Children Act 2004 Information Database (England) Regulations 2007
Lord Adonis (Parliamentary Under-Secretary (Schools and Learners), Department for Children, Schools and Families; Labour)
rose to move, That the draft regulations laid before the House on
Lord Adonis (Parliamentary Under-Secretary (Schools and Learners), Department for Children, Schools and Families; Labour)
My Lords, these regulations make provision in respect of the establishment and operation of a database, ContactPoint, under Section 12 of the Children Act 2004. The regulations place a requirement on local authorities to participate in the operation of the database. They specify what information will be held, who must or can provide this data, how long it can be retained, who can be granted access and how accuracy will be maintained.
ContactPoint is essentially an electronic directory of practitioners providing services to children and young people. It will enable all practitioners working with children to find out who else is supporting a particular child to deliver better co-ordinated support. Our Every Child Matters programme aims to improve outcomes for all children. ContactPoint will help facilitate this by supporting effective prevention and swift intervention when problems arise, ensuring that children and their families gain the support of the services that they need as early as possible.
These regulations have been considered by the House's Merits of Statutory Instruments Committee, and we are grateful to it for its thorough report, whose findings will inform our implementation policy. In the course of the committee's deliberations, concerns were raised about the rationale for the scheme and about security, accuracy, data management, cost and universality. I will address each issue in turn.
First, why is this database necessary? Practitioners have told us that the process of identifying and contacting other professionals working with any one child is frustrating, time consuming and very costly. A recent survey of nearly 3,000 practitioners revealed that, on average, practitioners need to make contact with other services 107 times a year and it takes an average of four hours each time to do so. ContactPoint will significantly improve on this situation, freeing up an estimated 5 million hours per year of time currently spent by professionals in pursuing information, rather than delivering expert services. This time saving alone is equivalent to at least £88 million annually.
On security, there has been a good deal of inaccurate comment on the amount of information that will be held on a child's record. I stress that ContactPoint will hold only basic information: name, address, date of birth, gender and a unique identifying number on children on England until their 18th birthday, together with contact details of their parents or carers, GP practice, those providing education and specialist or targeted services to a child. ContactPoint holds no case data, no clinical data, no subjective assessments and no judgmental statements about a child, their carer or parents. Details of practitioners providing sensitive services, which, for the purposes of ContactPoint, are defined as services relating to sexual health, mental health and substance abuse, may be added to ContactPoint only with the informed and explicit consent of the young person concerned or, where appropriate, their parents.
Furthermore, these sensitive practitioner contact details will be hidden from view, except for the very small number of local ContactPoint management teams who will be responsible for brokering contact between practitioners. Let me also state categorically, that ContactPoint will not hold information about a child's school record or attendance, nor—as was described in one extraordinary press report—about how many portions of fruit and vegetables they may eat. Indeed, Section 12 of the Children Act 2004 specifically precludes such information being held. Nor will information be held about their parents' circumstances, such as whether they have a drug or alcohol problem. Regarding parents, ContactPoint will hold only the name and contact details of any person responsible for the care of a child—nothing else.
On data accuracy, each local authority in England will be responsible for the records of children in its area. Each will have a dedicated resource funded by my department to ensure that the data is accurate. We anticipate that when the system is operational, 300 people will be working specifically to ensure accuracy within local authorities. In line with the Data Protection Act, all organisations and local authorities must take reasonable steps to ensure that information supplied to, or held on, ContactPoint is accurate and up-to-date. Children and young people or, where appropriate, their parents or carers will have the right to see what is being held on their record and, where inaccuracies are found, to have them corrected. There will be a clear process enabling people to exercise that right, and fair processing notices will explain how the data may be used—which is also a basic right under the Data Protection Act.
I now turn to safeguards to ensure the protection of the information collected—the issue raised in the Motion tabled by the noble Baroness, Lady Morris of Bolton. The security of ContactPoint is of the utmost importance. The design and operation will adhere to ISO 27001, the new international standard for information security management systems. This addresses physical, environmental and personnel security, communications and operations management. ContactPoint will conform to relevant government security standard and will be subject to review by independent security experts. Unauthorised access will be prevented by using a combination of methods.
First, we are insisting on strong user authentication—not merely a user name and a password, but four system checks: a user name, a password, a PIN number and a physical token. Secondly, all users will be trained in the importance of security and good security practice. Users will receive mandatory training and their use of ContactPoint will be audited at every stage. Their activity on ContactPoint will be subject to continuous monitoring. Any suspected misuse will be investigated and could lead to disciplinary procedures within their organisation. Where appropriate, an investigation may lead to prosecution that could result in a fine or even imprisonment.
A range of existing legislation includes penalties for the improper use of data. The Computer Misuse Act 1990 states that unauthorised access or attempted unauthorised access to a programme or data held on a computer may be punishable by imprisonment or a fine. The Data Protection Act provides that personal data unlawfully obtained or disclosed without the consent of the data controller is a serious offence, with a penalty or fine up to the statutory maximum, or an unlimited fine if the case goes to the higher courts. The Criminal Justice and Immigration Bill provides for these penalties to be increased to include imprisonment for up to two years on indictment, and up to 12 months on summary conviction. These increased penalties would apply to misuse of ContactPoint.
Controlling access to ContactPoint is an important part of ensuring that the information within it remains secure. Access to ContactPoint will be restricted to those who can demonstrate a genuine need for it to facilitate their work. User numbers are estimated at about 330,000, and will include practitioners from education, health, social care, Connexions, the voluntary sector, youth justice and the police. Before being granted access to ContactPoint, users will need a current, enhanced Criminal Records Bureau disclosure and must also have been trained in the safe and secure use of the system, in compliance with the Computer Misuse Act 1990 and the Data Protection Act 1998.
These regulations require users to renew the enhanced CRB disclosure every three years. Any conviction for offences against children, or for offences under the Computer Misuse Act 1990 or the Data Protection Act 1998, are likely to preclude access. I also note that the Information Commissioner's office has offered valuable advice and comment throughout the development of this project. The commissioner's memorandum to the Merits Committee concludes,
"we are satisfied with the overall design of ContactPoint".
