. | Public sector organisations should require information and records management systems to support best practice in ensuring internal security against possible misuse of personal data, and in managing and controlling access to that data. They should ensure that personal data are held in systems which follow best practice in managing access to information held in the system, and in providing audit trails which record information about who has accessed, or carried out operations on the data. These principles should be applied to new system design. |
Design, development and implementation of new systems will be for contracting organisations to consider. However, there is also a role for the Public Record Office, Office of the e-Envoy and the Office of Government Commerce in developing best practice and guidance for procuring agencies. |
| 15. | The Government should give further consideration to the broader issues of identification and entitlement to services in the round. |
The Home Office should lead this review, in partnership with the Cabinet Office and other interested stakeholders. |
| 16. | Government should develop a programme of smart card demonstration pilots in specific service areas, in line with the Framework being developed by the Office of the e-Envoy - including consideration of the importance of giving card holders access to the data held on the card. The Office of the e-Envoy should work with service providers to ensure that a sufficiently broad range of markets and functions are tested and to ensure that interoperability is a key component of system design. This will increasingly allow citizens to make their own choices on what information - covering both the public and private sectors - they carry on their smart cards. |
Office of the e-Envoy, working with public sector organisations. |
| 17. | Authentication technologies have the potential to enable public services to provide high levels of security for personal information and to ensure accurate electronic identification and authentication - which in turn will facilitate the realisation of consumer benefits in public services. Given the relatively slow pace of private and public sector development of these tools, the e-Envoy should assess the costs and benefits of increased Government involvement in the development of authentication technologies. Potentially, a series of significant public sector pilots - for instance, giving civil servants a smart card or similar device that could be used to create digital signatures at work and which could be taken home for the same purpose in their life outside work - could encourage swifter development of consumer tools. These pilots could test the functionality and infrastructure necessary, and encourage interoperability with the private sector. |
Office of the e-Envoy. |
| 18. | Public service bodies should consider integrating the functions set out in Box 9.2, including through an evaluation of the appointment of a Board level Chief Knowledge Officer as a means to ensure integration of information issues into decision making processes. Ideally, Chief Knowledge Officers would be responsible for integrating, over time, the disparate functions of legislative compliance and business planning. |
Individual organisations will need to review existing information management structures in order to assess their own need for integration. |
| 19. | To promote more consistent decision-making across public services on privacy and data-sharing issues, the Privacy and Data Use Analytical Framework should be adopted by public sector organisations. Where appropriate, organisations should use the Framework and other tools, such as Privacy Impact Assessments, to initiate an open dialogue with the public and with stakeholders around new data-sharing initiatives. |
The Lord Chancellor's Department should facilitate implementation of the Framework. |
| 20. | To ensure effective co-ordination of the strategy, the Lord Chancellor's Department should take overall responsibility for championing and overseeing implementation of the conclusions of this report - supported by the relevant organisations in specific fields (e.g. IDeA). It should provide a capacity to assist Departments and other public sector organisations in modernising their information management strategies, facilitate resolution of inter-departmental issues, and build links with existing initiatives in electronic government and the overall modernisation of public services as described above. This will also enable greater alignment of data-sharing policy with policy on data protection. |
This will be ongoing work for the Lord Chancellor's Department. |
| 21. | To ensure better training for information management professionals, the Centre for Management and Policy Studies, working with training partners and drawing on best practice standards and guidance from, for example, the Public Record Office, should develop a series of training and education programmes for public sector officials involved in data-sharing and information management. |
The Centre for Management and Policy Studies which also has responsibility for the Civil Service College, should lead this work, building on courses already available and expertise in other organisations, such as the PRO. |
| 22. | Departments should consider how initiatives to support better data use can be mainstreamed within their existing financial plans and those that will be set as part of the 2002 Spending Review, building on e-business action plans as appropriate. In addition, e-business action plans - as part of wider business design - should address the issues of privacy protection and better use of data. |
Financial planning is the ultimate responsibility of individual public services. The Office of the e-Envoy will have a role with regard to e-business action plans. Broad criteria for good information management should also be applied at all assessment points, such as OGC gateway reviews. |
| 23. | The Lord Chancellor's Department should develop guidance on the interpretation of administrative powers and the key principles within the Data Protection Act with regard to how data-sharing can and should operate within the existing legal framework. |
The Lord Chancellor's Department, working in partnership with other interested stakeholders, should lead this work, taking ownership of the guidance and ensuring it is widely available. |
| 24. | The Government should consult on the introduction of legislation to enable public bodies to share personal data with the consent of the data subject. This power would need to operate without prejudice to existing data-sharing gateways and practices. |
The Lord Chancellor's Department, which has policy responsibility for data protection, should lead this consultation. |
| 25. | The Government should consult on change to enable data-sharing gateways to be established via secondary legislation, subject to a codified list of tangible safeguards and adequate Parliamentary scrutiny. |