'Lax standards' on data security

http://news.bbc.co.uk/go/rss/-/1/hi/uk_politics/7295467.stm

Version 0 of 1.

The government has persistently failed to take data protection "sufficiently seriously," the Joint Committee on Human Rights has warned.

Episodes such as the loss of child benefit discs containing 25m people's details were "symptomatic of lax standards," said MPs and peers.

The report said this did not "inspire confidence" in controversial plans for a National Identity Register.

The government is considering measures to toughen up the Data Protection Act.

The joint committee's report on data protection and human rights notes that it has pointed out its concerns on 18 previous occasions and suggests such lapses may break the Human Rights Act.

People were shocked by the recent loss of child benefit data but that was far from a one-off Andrew DismoreCommittee chairman

The report added: "Recent breaches in data protection by government departments do not encourage us to feel confident about the security of data collected as part of the National Identity Register project."

The committee's chairman, Labour MP Andrew Dismore, said: "People were shocked by the recent loss of child benefit data but that was far from a one-off.

"In fact, it was symptomatic of lax standards in the public sector."

Data losses

It emerged last November that two discs containing the entire child benefit database had been lost after HM Revenue and Customs sent discs to the National Audit Office unregistered and unencrypted.

They contained personal details of 25m people - including bank details, National Insurance numbers and children's names, addresses and dates of birth.

Since then other losses of data have emerged, including the theft of a Royal Navy laptop containing 600,000 people's details.

The committee wants Michael Wills's powers to be expanded

In December it was announced that details of three million British learner drivers, held on a computer hard drive, had gone missing in the US.

The report says such losses are "symptomatic of the government's persistent failure to take data protection safeguards sufficiently seriously".

It notes with surprise that the first the data protection minister, Michael Wills, heard about the loss of the child benefit discs was the official statement made by Chancellor Alistair Darling.

It recommends he be given more powers to "champion best practice in government and ensure that lessons are learnt from data protection breaches."

It also recommends the information commissioner be given more powers for "privacy impact assessments" on government projects.

And it says it expects the government to "take action to foster a positive culture for the protection of personal data by public sector bodies".

Mr Dismore said the child benefit episode had highlighted the "true consequences of the piecemeal approach to data management".

"There has been a rapid increase in the amount of data sharing in the public sector, which can be useful, important and necessary.

"But this has not been matched by the even more necessary strong commitment to safeguard the right to respect for personal data."

A report in January by the Commons Justice Committee called for reckless or repeated breaches of data security to become a criminal offence and found "systemic failings" in the government's handling of personal data.

The Ministry of Justice said at the time that the need to strengthen data protection laws had been recognised before the child benefit discs were lost and a review had been commissioned in October.

And a spokeswoman said Parliament was considering proposals to toughen up the Data Protection Act to include jail terms and fines for those convicted of "unlawfully obtaining or disclosing personal data."