Lord Brooke of Sutton Mandeville (Conservative)
My Lords, before the noble Lord leaves that subject, can he give an assurance that those who must have access to the system in order to maintain it—there will be technical inputs in that respect—will be governed by exactly the same rules that he has adduced?
Lord Adonis (Parliamentary Under-Secretary (Schools and Learners), Department for Children, Schools and Families; Labour)
Yes, my Lords; that will be the case.
The issues of cost and universality were raised in the Motion moved by the noble Baroness, Lady Walmsley. Why should ContactPoint hold records for every child? First, a universal system has no stigma attached; since every child is included, no judgment will be made about a child merely because they are on the database.
Secondly, the system principally supports early intervention for children who, at some point in their lives, need additional services. This is not a small proportion. It is estimated that it will comprise about 30 per cent of children at any one time and 50 per cent during their lives. However, children move in and out of that spectrum of need, and it is not possible to predict who will need these services or when. Without a universal system, practitioners would have to make decisions about the needs or vulnerability of a child without all other available information. We would be faced with a continuation of the current system, where practitioners are often able to contact only those other practitioners whom they can easily track down. Holding records only for children judged at risk or to have a need for specialist or targeted services would prove very difficult. Judgments about whether a child meets the threshold for inclusion on the database would be subjective and inconsistent.
Thirdly, the cost was also raised by the noble Baroness, Lady Walmsley, in her Motion. We are advised that it would be more expensive to try to filter out records for different categories of children. It is proportionate to hold a small amount of information on all children rather than continually making threshold decisions, each of which would have to be input into the system, about which children should be put on it and which to take off.
Our conservative estimate is that from 2009 ContactPoint will free up about 5 million hours a year for practitioners, which, as I said earlier, is the equivalent of investing an additional £88 million a year in children's services. ContactPoint is expected to cost an initial £224 million to set up and to have annual operating costs of £41 million. Less than a fifth of the £224 million is to set up the infrastructure itself. Almost half of the funding, £103 million, is earmarked for local implementation, including workforce training, and the remaining investment is to fund project activity during the set-up period.
The Motion tabled by the noble Baroness, Lady Walmsley, asserts that investment in ContactPoint would be better spent on front-line staff. However, in an important sense it is being spent on front-line staff: it will free up their time to do their job and it will enrich their knowledge of relevant practitioners also working with a child. Furthermore, improving children's services is not simply a matter of increasing staff numbers. Practitioners must also be able to work better together, and ContactPoint will support that much more effectively than under the status quo.
In developing ContactPoint, we have worked closely with all relevant partners to ensure that the system meets their needs. All 150 local authorities in England are preparing to start using ContactPoint during 2008. An advisory group has been set up, with membership drawn from professional and representative bodies and national voluntary organisations. The group meets regularly to provide input into the development of the project. We are also glad that a number of national charities—Barnardo's, the NSPCC, NCH, the Children's Society and Kids—together with the Child Exploitation and Online Protection Centre and the Children and Family Court Advisory and Support Service, are working with us as national partners in implementing ContactPoint. When the system is in operation, they will be granting access and managing users within their respective organisations.
Let me also stress that there is strong support for our proposals from children's welfare organisations, which I believe should not be lightly set aside in the debate. The Merits Committee hearing report includes, for example, written evidence from Barnardo's, which describes ContactPoint as,
"a challenging project, but worthwhile in that it harnesses the technologies of the 21st century in support of those who work with children in the interests of the children themselves".
The National Children's Bureau submission to the committee also acknowledged ContactPoint's potential,
"to underpin effective information sharing and joint working".
Consultation and engagement with children, young people and parents has also been invaluable. Using questionnaires, workshops and online consultation, and engaging organisations such as the former Commission for Social Care Inspection and the British Youth Council, we have consulted with more than 1,100 children and young people. At least 183,000 parents and carers have been provided with information by the trailblazer authorities, and we value greatly the feedback we have received from all these groups. With the Information Commissioner's office, the Children's Rights Director at Ofsted and the Children's Commissioner we are developing communication materials aimed at children, young people and families. These will describe what ContactPoint is, what data is to be held on it and how they can exercise their right to see their own data and, where necessary, to have it corrected. They will be developed nationally to ensure consistency and will be disseminated to local authorities so that local information can be added.
To conclude, these regulations, in providing for the operation of ContactPoint, will significantly improve the safeguarding of vulnerable children and enhance the provision of information and support for the children's workforce in carrying out its vital responsibilities to our children and young people. I commend them to the House and I beg to move.
Baroness Morris of Bolton (Shadow Minister, Children, Schools and Families; Conservative)
rose to move, as an amendment to the above Motion, at end to insert "but this House regrets that adequate safeguards are not in place to ensure the protection of the information collected".
Baroness Morris of Bolton (Shadow Minister, Children, Schools and Families; Conservative)
My Lords, I thank the Minister for his thorough explanation of the regulations. While the debate will and must focus on the safeguards of information-sharing and the safeguarding of young children, it is also important to discuss how to ensure more effective support for the professionals who work to improve the welfare of children. Whatever aspect of government policy we talk about in whatever department we must ensure that the resources of time and money are focused and used effectively to support those who need them most.
The Motion I have tabled goes straight to the heart of my deep concerns about these regulations, which set up a database to store the intimate details of millions of children. Doctors' details, contact with practitioners dealing with sexual and mental health and substance abuse and contact details of parents are just some of the information fields that will be included. The legislative web surrounding these regulations renders them far wider-reaching and threatening than has been made clear. Even though the Department for Children, Schools and Families has claimed that the ContactPoint database will not contain information on cases, since 2000 under the e-Government Interoperability Framework, otherwise known as e-GIF, it has been mandatory for all public sector databases to facilitate the sharing of data across systems. Currently, a range of databases holding detailed information about children already exist in education, social care and youth justice. Can the Minister give a guarantee that ContactPoint will be exempt from the requirements of e-GIF? What steps will be taken to ensure that the child in question may not be identified by other associations in the information provided? Indeed, what protection will be provided for the list of names behind the numbers?
