• Media Enquiries

    07505 448925(24hr)

The danger of data: to merge or not to merge?

Big Brother Watch last year highlighted the serious shortcomings in data protection in local authorities across the country.

However, the wider issue is not only about data storage and loss, but also how datasets are held together and combined for a whole variety of purposes.

In recent weeks two incidents have highlighted how acutely sensitive information is combined and held in a single database, when there is no obvious need to do so, and that database is then lost.

In one incident, Islington Council published personal details of thousands of residents in response to a Freedom of Information request.  The Telegraph reported that names, addresses, religion, relationship status and the sexuality of 2,500 residents were published by mistake.

A similar incident was disclosed yesterday by Torbay Care Trust in Devon, which published sensitive personal details of more than 1,000 NHS staff on the internet. The details remained online for 19 weeks until it was spotted by a member of the public. The investigation estimated the spreadsheet was viewed 300 times.

Details of each person’s sexual orientation and religious beliefs were published alongside their name, date of birth, pay scale and National Insurance number. The Information Commissioner fined the trust £175,000 for the incident.

Both these cases highlight the risk of combining data. Why on earth was salary information and sexual orientation included alongside names and addresses? If there is a real need for monitoring salary and religious beliefs (and I struggle to see why there would be) then there is no need to include employee names and addresses alongside that data.

Rather than combining all the data available, only the information that’s absolutely necessary should be used – a basic principle that should underpin the way organisations deal with personal information, but is sadly missing from countless organisations. A substantial cultural shift is required to begin treating data with the care and diligence that is required to restore trust, particularly to the public sector

While fining the organisation does send a message to senior management, it is clear that some frontline staff are not taking these issues seriously and far more needs to be done to hold to account those responsible for errors and improve standards to stop small errors having a significant impact on people’s privacy.

Posted on August 7, 2012 by Big Brother Watch Posted in Civil Liberties, Councils, Data Protection, Databases, Information Commissioner, Privacy
  • Say no

    Unfortunately this is not surprising. There is a shocking lack of understanding about personal and sensitive data in this country and the impact that is caused when it is shared without consent that it is no wonder that these cases keep arising. There is only one way that we can prevent these breaches of data and that is not to give the data to employers and others when asked. Yes it raises eyebrows when you refuse to give your date of birth or some other personal information but only because the person has never experienced someone saying no before. Once they get used to us saying no then it will become the norm. I do not give personal information now because I know that those who are dealing with it cannot be trusted to only use it for the reason I gave it. I also know that when questioned about data protection matters the people who want your data do not know what their obligations are regarding protecting data. Whether this is convenient or genuine ignorance is not the point – they do not have the right to use and abuse our data and we need to stop allowing it to happen. Say no!

  • Say no

    Merging data is potentially very dangerous when ti comes to breaching privacy. Various items of data might not identify someone if they are kept separated but when combined they can reveal a huge amount about individuals. Combining data in this way can result in a complete loss of privacy. Think twice before handing over your data – if in doubt say no. Just because someone asks you for your data does not mean you have to give it. This is only the very tip of the iceberg that we are hearing about.

  • Karen

    It is policy to merge records, justified on the basis that data sharing is not unlawful. The D P Act mentions a right to prevent data being shared when this causes significant distress. The argument goes that merely feeling your privacy is being invaded does not constitute significant distress and that in some cases sharing data may result in you getting a benefit ie being offered some entitlement which the data sharing shoes you are entitled to. It is also cheaper to maintain one giant data base, and so this is more efficient. The argument goes that ‘cheaper’ means necessary: for example councils have a duty to ensure that they use resources efficiently.

