Data Protection: A new dialogue - Speech by Michael Wills

08 December 2009

Justice Minister Michael Wills has given a speech on data protection in the public sector, and responded to a report on the database state.

Minister of State Michael Wills MP:

Technology has always driven change in human society: enriching, empowering, destabilising change. Stone tools, fire, the printing press, steam engines, railways, telegraph, personal computing: the history of humankind has been shaped by technological change. But the revolution in information technologies is unique in the speed of the changes it has engineered. It took generations and centuries for previous technological revolutions to transform the way people live. The information revolution is taking just years and sometimes even months.

This revolution, like those that went before it, is creating exciting new opportunities. New businesses and industries have sprung up, existing businesses and industries have been transformed and democratic politics revolutionised. But the speed of change has also created new challenges, including the difficulty that institutions in both the private and public sector have experienced in ensuring that their systems of governance keep pace with technological transformation.

Nowhere has this tension between opportunity and challenge been more apparent than in the delivery of public services. Databases lie at the heart of this revolution. They offer the opportunity to improve dramatically the efficiency and responsiveness of public services. Take the Tell Us Once project, for example. A birth or death can have an impact on up to 24 different benefits or services delivered by 433 local authorities and central government departments. To expect people at a time of such importance in their lives to jump through such bureaucratic hoops is stressful, inefficient and insensitive. So this pathfinder project has joined up a range of services, allowing citizens to inform government of a birth or death just once. The pilot has proved to be highly popular with 99% satisfaction ratings and a national roll-out would bring benefits estimated at over £260 million.

But equally, the increasing sophistication of data management has sparked serious public concern about privacy and civil liberties, most acutely over the measures government takes to protect its citizens. Go onto Google UK and search for ‘UK government big brother state’ and you get one and a half million entries.

This tension is serious, complex and inescapable.

In modern democracies there will always be a struggle between those two fundamental imperatives of liberty and security. This country has a proud record in human rights. This government is proud of the fact that we brought in the Human Rights Act to entrench those rights in British courts. However, the most fundamental right of all is the right to life and government must fulfil its duty to the people it serves by protecting that right for everyone. How to strike the right balance between the need to protect the public, everyone, from the real threat posed by crime and terrorism and the need to protect the civil liberties of every individual – that is a problem that confronts government every day.

Of course, the power of the state to provide security for its citizens and protect the weak and vulnerable should never be used as an excuse for the political aggrandisement of power. But it’s not easy to strike a balance between what the public demand from government in delivering security and services, and what they see as unacceptable behaviour.

The data sharing by public bodies, for example, that some see as an unacceptable intrusion on privacy by the state, can help ensure that every child entitled to get free school meals does get them – and there are thousands of children who currently don’t – and all those eligible to vote can be registered to vote – and there are currently three million who aren't. The CCTV that some argue is creating a ‘surveillance state’ is also seen by many who suffer from antisocial behaviour as a vital protection against thugs ruining their lives. Hardly any of my constituents have written to me complaining about the surveillance state. Hundreds have written demanding CCTV in their neighbourhood.

Reconciling the different goods of liberty and security and opportunity, which all speak different languages, is never easy. The only way that it can be done is through democratic discourse, rational and mutually respectful discourse, wary of anyone, on any side of the debate, who claims a monopoly of wisdom. These issues are complex and difficult and resolving them will require intellectual rigour, a willingness to learn from experience and to engage continually with alternative points of view. Only through such a democratic iterative process can we hope as a society to resolve this issue satisfactorily.

Sadly, such a rational, respectful discourse, so essential to the creation of public policy on this crucial issue, has been largely absent in recent years, replaced all too often by reciprocal caricaturing and stereotyping, with understanding and respect all too seldom present. And this matters. The removal of nuance destroys meaning. George Orwell knew that. In 1984, ‘Newspeak’ is a vital weapon for the totalitarian state precisely because it removes nuance. ‘The whole aim of Newspeak’, Syme tells Winston, ‘is to narrow the range of thought’.

Government must take its share of the blame for this failure of discourse. Too often, we have been overly defensive and dismissive of criticism. Government believes it is acting benignly and legally and has not adequately recognised the fears of those who believe this is not the case.

It’s also the case that, regrettably, neither private sector nor public sector has always got data security right. Mistakes have happened. Mistakes are unavoidable but when they happen, they need to be recognised and corrected rapidly, with the right lessons learned for the future. Where government gets it wrong, we are learning to hold our hands up and take immediate steps to put matters right. The loss of Her Majesty’s Revenue and Customs disks triggered radical reforms of data security in government. When we recognised that data sharing provisions in the Coroners and Justice Bill had been too widely drawn we immediately withdrew them.

But equally, opponents have been too quick to assume the worst of government without any evidence to support their assumptions, replacing argument with rhetoric.