My first and deepest concern is for the children whose personal information is stored on the database and, if accessed by fair means or foul, could result in them being placed in great danger and in deeply vulnerable situations. It will be extremely difficult to secure such large quantities of sensitive information. Eleven million children will have their details stored on the database, and upwards of 330,000 people will have legitimate access to it. While I hope that those 330,000 people will be trustworthy, function creep develops at an alarming rate in data systems, which is all the more disquieting given the wider context of online fraud, growing at 300 per cent a year. It raises serious questions about whether we can, in reality, trust in the assurances that we are given, even though they are given in good faith at the time.
I am grateful to the Minister for confirming what training those handling the information will have and what checks they will undergo, including enhanced CRB checks. However, noble Lords will know that CRB checks only cover known criminals and fail to cover overseas workers, who now comprise a large part of the health and social care workforce. Has the Minister considered the danger of exposing such sensitive information to the extremely wide range of users, including many subgroups. Is the Minister at all concerned that employees of contracted-out services—often temporary staff—might be given access to the database?
Above all, it is vital that we do not unwittingly provide a resource indicating children's whereabouts to anyone who is not acting exclusively in the very best interests of the child or anyone who may, however unintentionally, fail to protect that information. The Information Commissioner's Office report to Parliament, What Price Privacy?, shows how easy it has been for private investigators to gain access to personal data by paying employees of the target organisation. Dr Ian Brown of University College, London, recently brought to our attention a report from the inspector-general of the United States Department of Veterans Affairs, who earlier this year found that the digitised medical records of 1.3 million individuals had been mislaid. That shows yet again how easy it is for security safeguards to be ignored and bypassed.
I draw attention to the 27th report of the Merits of Statutory Instruments Committee and I pay tribute to the committee for its customary diligence and excellence. It was noted that while the DCFS may be acting with good intentions, the huge number of users of the database will,
"inevitably increase the risks of accidental or inadvertent breaches of security, and of deliberate misuse of the data ... which would be likely to bring the whole scheme into disrepute".
I am sure that the Minister will remember fondly the amendment that I tabled last year to the Childcare Bill which would have ensured that any information collected under Clause 99 would have to be destroyed within a year. It was my understanding then that the regulations were intended to provide safeguards against the collection and processing of disproportionate amounts of information and that they would include stringent security and safeguarding measures; yet only a year later, the regulations before us contain a contradiction on the vital point of safeguarding.
A particular concern is the drafting of Regulation 6. Regulation 6(2) places a duty on local authorities to ensure that no one can access sensitive service details, archives and ID numbers on other systems. However, Regulation 6(4) is so widely drafted that it appears to negate Regulation 6(2). In effect, when the two provisions are read together, they seem to say that a local authority must hide the details but can decide not to. To allow loopholes to rest in regulations of this importance and sensitivity is nothing less than unacceptable.
A survey of local authorities carried out by my honourable friend Tim Loughton MP shows the state of disarray on the ground. Authorities do not feel ready for the system. Moreover, in light of the appalling records around the country, as expressed in the Information Commissioner's latest report, councillors have expressed,
"practical and moral concerns at the mammoth task ahead of them".
The Government intend to use the system to improve the care of and provision for children. Their intentions are of the best kind and are shared in principle by all noble Lords. Yet it is the very system that they seek to rely on that risks stigmatising children and discouraging them from seeking help where necessary.
The Minister said that the regulations had the backing of many children's welfare organisations. However, the majority of young people and parents consulted by the DCFS oppose the measures, and the major children's charities—the NCB, the NSPCC, Action on Rights for Children and a coalition led by BAAF—have voiced serious objections. Noble Lords will have received the excellent briefing from the Independent Schools Council.
The ContactPoint system, we are told, is intended to prevent another Victoria Climbié situation. However, that is not quite accurate. The agenda for the collection of children's data began with the programme originally called "identification, referral and tracing", which predates the Laming inquiry and does not mention child protection in its original criteria. Moreover, the child protection specialist Chris Mills has already ascertained that the system would not have applied to Victoria Climbié, given her temporary residency in this country.
We all wish to see an end to the horrors that befell Victoria Climbié and others. Inasmuch as the system will create a culture of over-reliance on what will always be a flawed database, it would divert attention from the children who most need protection from those who profess to care for them. It appears that the children of the rich and famous may be exempted if there is a risk of kidnap. While I fully understand why that should be the case, it strikes me as the most damning admission of the inability of the system to protect the details of children, not to mention the injustice of treating one set of children differently from the rest.
The Government's financial estimates for ContactPoint leave much to be desired, as we shall hear from the noble Baroness, Lady Walmsley. The chief information officer and group director of programme and systems delivery at the Department for Work and Pensions estimated in May that only 30 per cent of government IT projects succeed. Given the huge complexity of the system—150 little databases wired into one national database—the system, as much as any other, risks becoming yet another hugely over-budget IT white elephant, and a very dangerous elephant at that.
It is imperative that the regulations are not passed until much greater thought has been given to their information. Once the regulations are enacted, there will be no further opportunity to prevent the slackening of security around those precious and vital personal details. I beg to move.
Moved, as an amendment to the above Motion, at end to insert "but this House regrets that adequate safeguards are not in place to ensure the protection of the information collected".—(Baroness Morris of Bolton.)
Baroness Walmsley (Spokesperson in the Lords (Education and Children), Children, Schools and Families; Liberal Democrat)
My Lords, before addressing the substance of the amendment moved by the noble Baroness, Lady Morris, and referring to my amendment, I make it plain that those on these Benches, in this House and another place, are at one with the Government and the Official Opposition in wanting a strong and secure system of child protection, early identification of every child's special needs and early intervention to provide the services that they need to allow them to thrive and fulfil their full potential.
