ContactPoint centralised national child database = Single Point of Failure - who guards the audit trail ?
Various MPs are asking questions in Parliament about various central Government Department's data handling and security proecudres or failures.
The party line seems to be wait for the publication of the Review, i.e. the Cabinet office review by Robert Hannigan which is due to report next Monday on the 10th December, and then there will be a Departmental Statement.
The Department for Children, Schools and Families has announced its own separate review of its controversial Children Database, badly re-branded this year as "ContactPoint", which evokes the data privacy horrors of the US based ChoicePoint commercial private sector data gluttons.
3 Dec 2007 : Column 927W[...]
Kevin Brennan:
[...]
We have contracted with Capgemini for the purposes of operating the national system, maintaining data quality and technical system support. The computer system will be in a secure location, physically removed from the Department.
[...]
Doh ! - that implies that this centralised national database will become a Single Point of Failure in an unnecessary expansion to the UK's Critical National Infrastructure.
Given the fires, industrial explosions, floods and electricity suply failures which have affected Government and private sector data centres in the past few years, and not neglecting the fact that this will be Yet Another Terrorist Target, why is the Department not paying for at least two physical secure locations, at least 100 miles apart physically, served by different electricity generating sub-grids, with multiple redundant telecommunications links etc. ?
[...]We acknowledge fully and understand that children and young people quite reasonably want reassurances about security and access.
How about giving them and their parents some actual practical, detailed, technical reassurances, and reducing the risks by not building another "all eggs in one basket" system ?
[...]Access to ContactPoint will be limited strictly to those who need it to do their job (currently estimated at around 330,000 practitioners). All users will be subject to stringent security controls and, before being granted access, must have completed mandatory face-to-face training, have obtained security clearance (including enhanced Criminal Records Bureau clearance) and have a user name, a password, a PIN and a security token to control their access to ContactPoint. Mandatory face-to-face training will include the safe and secure use of ContactPoint and the importance of compliance with the Data Protection Act 1998 and Human Rights Act 1998.
Exactly the same personnel checks and training as, say, HMRC or DWP staff etc., who have used Smart Card logon to their PCs for years.
We are not impressed.
To gain access to a child’s record, all users will have to state clear reasons why they are accessing ContactPoint. All use of the system will be monitored and audited and every access to a child’s record will be detailed in the ContactPoint audit trail. This will be regularly monitored by local authorities, using online User Activity Reports, to ensure that any misuse is detected and that appropriate action is taken.
So who exactly will have access to these audit trail records and "online User Activity Reports" ?
Back when the scheme was first announced, we pointed out that the audit trail records which record legitimate accesses of an individual child and / or parent / guardian record, by authorised professionals is itself a potential data privacy leak.
Anyone with illegal or legal access to these "online User Activity Reports" will be able to draw inferences and jump to conclusions about, say, the medical history or suspected child abuse etc. simply by cross referencing the names or job titles of particular professionals who have looked at the record, or the physical locations of the computers used to access those records e.g. from within an abortion advice centre or clinic.
If Local Authority data controllers are really in charge of the system and the auditing, then what exactly is the justification for a centralised national database ?
ContactPoint will include all children in England because it is not possible to predict accurately, in advance, which children will need additional services. Any child or young person could require the support of additional services at any time in their childhood. We want to support early intervention for children to help prevent situations becoming critical.
How does creating a national centralised database prevent another Victoria Climbié tragedy, which is the scandal which is being used to justify this Labour party "Nanny State" system ? In that case, the problem was not that all the relevant local childcare officials did not have enough detailed information about the risks to the murdered child, but that they were overworked and poorly managed, and failed to act properly in time, something which ContactPoint will never prevent in the future.