To reject all the benefits that databases offer the public, simply because a mistake might be made, is to strike the balance in the wrong place. Should we really avoid trying to do all we can to prevent another Soham tragedy? Or stop doctors accessing vital medical records? Or fetter the provision of welfare entitlements, such as free school meals, for the most vulnerable?

Basic principles for protecting the use of data are that it should be proportionate and necessary. That goes for debate about it too. Databases are a fact of life in private and public sector alike – we don’t live in a database state as much as a database society. They deliver real benefits for the public and it skews debate about the challenge they pose to all of us if anyone ignores this or pretends otherwise. But, like all technologies, databases can do damage if misused. The issue is not whether to have them but how they can be deployed without damaging privacy. It’s a question of balance and the challenge is how to strike it.

But where we should have a constructive dialogue, we have all too often an impoverished discourse where slogans substitute for evidence.

The Rowntree Report on what the authors called the Database State is a good example of how the public discourse is flawed. This could have made an important contribution towards meeting the challenges of new technology. The subject matter was important and its academic authors have a distinguished provenance. When it was published, it received largely uncritical coverage from the media which tended to accept the report’s conclusions as fact. However, a detailed reading of the report reveals it was riddled with factual errors and misunderstandings and reached conclusions without setting out the evidential base for doing so. So opaque was its methodology that it has taken months to work through it to respond in detail. In such a fast-changing environment, the government is happy to change policy in response to well founded criticism but it needs to be clear about the basis on which any criticism is being made. Still the publication of this report encouraged further debate about these crucial issues and for that I am grateful.

Today the government is publishing its response, produced after consultation and agreement across government. I hope that all those who read the original report and provided publicity for it will do similarly for today’s response to it. And I also hope that this, alongside the other measures we are taking, will generate further debate to which all concerned will contribute. This debate is too important to be left only to politicians and professionals. It affects everyone in this country and I hope as many people as possible will contribute to it.

It is important that we now move beyond rhetoric to a new and detailed dialogue between all concerned to ensure that we seize the opportunities of this new information age while protecting ourselves against its risks. So when government is considering how data might be used for the public good, the voices of users and practitioners can be heard. That requires an open, constructive approach on both sides.

To that end, I am announcing today that the Ministry of Justice will host an event early in the New Year to consider how we approach the data sharing aspects of reforms to the electoral register. The electoral register is a vital document. It is the foundation stone of our democratic processes and vital to the integrity of our elections. It has also, since the nineteenth century, been a public document – although there are important restrictions on who may obtain a copy of the full register.

The register is held locally, by some 400 different electoral registration officers. The unit of electoral registration has historically been the household. The government passed legislation this summer to move to a system of individual registration – where each person will provide their name and address, and three personal identifiers – signature, date of birth, and National Insurance number – in order to be entered onto the register.

There are three main forces driving this historic shift – the empowerment of the individual that comes with taking personal responsibility for your vote, the need to improve the completeness and accuracy of the register and the fundamental importance of enhancing the security of the ballot. The provision of identifiers as part of this new system – in particular, the National Insurance number – is intended to allow electoral registration officers to verify registration applications through cross-checking the information they are given, and so guard against fraud. Those identifiers will not be available to the public, for obvious reasons – they are solely for the electoral registration officer's use.

This move to individual registration, and the use of such personal identifiers to improve the integrity of the system, had all-party support, and is backed by the Electoral Commission. The question now is how to implement this shift in a way that commands public confidence and support. Individual voter registration will improve our systems of electoral registration. But the register will change and more personal data will be held. And we will need secure, safe mechanisms for individual electoral registration officers to cross check the information provided to them by those registering to vote.

We are just starting to design the systems for doing this. So we want to listen to those who have strongly held views on how data is used, and to engage with what people have to say about data security, including how the information architecture should be constructed, and all the attendant risks. Further details of the event will be available soon. I hope it will be the start of a dialogue which will serve to inform our policy development and our approach to implementation over the coming years.

I also intend to jointly host an event with Delyth Morgan from the Department for Children, Schools and Families which will focus on ContactPoint. ContactPoint was developed in response to a key recommendation of Lord Laming's inquiry into the tragic death of Victoria Climbié: to improve the exchange of information between different agencies working with children. But I am aware that ContactPoint has attracted a lot of interest and given rise to some concerns – and some misunderstandings. So Delyth Morgan and I want to hear views about ContactPoint from users and practitioners and explore these in light of the facts about the directory and feedback received from early adopters.

We can never be complacent about databases – the challenge in getting the balance right between seizing the opportunities they offer and avoiding the risks they pose is evolving as fast as the technologies themselves. Whenever changes need to be made, we will make them. But we can only do this on the basis of a rational and mutually respectful dialogue between all concerned. I hope the measures I have announced today can be the start of such a dialogue.