We all agree about the desirability of multi-agency working and the best possible communication between the professionals involved with every child in the best interests of that child. We differ only in our view of how that can be best achieved. While we are delighted that the Government are prepared to invest additional funds in securing these ends, we question whether this very welcome money is being spent most effectively in the interests of the nation's 11 million children by setting up a gargantuan and dangerous database, at least half of which, by the Government's own admission, is unnecessary, since the children do not need any special services at any time up to the age of 18.
I have expressed on many occasions my concerns about the overall safety and value for money of the scheme. I did so most recently in the debate on large government IT projects on
Perhaps I could turn to the excellent 27th report from the Merits Committee. It would be an understatement to say that the committee was not best impressed by these regulations. The introduction to the report says that,
"the Government have not in our view conclusively demonstrated that a universal database is a proportionate response to the problem being addressed. While the Government have taken the need for security seriously, the scale and importance of the scheme increase the risk that any accidental or inadvertent breach of security, or any deliberate misuse of the data, would be likely to bring the whole scheme into disrepute".
As the noble Baroness, Lady Morris, has just ably demonstrated, the regulations are shot through with loopholes. The committee added in paragraph 23 that it is not convinced that,
"the additional benefits of a universal approach justify the additional costs and risks, as compared with a selective approach which would not include a child in the database unless or until the child's needs for specialist or targeted services became apparent".
That is why my amendment expressing regret—in contrast with that of the noble Baroness, Lady Morris, which I support—covers the system's cost benefit as well as its safety.
We supported the 2006 regulations on data-matching trials, as it was only fair and reasonable to conduct trials. However, we have much greater concerns now that we have reached this stage. We are not convinced that the trailblazers' results have been sufficiently analysed or that they provide an adequate basis for going ahead with this immense national project—the biggest government database yet.
My worry is that the Government found it more convenient to set up a universal database, rather than investing in extra professional health visitors, social workers and the like who can focus on children in need, because they intend, at some time in the future, to use this information to feed into the national identity database. The Government propose to keep the data for six years after the child has reached 18 and is therefore ineligible for any children's services. Despite the Minister's assurances in his letter that there are no plans for data sharing or bulk transfer of data, it would be awfully convenient to plan for that and do it at some time in the future. When it happens, as I still fear it will, I will remind him of his reassurances at this time.
The unnecessary attack on the privacy of at least half of the nation's children is another matter that concerns many of us. We are assured that the system will comply with the data protection legislation, but many of us consider that that is not enough. It is one thing for professionals to share information about a child where it is necessary to do so in the best interests of that child, but quite another to share information about all the other children in the country for no better reason than that it is more convenient to do it universally.
I simply do not accept the Government's response, either to the Merits Committee or to me, that a universal database is better because it removes the need for thresholds and has less stigma and because it is not known when a child will need a service anyway. If we spent all this money on more professional staff, we would know earlier when children need help and would be able to provide it much sooner.
Every child has to go through some sort of assessment and reach some sort of threshold anyway in order to qualify for any service. If there is any point at which stigma might be attached, although I hope not, it is at that point, and not at the point at which their private details are being entered on to an electronic database in the privacy of someone's office. Therefore, that argument does not wash.
The committee expressed concern that the system will be used by 330,000 users. The noble Baroness, Lady Morris, and I are both concerned about the security of a system that is open to so many users. I am worried about the screening of the people inputting the information on the database, as is the noble Baroness. For example, the contract, I believe, is with Capgemini, which is expanding its operations offshore, in particular to India. Will the Minister give an undertaking that a clause will be written into the contract expressly forbidding the processing of any ContactPoint data outside the UK, since it is impossible properly to screen the people involved?
I am also very much concerned—this was pointed out by the committee in paragraph 11—about the lack of support for this scheme from children, young people and their parents. The committee said that, during the consultations,
"approximately one third of the formal responses came directly from young people and parents. The majority of responses from this group expressed their opposition to the establishment of ContactPoint, raising concerns about the impact on their privacy".
A number of children's organisations have called on the Government to establish a major national communications campaign to inform children and their parents about the facts and their rights in this matter. I am most concerned that this should be effective, in particular the right to be asked for explicit consent to the inclusion of the fact that they are receiving sensitive services, such as contact with sexual health professionals. Frankly, I cannot imagine any child feeling inclined to give such consent. I am worried that children will not come forward for such services if they think that the information may go on the system without their consent, with the horrific consequences that that could have on sexually transmitted diseases and teenage pregnancy rates.
I understand that there is best practice about this in organisations such as Barnardo's. Will the Minister assure me that the strongest guidance will be given to everyone inputting data into the system, to be absolutely sure that the child, not just their parents, has given consent to matters of this sensitivity? Will he say how this aspect of the system will be monitored? Will Parliament be told how many children have been asked for their consent and how many have refused it?
The British Association for Adoption and Fostering and its partners expressed concerns that the scheme might even deter families who mistrust officialdom from coming forward for services because they do not want their details on a universal database. What evidence is there that this in an unfounded fear and how will this matter be monitored?
There is also the matter of the system's enormous cost, which, as the Minister has said, is £224 million for set-up and £41 million annually to operate it. In his letter and this evening, the Minister claims that this money would support up to 13 additional front-line staff in every local authority in the country. I can imagine the celebrations all across the land if local authorities were told that they could have 13 more fully trained professionals to work in their children's services. Yet the Minister tells me that the trailblazers demonstrated that ContactPoint will free up between 16 and 24 staff per authority by reducing administration time. Therefore, why are local authorities not celebrating? Are these front-line staff child experts or are they administrators? The committee asked how this projected annual benefit would be translated into service delivery. I echo its question. Perhaps the Minister would tell us today.
Surely it would be better to use these millions to reduce the social workers' caseloads, thereby improving retention by providing more colleagues so that they have the time to communicate meaningfully with other professionals working with their clients and therefore do their job better. I would rather put the money into trained people than into hardware and software when we are talking about services involving one-to-one human contact.
The Government claim that ContactPoint will reduce duplicated effort. However, they are only guessing and have shown us no evidence whatsoever. The system's security has to be a major concern. The fact that the Government plan to allow just the location of high-profile children or those in danger of kidnap or domestic violence to be screened out from most users is a clear indication that they are not fully confident of its security.
