– in the House of Commons am 5:27 pm ar 7 Mai 2009.
I shall begin by reassuring the Minister that I do not intend to use all the considerable time available for this debate. However, I want to give him an understanding of a matter that my constituents raise with me in correspondence and at my surgeries with monotonous and increasing frequency.
For the Minister's benefit, I should tell him that Mole Valley is the largest constituency in Surrey. It is semi-rural and rural, looks green and prosperous, and has two main towns and about 30 villages. More than 50 per cent. of the inhabitants vote Conservative when elections come along—and long may they continue to do so—but some aspects of the area are deceptive. Some constituents are wealthy—some of them extremely so—and knowledgeable, but many of the people, especially in the villages, are poor and live in very difficult circumstances.
When I was out knocking on doors one Saturday morning fairly recently, I spent some considerable time persuading an elderly couple that their circumstances were such that they should claim council tax and rent benefits to ease their financial problems. The husband got very cross, and he explained to me that he was a former soldier who had fought for us in the second world war and then remained in the Army. What worried me was that he did not seem to understand that paying his taxes in effect set up an insurance scheme that allowed him to claim the relevant benefits.
I hope that the Minister might one day look at the benefit form, because what upset my constituent most of all was that it was 30 pages long—it was at that stage; it is now down to 29 pages—and full of questions that he said were too nosey and not relevant. Owing to that, he did not want to claim, and, although I have gone back and tried, he is still not claiming, because he feels that the questions interfere with his civil liberties and are too intrusive.
In the main, my constituents are well educated, very aware and definite absorbers of news. That applies to all age groups, and a considerable portion of my contact with my constituents over recent years has been about various broad civil liberty issues. In Mole Valley, there is a strong feeling that we need national and personal security; it is important. There is also huge support for the police, generally, which is just as well, because the central police grant to Surrey police is so low that almost 50 per cent. of their costs are borne by Surrey council tax payers. That said, there is increasing concern that we are being spied on by the state, that huge volumes of deeply personal data are being collected by the state and others, and that the situation has gone too far.
I read recently that the average person in the United Kingdom has about 3,250 pieces of information about them collected and stored every week. Obviously, much of that is not state-sourced; I refer to store loyalty cards, banks, internet responses, an individual's place of work data and so on. However, I shall highlight a few areas of Government-generated data collection. First, there is the centralisation of medical data. Most patients are unaware that their medical records are sent from their GPs to a central source that can be accessed from other health clinics and hospitals nationwide. The base logic makes sense, especially if I take note of my secondary hobby, which is dentistry, because if an unknown patient arrives with a debilitating condition, or is on a keen medication that may have side effects or interact with other drugs, that and similar information will be required by the clinician. My constituents and I accept that, but more information will be passed down the data tubes and be made available, and more is being collected centrally.
I ask the Minister, if he is bothered, to have a quick look at the Australians. They have a similar system, which has been under way for some years, and about two years ago there was a big blitz. A Sunday newspaper reported it, because there were known to have been more than 750 breaches of that system's security. The breaches took place over a fairly short period and were not necessarily of national or international importance, but they were certainly important to those whose security, data and information had been sourced. Many, if not all, of the breaches were personal: spouses, lovers, neighbours, relations and so on, checking up on individuals who were known to them. However, one can well imagine the temptation for a scurrilous individual seeking to access a pop star's health records, a footballer's health records or even those of a well known politician, and being prepared to pay for that information—pay handsomely on occasions, because of the payback for it.
I find the Government's intention to keep data on individual phone calls, text messages and internet access details extremely Big Brother. Most disturbing is the spectrum of people who are permitted to access that information. I have discussed the matter with a number of senior Metropolitan police officers, and they have explained to me the procedures that must be gone through before they can give someone permission to access it. However, the spectrum of people who can access it goes right the way along to local government, where I very much doubt that such restrictions apply.
A recent concern for me and many of my constituents has been the UK criminal DNA photo and fingerprint database. Since its launch in 1995, it has, I understand, become the largest or second largest database in the world. It has the details of more than 5 per cent., and rising, of the population. As the Minister would expect me to point out, Government blunders—the loss of personal data and sensitive information, carelessly left for public access—have been a deep concern. Furthermore, there are the concerns about our increasingly Big Brother culture.