    I would like Big Brother Watch to look seriously into cases where incorrect and prejudicial information is routinely being shared. The main example of this is when councils allege that particular people ‘are claiming’ that they literally live alone in order to receive a 25% council tax discount. The nickname ‘single person discount’ is seriously misleading. In law, the term ‘the appropriate amount’ is used. This amount or rate of discount never ever applies simply because a person is the sole resident. It applies irrespective of how many residents there are so long as all but one of those residents ‘fall to be disregarded’. To comply with the instructions in two regulations under the 92 Administration and Enforcement Regs the council must, having found reason to believe that a 25% discount should apply, assume that there is entitlement to a discount of that amount and it must issue the demand notice on the assumption that on every day during the coming year there will be entitlement to the same rate of discount. The Act states that the Secretary of State may make regulations that the taxpayer should be informed of this assumption and of his duty to correct it if it proves to be incorrect. In other words, you must tell the council if another adult who is NOT disregarded comes to live in your house, or if a resident who is NOT disregarded turns 18. For in that case you are no longer entitled to a discount of the appropriate amount. What an increasing number of councils do is ‘share’ utterly false information to the effect that certain people are ‘claiming’ to live alone or that the council had (unlawfully) deducted the appropriate amount on the assumption that entitlement arises and will continue to arise for the future on the basis that only one adult, literally, is resident. This would not matter except for the fact that the full electoral register is then used to check entitlement or to check a non existent ‘claim’ half way through the taxyear and if another adult is on the register a fraud investigation may be launched on the basis that there is a discrepancy between a claim that a person is not making in law, and should not be told that they are making and the electoral register. Even worse, residence under the Act is defined as ‘sole or main’ residence and case law makes it clear that it is not lawful to use the full electoral register to decide where the sole or main residence of a person is. Moreover, it is lawful to register twice, especially if you are a disregarded student with your sole or main residence at the university town, but also in other cases. Both sets of law acknowledge that a person may have more than one address. So people are being subjected to fraud investigations on the basis of an alleged inconsistency which does not exist except in the mind of some credit reference agencies and some, but not all, officers of the Audit Commission.

    Bob Neill, UnderSecretary of State has written to the Audit Commission about this. By law, the Commission should listen to the Secretary of State. It is written into the Audit Commission Act. However, it appears that they have paid no attention to what Bob Neill has said to them. He told them that every time their so-called SPD exercise is mentioned it should be made clear that a ‘hit’ does not indicate lack of entitlement, failure to inform the council of the changes which the law does require to be notified, or even maladministration by the council BECAUSE the other adult on the electoral register may fall to be disregarded.

    This exercise produces so many false positives/abortive investigations that some councils had decided that it is not efficient to use the lists of suspects provided by the Audit Commission as the basis for investigations. Few councils keep figures but those which do show that the majority of investigations are abortive.

    The NFI ignores Bob Neill’s advice to the point of including in its very dodgy figures for discounts ‘improperly claimed or awarded’ the cases where the other adult fell to be disregarded and where there was therefore entitlement all the time. This appears to be because the NFI has its own views about how councils should carry out their duties under Regulation 14 of the Act, something which it is for councils and not for auditors to determine and which, if an Auditor doesn’t like, he should go through a judicial review on, not start insisting that people are subjected to fraud investigations because the NFI thinks that they ‘might’ not be entitled (and nobody can quantify the probabilities here, except that the chances appear to be strongly that they ARE entitled).

    The Audit Commission has, in my opinion, an entrenched tendency to produce and share legally prejudicial documents and ‘information’ about this, some clearly being in respect of identifiable families and their (as it turns out) disregarded members) but to respond to criticisms by saying that the documents are not ‘legal documents’ or that they are not intended to provide a comprehensive guide to the legal position. If you assert that a person is ‘claiming’ to live alone yet shared information suggests that they are not living alone, in a context where they must if your false statements (I hesitate to use the word ‘lie’ but it is not far of the mark) were true be making a false claim somewhere in most contexts you would end up sued for defamation. But it appears that credit reference agencies and their customers (in this case the NFI) can get away with such things.

    Big Brother Watch should look carefully at the draft Audit Bill, in which Eric Pickles is to be given loosely defined powers to share data and carry out investigations.

    The only ray of hope is that some councils may feel more inclined to challenge Mr Pickles than they were to challenge the Audit Commission. Now that the penalty of a criminal offence for not supplying information ‘reasonably’ requested for NFI purposes is being done away with, perhaps councils will be prepared to argue that it is not reasonable to expect them to provide false and prejudicial and legally inaccurate ‘codes’ along with personal data.

    The ICO will not look at any government data matching to see how far the information shared complies with the legal frameworks involved, saying he has no power and insufficient resources. The LGO has in the past stated that complaints about maladministration must be referred to the ICO if these involve allegations that false or prejudicial information is being ‘shared’.