The Merits Committee is not, either. Hackers are clever and creative. That is why all anti-virus software is produced reactively not proactively. It plugs the holes once breaches have demonstrated their existence. Breaches of the security of ContactPoint will bring the whole system into disrepute and people will not use it. Parents will want their children out of it and the Government will have to think again. Is that what the Minister wants?
Both the Merits Committee and I, in the Minister's letter, have received assurances about the systems in place to monitor usage. Every access will be recorded and patterns of usage scanned. Will that be by computer or by a human being? Potentially suspicious patterns of access are to be reported to the manager. The managers will also be monitored to ensure that they are doing all this. But do we have a monitor to monitor the monitors who are monitoring the monitors? I joke, but this is serious and it is getting ridiculous and expensive. If such a cumbersome system of safeguards is necessary, that makes it clear to me that the dangers are immense. Could not all this money have been better spent or is the hidden agenda that the Government really want a universal database because of its future potential for other purposes? We should be told.
Lord Tunnicliffe (Labour)
My Lords, I rise somewhat timorously to create something of an innovation this afternoon—a Back-Bench contribution in support of government regulations.
I want to comment briefly on what is happening in the House in general. I see in this House an increasing interest in secondary legislation, and that is good. It is good for Parliament, it is good for the secondary legislation, it is good for departments—it does not feel like it at times, but we get better performance from them—it is good for the Government and, in this case, it is good for the children.
I declare my involvement in this matter as a member of the Merits Committee. Indeed, the committee is so enthusiastic tonight that four of our 11 members are here. It is great to get lots of praise—I thank noble Lords for that—but it is extremely important to realise how limited we are. We 11 sad souls plod through 1,200 statutory instruments a year. Our terms of reference require us to make only two decisions. To quote our terms of reference, we have to make a decision about whether we should bring the instrument to the special attention of the House and we have to decide the reason for doing so. There are four such reasons: it imperfectly achieves the policy objectives; it inappropriately implements European Union legislation; the circumstances have changed since enactment of the parent Act; or, most generally of all—it is under this circumstance that we brought this measure to the attention of the House—it is politically and legally important or gives rise to issues of public policy likely to be of interest to the House. I think that we have that right, and those are the two things that we do.
We then try to help the House by writing reports that will illustrate and help the subsequent debate. To be honest, we cannot spend too much time on them because of the sheer volume involved. Very occasionally, we call witnesses and publish their evidence, which we hope will also illuminate the debate.
Because of that process, I have been exposed to this discussion at length and I have also been exposed to, and have been able to probe, the witnesses. I conclude that ContactPoint, the information database, will bring real benefit and will be safe. The whole range of new scrutiny means that the Government have had to up their act. I should like to speak briefly to the two amendments tonight and to share with the House my conclusions about the two issues raised.
Noble Lords will know that, despite our wonderful reports, the Merits Committee is not as unanimous as it sometimes appears from our work. I am a dissenting voice. I failed to persuade my colleagues, and the report reflects very much the views of the majority. However, I took away these two areas and I should like to speak, first, to the point made by the noble Baroness, Lady Morris, concerning the whole issue of security.
If I have any professional skills left these days, they relate to an involvement in safety management systems. Those systems and security systems have very typical common characteristics. Broadly speaking, you cannot make anything safe. Ultimately, you reduce risk to as low a level as is reasonably practical and you get to that extremely low level by having multiple layers. I think that we should look at the five layers that I took from the witnesses, and I should be grateful if the Minister could either agree with me or write to me on some of the details. I believe that these five levels reduce the security risk to an acceptably and infinitesimally low level.
First—this cannot be said often enough—the data held on the system are sparse. They include an identifier and details of who is in contact with the children. They say nothing whatever about the children other than the simple identifier and who they are in contact with. Because the details are so sparse, for most children the database will contain, other than the identifier, only details of the school and who is providing them with medical services.
Secondly, access to the system is not through a typical PC terminal in a connected system. We are talking about a dedicated terminal that is degraded with encrypted software so that it behaves as a dumb terminal. You can access the system only through a whole series of security measures and, when the terminal gives up its information, it cannot be used to store or manipulate the information. They are special dumb terminals and they exist only as necessary for the users.
Thirdly, use of the database and every activity on the system will be tracked and monitored. Noble Lords may ask who monitors the monitors but, ultimately, all security systems are about layers of tracking and watching how people behave.
Fourthly, every time a practitioner uses a system, he has to explain and record on the system why he needs the information, so that the intentions of the users can be tracked and monitored.
Finally, you have to look at who will be using the system. It sounds as though a large number of people will be involved. However, not only will the users be screened in connection with its use, but they will be the very people who have already been screened because they are the practitioners to whom we presently entrust involvement with vulnerable people, such as the children whom this is designed to help.
I believe that those layers of protection will create the appropriate level of security. I hope that the Minister will be able to agree with me and reinforce that this will be a safe and protected system.
The second amendment, in the name of the noble Baroness, Lady Walmsley, concerns proportionality. There is no word that I like more in legislation or regulation than "proportionality". It is an absolutely key concept and we do not discuss it enough. The benefits must outweigh the costs. If only we applied that test with every piece of legislation and every regulation, we would be a better-run nation. It is the key idea.
Let us go into the question of how the measure is disproportional. At any point, 30 per cent of all children and, during their lives, 50 per cent of all children require some intervention and help from the caring services. I hope that there is universal acceptance that such intervention should be integrated. There is universal acceptance that the people providing those services should talk to one another and communicate. The only people to whom this system does not add value are the 50 per cent of all children for whom the only data that will be recorded, other than the identifier, will be their school or educational institution or how they are proceeding in their primary healthcare. The cost of holding that data is infinitesimal. It will be merely the overall cost of ensuring that the system is secure, so the disproportional cost will, in fact, be trivial.
Then we should look at the supporting evidence of the benefits. The department claims—because we probed it on this, I believe it to be true—that it will create £88 million-worth of practitioner benefit. It will cost £41 million a year to run and £224 million to set up. That £88 million-worth of benefit will relate to practitioners' time. Practitioners who presently waste their time ringing up various agencies to try to find out who else is involved with a particular child will not have to do that in future. Instead, they can bend their efforts to supporting the child, which is what they are there for.