Despite today's Home Office announcement—or perhaps, in part, because of it—serious questions about the functions and ethics of the database still need to be answered. DNA samples taken at arrest or from a crime scene are collected and sent off to a third-party company for analysis and storage. The profile, consisting of the DNA sequence, gender, ethnicity and age of the person involved, is then loaded on to the database. The database costs millions each year to maintain. Between 2000 and 2006, it cost the taxpayer about £270 million, excluding the storage costs for the individual samples; they fall to the individual police forces. I hate to think of what the costs would be today.
I understand and support the fact that we have a national database for criminals, but a considerable number of my constituents who are not criminals are on that database, and they include children. That is the biggest concern. I shall tell the Minister about two cases that illustrate my point. A quiet, retired engineer lives in one of the villages in my constituency. He does a little work on his computer to supplement his pension. One Saturday morning last year, there was a knock on the door and a policeman and policewoman pushed in and arrested him. They took him off to Guildford police station and charged him with the theft, some months earlier, of a laptop computer from Currys in Guildford.
My constituent protested his innocence. The police took his DNA, fingerprints and photograph and set him down for a court case a few weeks later. He went home, checked his data and was able to prove, through a combination of factors and witnesses, that at the time of the alleged crime he had been sitting at his own laptop in his own office 20 miles away. His solicitor put that to the police and a more senior policeman considered the scant evidence—a couple of fuzzy photos on CCTV showing someone who looked faintly like my constituent, except that my constituent's spectacles were different. That senior policeman saw that it had all been a mistake, and the case was ripped up. An apology was given to the engineer and one of the arresting officers got a severe rap over the knuckles. However, my constituent's DNA, fingerprints, photographs and so on were kept. There were months of battle before that clearly innocent man—who had no record, no charge, no brush with the police—could get the information taken off the database.
Perhaps a more important case involved a young lady coming home on the train to another of the villages in my constituency. On getting off, she was violently attacked by a group of young ladies. When the police were called, the attackers ran off; when the police arrived, they arrested the victim. It took considerable time for them to recognise that they had made a mistake. They had already taken my constituent's DNA, photographs and all the rest of the data. In spite of the apologies and a rap over the knuckles for the police concerned, it took nearly a year to get my constituent's information taken off the system. Following the new idea that has come forward today from the Home Office, that young lady's data will be stuck on that file for seven years, yet she was plainly the victim and totally innocent.
Last year, I had the privilege, pleasure and entertainment of meeting the Association of Chief Police Officers representative responsible at that time for the national DNA database. He spent a considerable length of time explaining and reassuring us about the security measures to protect the integrity of the database. It was impressive. I asked him whether he agreed that the bigger and more expensive the database, the more valuable it is to attackers. After all, if hackers can get into the Pentagon files, they can probably get into DNA files in this country. I put it to him that if the file is important enough, or big enough, somebody with criminal intent, groups with criminal intent, or someone from outside the country may try to hack into it or to pay somebody for access. He said that the last of those scenarios was his deepest worry.
In the past few weeks, the big issue that I have been hit with by many constituents is ContactPoint. At first, I was surprised that my trusting public, and so many of them, were so concerned. They all agree that vulnerable children need protection and that the system may help them, but I believe, and so do the parents, that it is outrageous progressively to place every child on the system. Effectively, every child will now have a Government number—yet another one. It will not be tattooed on their arm, but stored on a Whitehall computer. I have to tell the Minister that the parents are far from happy. I asked them to have a look at the website so that they could get a full understanding of it; now, if anything, they are more concerned, and I share their concerns. Next, there is the prospect of ID cards, and behind them there is the national identity register; it is not only Orwellian but, as one of my constituents put it to me, smells of a database ready for the Stasi. The whole project is an expensive data-collecting mistake, and it should be dropped. I support my Front Benchers' view on that emphatically.
Many Government databases have legitimate reasons for existence, such as car licence data files, taxation records, information on individuals entering and leaving our shores, passport information and so on, but the variety of information collected for many of those systems seems to be expanding. It was a great relief to me, and to many of those who wrote to me, when the proposal for centralising access to the various systems was withdrawn from the Coroners and Justice Bill. However, Government form is such that unless the public throw them out at the election, which is looking increasingly likely, that horrible little measure will return at the next opportunity.