The database's other value is that it will facilitate very early intervention. Everyone who talks about this area of activity says that early integrated intervention is key, and the database facilitates that. Therefore, I do not believe that it is disproportional; I believe that it is sensible and proportional.
Finally, we probed the whole area of consultation. The original evidence that we heard contained some of the concerns that people have mentioned. Paragraph 7 of the memorandum from the department, on page 14 of our report, sets out how specifically it has gone out of its way to probe children's and young people's concerns after informed debate about what it is doing. When protections were explained, the children ended up in support of the system. They felt that it was valuable. For example, in the Sheffield experiment, only two out of 100,000 people refused to have their details on the database for the purposes of the trial. The children and young people asked for assurances, but they believed in the assurances that they received.
I believe that these regulations are safe. They will add real value, bring forward integrated intervention and be welcomed by the young people whom they are designed to help.
Lord Armstrong of Ilminster (Crossbench)
My Lords, I too declare my interest as a member of the Merits Committee. Indeed, for this inquiry—hearing the evidence and preparing the report—I was in the chair because our proper chairman, the noble Lord, Lord Filkin, had very honourably decided not to take part in the committee's deliberations, because of his position as an adviser to the company which has been awarded the contract to design and build the technical solution for the contact point database.
The matters which were of concern to the committee have been thoroughly ventilated in the evidence which we took, in our report and in the speeches in this debate. I do not need to rehearse them again.
I had the impression that those who came to give evidence to us were so steeped in—I might almost say dazzled by—the beauty and complexity of the universal database of children which they sought to create that they were losing sight of whether the universality of the scheme was proportionate to the needs of the children whom it was intended to benefit, and to the costs and risks inherent in it. For the sake of catching as quickly as possible the 3.5 million to 5 million children who may be in need of specialist and targeted services, they will include in the database 5 million to 7.5 million children who have no such need.
The sheer size of the database, and the large number of practitioners who will have access to it, will maximise the costs and the potential risks of breaches of security which could be damaging to children as well as to the scheme, and the threat to privacy not only of the children who need the additional services, but also of those who do not. It is all in a good cause, no doubt, but I think that it is fair to say that the members of the committee were not convinced whether we really needed this universal sledgehammer to crack this partial, even if sizeable, nut.
The committee was told that it would be useful to include in the database the children who have no need of additional services, because it would enable the department to check whether they were getting the universal services to which they were entitled. Is that a good enough reason for a universal database in this case?
We were told that the universal database would be useful if a child became in need of specialist or targeted services, as the database would help the services concerned to make contact with the child's situation more quickly than would be possible without it. It would no doubt take longer to establish a child's situation and needs and provide practitioners with the information they need if the entry on the database had to be built up when the child's need for additional services came to be known. Is that delay a good enough reason for establishing a universal database? Is the elimination of that delay, perhaps of no more than a few days, worth all the additional costs and risks inherent in a universal database?
As I say, the members of the Merits Committee were, for the most part, not convinced. I do not mean to say that they were against it; I intend to say no more than they were not convinced of the need to go ahead with the universal database. I hope that the Minister will reconsider that decision, which I think, with some experience of bureaucracy, is a bureaucratic dream that could easily turn into a bureaucratic and political nightmare. In the light of the reservations expressed by the committee and by so many bodies in their evidence to us and in other submissions, I hope that he will re-examine the advantages of establishing a system more narrowly tailored to children in need of specialist and targeted services.
Lord Jopling (Conservative)
My Lords, I too must declare an interest as a member of the Merits Committee. I very strongly endorse what the noble Lord, Lord Armstrong, said, and what the noble Baroness, Lady Walmsley, said earlier about the reaction of the Merits Committee to this scheme. It was called "unenthusiastic" or "not convinced". Most of us—I do not associate the noble Lord, Lord Tunnicliffe, with this—were very much less than convinced indeed about the merits of a scheme of this sort.
I find it very difficult to understand why there has to be 100 per cent inclusion of all 11 million children. I have listened to what the Minister said, and he had the benefit, I imagine, of reading the evidence of his officials who appeared before the committee. Really, he did not seem to have very much more to say tonight than they had to say when they appeared in front of us, which amounted to, as I heard it and as I heard him this evening, that it had to be 100 per cent because they did not want to hurt the feelings of those who were down because they had special needs, so you had to bring in the other 70 per cent, or 50 per cent, whichever way you look at it. I am not sure to what extent children would know whether they were on or off the register. If you have a partial register, I should have thought that it was not immediately apparent to them. It would be much less apparent, for example, than knowing in schools who had free school meals and who did not. But that is another matter.
I can see no sense, and a great deal of harm, in invading the privacy of 50 per cent, or even 70 per cent, of families in the country. The consultation has shown that there is no approximation to a broad consent from families and children for a scheme of this sort. The noble Lord, Lord Armstrong, in the hearing and tonight used the phase "a sledgehammer to crack a nut". I can only agree with that.
I am particularly concerned about the problem of computer access. I have heard from the Minister about the various provisions—the layers which the noble Lord, Lord Tunnicliffe, talked about—but if a computer hacker can get into the computers of the Pentagon in Washington, it seems almost certain that hackers and those with malice in their minds would find little difficulty in getting into this computer system. As well as the abilities of hackers, there is also the possibility of using corrupt people—and there will be corrupt people among the 330,000 people who will have access to this system. When we held our evidence session, I cited a piece of evidence put before us by an organisation called Young NCB, which said—I think properly:
"Computer systems are never ever completely safe. The threat of hacking is always there. Plus there is always the danger that a professional might use the system to gain personal details about a child or children".
Those who gave evidence to us in the hearing did not reject that evidence. I listened to the noble Lord, Lord Tunnicliffe, who, to his credit, acknowledged that no system was entirely safe. I did not exactly hear that in the Minister's speech. He told us about hidden layers and all the rest of it, but I did not hear a clear acknowledgement that no system is entirely safe.
Paedophiles and terrorists, in particular, will have all the expertise to hack into systems of this sort or use their friends and collaborators to find ways to get into them. The point was made by the noble Baroness, Lady Morris of Bolton, in her excellent speech, that the fact that there is a screening-out process for those at particular risk shows the vulnerability of the whole scheme. I see ominous signs in the way that the computer system is presented to us, which reminds me of the computer system that was set up—or that we were told was going to be set up—for the Child Support Agency, which has proved to be a total disaster.
I will not go on much longer but, because computer systems are not secure, I can only read out the conclusion of the evidence from the Independent Schools Council, which is typical of a lot of the evidence given to us. It states:
"If the system cannot be secured, it needs to be adapted to ensure that it can be. Otherwise, it will fail expensively, it will fail publicly, and, most importantly, it will fail the very children it was designed to protect".
I very much hope that the Minister will agree in his summing up to take the regulations away to think more about them, and to take notice of the evidence that has been given to the Merits Committee and in speeches tonight, and that we shall not be burdened with this bureaucratic sledgehammer. Of course, some good would come out of it, but overall it is not value for money and will not properly tackle the problems that it is intended to tackle.
Baroness Barker (Spokesperson in the Lords, Health; Liberal Democrat)
My Lords, a couple of years ago, I was talking to a lady who had been adopted. One day, as an adult, she rang the hospital where she was born and asked what time of day her mother gave birth to her. She was told that she could not have that information because it was third-party information. She put the phone down and rang back about 10 minutes later, asked the same person whether they could tell her when she was born, and she was given the time of day.
I mention that to draw attention to a key point that lies at the heart of the debate. The way in which professionals decide to use information and the parameters within which they share information have never been fully clear. In debates on the primary legislation from which the regulations arise, we talked time and again to the Government about the need to recognise that the point made by the noble Lord, Lord Laming, in his inquiry into the death of Victoria Climbié was not that there should be a large database but that professionals should have a clear understanding of the Data Protection Act and their rights and responsibilities under it.
As someone who sat through that inquiry, I think that the database is a way around trying to deal with those issues, which are ultimately those that make a difference to children. It will be no surprise to the Minister that I speak as someone who has an interest in records about children. I have an ongoing interest in the way in which adults formerly in care suffer because of incomplete records and their inability to access their records.
It would be tempting to go back into a Second Reading speech but, because we should not, I simply want to ask the Minister to answer four questions that I do not see answered in the regulations. First, is the right to challenge information that is wrong or out of date enshrined and clearly understood? Who can do that? Can subjects do it?
Secondly, what safeguards are there against the misinterpretation of information? That is a drawback of the system to which the noble Lord, Lord Tunnicliffe, alluded: the information is so sparse that it can be interpreted in a number of ways. The fact that a child has been to see their GP four times in a year can tell you something or nothing. One does not need to be a genius in databases or the Children Act to look at cases where professionals have pursued their own lines of inquiry and have drawn into their net hundreds of children who should never have been included in investigations into abuse.
My third question for the Minister concerns the responsibility of the organisations that hold the records. Social services departments regularly go out of business and new ones are created; so, too, in the health service. Very few elements of the health service other than GPs have been stable for a long time. What requirements will be placed on organisations that may go out of business because of legislation to ensure that those records continue to be kept and available for access?
Finally, what does the Minister think of the figure of 330,000 staff, taking into account the number of people who leave the caring professions? There is huge turnover and high rates of temporary employment in social services. From my limited knowledge of databases, I am aware that it is often extremely difficult to get people off systems once they have been allowed on to them. What will be the protocols for ensuring that that is done and that former staff no longer have access to the records when they do not need it?
Lord Mayhew of Twysden (Conservative)
My Lords, the Minister demonstrated his recognition of the almost instinctive, gut anxieties felt at the creation of what will be a very broad, indeed almost universal, database for all children up to age 18 when he said, "All use will be monitored by government experts in information technology", or words to that effect. The only point I want to make centres on the dangers of breach of security, because I agree with so much that has already been said on this side of the argument that I need say no more. I acknowledge my indebtedness to a briefing prepared by the Independent Schools Council, which records that it is intended that retrospective tracking will enable local authorities to pinpoint abuse. The noble Lord, Lord Tunnicliffe, also attached great importance to this point in his interesting speech. The council goes on to point out that,
"evidence presented last year to the management board of the Leeds NHS Trust showed that in one month the 14,000 staff logged 70,000 incidents of inappropriate access",
It concludes that,
"misuse of ContactPoint could run to 1,650,000 incidents a month; leaving the claim that such tracking will be effective incredible. It will simply not be possible to spot anywhere near all those who through commission or omission misuse the system".
That is deeply worrying, and I hope that the Minister will be able to offer some reassurance on this. If not, it seems to me to be almost decisive.
The Earl of Erroll (Crossbench)
My Lords, I should declare an interest as a member of the advisory board of the Information Systems Security Association. We have here a database which is supposed to provide proactive protection purporting to save time and therefore money and so on, and yet we have very sparse data on it. I do not understand how such a sparse dataset is going to save a huge amount of time. The data should be sitting in files already that could easily be exchanged at the local level with quite small databases, which would probably be more secure and easily managed.
I have been thinking about this. If you have a big national database, how do you get it to work? There are some silly things in it. For example, when children go abroad for three or more years, they are taken off the system but archived for six years. But they may come back after eight or nine years, and then everything has to be found out about them and re-entered. There is some stuff in here that will go against its purposes.
The archive will be enormous, at least half as big again as the main database—although we do not think about that in the context of dealing with the whole problem. What use is the archive? It is to be restricted to only a few people, when actually CEOP, the child protection agency, probably should be the body with access to it because there could be some useful information for trying to find out about child abuse later on. Some things may not manifest themselves until later. I could not see why the agency was not included in the body of people allowed to look at it.