We have CCTV cameras everywhere, but few people are aware of how much of the data is stored, for how long it is stored, how many cameras there are, or that a policemen sitting in New Scotland Yard can use many speed cameras to view and follow cars along our London roads. Of course, it is all in the cause of crime prevention and detection, and so on.
The key point for the Minister is that the greater the collection of personal data, and the more it is centralised, the more vulnerable we are as individuals and the greater the temptation for theft of these data. It may not necessarily be theft. Given the way that the Government have been behaving, the data could simply be lost—or, as I have already inferred, hacked into or purchased. If our bank details are lost, sold or something like that, we can change the accounts, but we cannot change much personal information such as DNA and identity. Lost or stolen, it could be in unwanted hands for ever and used against the freedom of individuals for criminal or other reasons.
I go around many secondary schools, and the sixth-formers remind me that the situation smacks of "Brave New World", "Nineteen Eighty-Four" and the cult TV series "The Prisoner". As an aside, I thought that the new Government Department, the Ministry of Justice, had a George Orwell ring about it. A few constituents who have had a measure of support for these data collection measures have told me, "But I have nothing to hide." They are reminded that that saying is derived from Orwell's "Nineteen Eighty-Four" as cameras were being installed in people's accommodation, and that as this Government continue to collect more and more personal data, we may well soon be in the position of actually having nothing left to hide.
I congratulate Sir Paul Beresford on initiating this timely debate. I suspect that he does not recall that the last time we spoke was probably in about 1994 or '95. I believe that he was Under-Secretary of State at the Department of the Environment, and I was part of a delegation from Sheffield. We got what we wanted, but I never got a chance to thank him, so I do so this evening.
I have listened with great interest to the points that you have made this evening. I shall attempt to address them all, hopefully to your full satisfaction, although I suspect that that might not quite be the case.
Order. Can we just get things right? It is the hon. Member who has been raising these things, not I. The Minister used the term "you", so I correct him before we get any deeper into it.
My apologies, Mr. Deputy Speaker.
I wish to comment first on the hon. Gentleman's private Member's Bill. I thank him for his continued support for the protection of children, particularly on the internet, and for his valued contribution to that ongoing debate.
The hon. Gentleman raised a number of points relating to his constituents. He said that benefit forms were too long and, in the words of his constituent, too nosey as well. He talked about data collection and about his secondary hobby, dentistry. By virtue of the Data Protection Act 1998, benefit forms are meant to contain only information that is appropriate and essential, and of course it is protected information. People will always come to different judgments, and clearly his constituents—sadly, in some ways—have come to the one that he described.
In this debate, we are considering the profound question of the role of the state in protecting civil liberties and freedoms in Mole Valley and much more widely. I am clear that the role of Government is to safeguard our citizens from those who would seek to do us harm, while ensuring that our rights to privacy and freedom are protected. The Government have put in place a strong legislative framework to protect the rights of individuals. The Human Rights Act 1998 enshrines privacy in law as a qualified right that needs to be balanced against collective interests such as national security and the prevention of crime.
We live in a fast-changing world. Developments in technology are especially rapid, providing greater opportunities and benefits to us as individuals. Those who would do us harm can also take advantage of those developments, which creates an ever-increasing challenge as we seek to safeguard and protect the public, a challenge to which the Government and their enforcement agencies are duty-bound to respond.
The hon. Gentleman spoke at some length about DNA. I am sure he agrees that DNA techniques have helped to bring thousands of serious offenders to justice. They helped police solve 1,000 rapes and murders in 2006-07, and more than 18 million employment checks stopped more than 80,000 unsuitable people working with children and vulnerable adults in the past four years. The list goes on.
The four key principles that underpin the Government's approach to privacy and security are: proportionality, safeguarding, transparency and, of course, common sense. Recent announcements demonstrate the Government's commitment to those principles. To focus on DNA, today marks the commencement of the public consultation exercise on the retention, use and governance of DNA and fingerprints. In the case of S and Marper, the European Court found a violation under article 8 on the "blanket and indiscriminate" retention policy for DNA and fingerprints. Of course we accept the Court's judgment but also its recognition of the importance of using DNA and fingerprints to tackle and prevent crime, including terrorism, and ensure public protection.
Public protection is a key consideration in what we do.
I have accepted the importance of criminals having their data on a national database that is accessible to the police and so on, for the reasons that the Under-Secretary set out. However, I am worried about the innocent. I deliberately gave him the second example of the young lady, who was clearly innocent but would still have her files on the system for seven years under the Government's new proposals.
The hon. Gentleman talked about one of his constituents who was wrongly arrested. Our proposals set out possible grounds for removing data—for example, in cases of mistaken identity. Criteria will be set out in regulations that we will develop as the consultation rolls out.
Let me give the hon. Gentleman some reassurance. Kensley Larrier was arrested in May 2002 for the possession of an offensive weapon. His DNA was taken at the time and loaded on to the DNA database in June 2002. The proceedings were discontinued in October 2002, but his DNA was retained under the Criminal Justice and Police Act 2001. In July 2004, a rape was committed in the north of England and DNA from the investigation was speculatively searched against the national database and matched with the acquittal sample. Larrier was arrested and charged with the offence in November 2004. He was convicted in June 2005, jailed for five years and entered on the sex offenders register for life. That is one example of what can happen if DNA data are retained.
I understand that point. We accept it because the dates fall within the suggested three years. However, I am worried about people who are clearly innocent and cases in which a mistake has clearly been made. Surrey police keep the data.
We believe that the issue is sufficiently important to warrant a consultation. Our proposals are based on the best available evidence and research. The consultation paper sets out the research on the risk of future offending or reoffending. A six-year period is at the lower end of the risk of offending scale, but we believe it is a proportionate response to the European Court judgment in the light of the available research. We are very keen to adopt a retention period based on evidence, and we have gone some way to try to achieve that. We certainly think that this is an important enough issue to have a conversation with those who are not privileged enough to be in this place, and we are embarking on that at this moment in time.
The proposals in the consultation focus on achieving a proportionate balance between allowing the police to detect, investigate and deal with offenders effectively and ensuring that appropriate safeguards and protections are available to the individual, and to achieve that balance, changes are proposed in five key areas. The first proposal is that all samples be destroyed. The second is that profiles for persons arrested but not convicted may only be retained for a maximum period of six years or 12 years in the case of serious, violent or sexual offences. The third is that the DNA of a young person arrested and convicted of a minor offence be removed from the database when they reach 18 years of age, and for those arrested and not convicted of any further offences the profiles will be deleted after six years or on the person's 18th birthday.
I clearly made a mistake. I said that the young lady's information would be collected and kept for seven years, but in fact because she was accused, wrongly, of a violent action against other individuals—I wonder whether I should wait for the Minister to listen—if we had not won the fight with the police her information could well have been stored for 12 years, as has been suggested, rather than seven. I was wrong.
As I have said, we are consulting on these proposals. The fourth proposal is that the criteria for destruction of profiles before expiry of the six-year or 12-year period should be set out in the regulations. That would enable people to know whether they would qualify to make such an application. It is also proposed that an independent advisory panel be established to monitor implementation of the regulations. Lastly, as we need to make sure that those who should be on the database are on it, proposals extending police powers to take samples and fingerprints following conviction are included.
The hon. Gentleman also mentioned CCTV. I know from my surgeries and the campaigns in my constituency that queues of people—almost literally—say to me that we should have more CCTV, not less. I understand the concerns that people have about CCTV, but it is a powerful crime-fighting tool. Police operational experience and various research studies show that it deters and detects crime, and helps to secure convictions. It can also reduce the fear of crime, and the Government remain very much committed to the use of CCTV in helping to make communities feel safer.
We have taken the European Court's judgment on DNA as the focus for our approach. We have recognised that there is scope to go beyond its judgment and establish a framework based on public protection and individual safeguards. We have provided a significant opportunity for public debate on this key area, and we will use the findings from the consultation to develop draft regulations for Parliament to consider and approve before the end of this calendar year.
The hon. Gentleman also talked about identity cards. In the context of yesterday's announcement on those, the national identity service will provide a single, simple and secure way for individuals to prove their identity and to protect their personal details. The service includes the national identity register, biometric passports and ID cards. Information held on that register will be similar to that stored on the existing passport database. It will include biographical data, biometric data and administrative data relating to the secure issue and use of the card. The register will not hold sensitive personal data such as medical history or criminal records; nor will it hold tax, benefit or pension information. The individual will have the right to see all the information held about them on the national identity register, including who has accessed it, once their identity is confirmed, in line with the subject access rights.
Motion lapsed (
Motion made, and Question proposed, That this House do now adjourn. —(Steve McCabe.)
In addition, the appointment of a newly created national identity scheme commissioner—the first such commissioner ever created solely to oversee a single programme—will provide independent oversight.
I thank the Minister for his indulgence. I put this question to his colleagues some time back, but would he not accept that the more data are collected and the broader they are, especially in these days of identity theft, the bigger the target becomes for those who wish to purchase the information—illegally, obviously—or break in?
We will never develop a system that is 100 per cent. foolproof. There will always be individuals who are willing to be corrupted and hackers who engage in their favoured activity. However, we believe that the benefits that accrue from our work by far outweigh any of the costs.
Recent research shows that 71 per cent. of those interviewed trusted the Identity and Passport Service to look after their personal information, which is far more than expressed trust in banks, insurance companies, supermarkets and internet retailers. Given that the ID cards regime will use the same infrastructure as the Passport Service, I hope that that, too, will reassure the hon. Gentleman to an extent—although I suspect only to an extent.
On
Important safeguards are in place to protect individuals' right to privacy. Access by public authorities to any of the data currently retained by communications companies for business purposes is tightly regulated and is also overseen by the interception of communications commissioner. Used in the right way, communications data can play a critical role in keeping us all safe. Doing so makes common sense. Doing nothing in the face of technological change is not an option. We will listen to and engage with the public to ensure that we strike the right balance, as ever, for the continued protection of our country and its citizens.
The hon. Gentleman also talked about ContactPoint. Concerns have been expressed—not just in the House, but elsewhere—about ContactPoint, which is a vital safeguard for children. ContactPoint will provide a quick way for practitioners to find out who else is working with the same child. It will help to ensure that practitioners can share information quickly, enabling them to spend time providing support for the children who need it and helping to prevent things from getting worse. We take our responsibilities under the Data Protection Act 1998, the Human Rights Act 1998 and the European convention on human rights, and all other legal obligations relevant to ContactPoint, very seriously indeed.
I understand the basis for including children who need support. However, many of the children in my area, if not 80 to 90 per cent. of them, are not at risk, nor are they on registers and so on, yet their names, details and so forth will be on the system. That is what is upsetting parents.
I empathise with the hon. Gentleman's perspective, but only to a degree. The contrary will be the case for the vast majority of parents, who will gain reassurance.
Security is paramount for ContactPoint, and a number of robust security measures are in place. Access is restricted to those who need it as part of their work, and it is limited to what is needed for each role. ContactPoint holds only minimal data; it does not hold case information. The Children Act 2004 Information Database (England) Regulations 2007 define and strictly limit the information that can be held on ContactPoint. It does not, and will not, contain any financial information, or any case information such as case notes, assessments, medical records, exam results, comments or subjective observations. We have sought, and will seek, to balance children's and families' rights to the services to which they are entitled with their individual right to privacy.
Concerns have been expressed about patient information held within the NHS care records service. In modern health care, it is vital that the information that clinicians need when they are treating patients is available at the right time and in the right place across the NHS. This will save lives and improve care. Access to records held in the new NHS database will only be permitted to organisations involved in delivering care to NHS patients. Other parts of Government or public agencies—the police, for example—neither have nor will have direct access to any NHS data, or to the NHS care records database. The release of identifiable patient information from NHS care records will be possible only in accordance with the provisions of the Data Protection Act 1998, common law confidentiality requirements, and any other legal requirements. These limit the release of information without consent to circumstances in which the public interest that would be served by the release of information outweighs an individual's right to confidentiality, or in which legislation or the courts require or permit the release.
The hon. Gentleman kindly shared with the House an Australian experience in which breaches had occurred. I go back to the point that I made earlier—namely, that no system is 100 per cent. foolproof. Ultimately, however, we believe that the benefits that accrue will far outweigh any costs and risks involved. The Government will always take a principled and proportionate view of what needs to be done to protect the public and to respect individual privacy. We do not have a surveillance society. The constituents of Mole Valley can sleep easy this evening.
Question put and agreed to.
House adjourned.