I turn to setting security standards. ISO 27001 is the industry standard, but I hope that the department has also consulted CESG, which sets much higher standards. A good point was raised earlier about the people working on the database having access to it. Unless the database scheme is encrypted so that the data cannot be accessed by the programmers working on it, there is a huge security problem. Some people will be able to get in through the back door. I was always able to do so in the days when I wrote software and designed systems. Further, if the security systems are too cautious, the same problems will arise as those in one of the hospitals—Nottingham or Northampton—used in the trial runs. It took so long to log on to the system that all that happened was that one person would log on at the beginning of the day and everyone else used that one point of access. In effect, the terminal was left open. Care must be taken to make sure that the security is not unworkable. I warn the Minister about that, just in case.
I am delighted to see that something will be done about increasing the penalties for leaking data and selling data. This has been long needed because something like 30 per cent of all lost data has nothing to do with hackers. That is not the problem these days; rather, the problem lies with people who are authorised to use the system. At the same time, we should look at the powers of the Information Commissioner to check that all the procedures and processes are correct and sensible. At the moment the commissioner has to wait until a complaint is filed and then pretty much has to be invited in by the data controller. Unless he has sufficient powers, he cannot find out what is going wrong.
The Minister may have underestimated the cost of keeping the database up to date. If there are around 11 million children—an average of 2.2 children in 5 million households—it should be noted that some 40 per cent of London households change address every year. That would translate to something between 0.5 and 1 million changes of address to record on the children's database every year. If 300 people are monitoring the database for accuracy and a further 300 are trying to update it, I calculate that the 300 people in charge of updating it will have to handle something between 1,000 and 3,000 changes of address a day each, which will keep them quite busy. I am not sure that the Minister's money estimates are quite right, even with 600 extra staff. The temptation will be to link the database to the proposed "Tell us once" database, where someone tells the Government once about a change of address and the information ripples over everything else. My challenge on that rests once again on the law of unintended consequences in the security world. If you are an abused partner and trying to hide your new address, or you are in a witness protection programme, it is likely that at some point someone could access your address through the back door of one of these other databases where people do not realise that the address is sensitive. I am worried about having yet another database where parents' addresses are to be maintained. Quite a few addresses will have to be kept on the database.
The point about the number of people who will have access to the database is very valid. I have worked out that during a child's life, it is theoretically possible that some 1.5 million people will have had access to that child's database—although it is segmented into local authorities and so on. We have to remember that the turnover in social services is running at about 330,000 people a year. Lastly, some people will be needed to keep an eye on the project to see that it is going well and being run properly. The department should not fall into the same trap as HMRC did when it allowed the same company that provided the system to decide when the benchmarks were going to be run. The department should keep control of when the benchmarks will be run on the project.
My Lords, I am grateful to all noble Lords who have spoken. I have been asked a huge number of questions and I cannot possibly answer all of them. However, I will write to noble Lords with responses to questions that I am not able to answer now. Perhaps I may deal with a number of questions to which I have answers before turning again to the two major themes encapsulated in the two amendments—one on the adequacy of the safeguards, moved by the noble Baroness, Lady Morris; and one on the proportionality, benefits and cost-effectiveness of the scheme, tabled by the noble Baroness, Lady Walmsley.
I also thank all members of the Merits Committee for the consideration they have given to these regulations, both in the committee and in their contributions to the debate. I noticed that there were what is probably best described as a range of views expressed. I obviously agree with my noble friend Lord Tunnicliffe, who said that the scheme would bring real benefits and will be safe, more than I do with others, but I respect the views that have been expressed. I also note that all noble Lords who have spoken recognise the importance of child protection and seeing that information is available to practitioners where they deal with children who need additional services. They accept that this will be a very large proportion of children.
The response I make to the noble Baroness, Lady Walmsley, is that when you are reaching proportions as high as 40 and 50 per cent, which are the kinds of proportions we are talking about, unless one has a clairvoyance—which, alas, is rarely granted to bureaucrats, or even mortals—and a universal system, there will be the huge job of adding and subtracting names constantly to and from a register. That in itself will introduce a big element of additional bureaucracy and cost and make the scheme less effective. The information will not be available until it is registered, so, by definition, it will not be available to practitioners before a child is entered on the register.
Perhaps I may now deal with some of the questions. The noble Baroness, Lady Morris, thought that there might be a loophole in the regulations, in that she detected an inconsistency between Regulation 6(2) and Regulation 6(4) in relation to access to data. I can reassure her that Regulation 6(4) provides only for those in ContactPoint management teams in local authorities to have access to the data set out in Regulation 6(3). It does not therefore negate Regulation 6(2), which was the concern that she had.
The noble Baroness also asked whether ContactPoint would be exempt from the e-GIF requirements on the mandatory sharing of information. I can assure her that ContactPoint information is limited by the Children Act 2004 to the purposes set out in Section 12. It will not be used for any other purpose.
The noble Baroness, Lady Walmsley, asked about Capgemini, and whether the fact that it has contracts in other countries raises the possibility of information being disclosed abroad. I assure her that the Capgemini contract ensures that no data at all will be taken offshore.
The noble Baroness asked what was the point of keeping information in the archive for six years. It is to support investigations or complaints. That period balances the Data Protection Act requirement not to retain information for longer than is necessary with the need to support and facilitate investigations. We have discussed our archive policy with the Information Commissioner's office, which is content that we have the balance right in this respect.
The noble Baroness also asked about scope creep. The purpose and scope of ContactPoint has already been made clear very precisely in the Children Act 2004. It has a clear purpose linked to the duty to co-operate and to safeguard and promote welfare as set out in Sections 10 and 11 of the 2004 Act. The data held on ContactPoint are kept to a minimum, as I described, and will not include case information. For example, in response to the noble Baroness, Lady Barker, I say that they will not include details of visits to GPs. Those case data are not there. The only information that will be on the database is the identity of the GP; it will not include any of the data that she feared could lead to misinterpretation. Therefore, the data held on ContactPoint are in pursuit of the Children Act 2004.
There has been very little change to the proposed contact of ContactPoint since the passage of the Children Act 2004, so there has been no scope creep in its development. Any amendment to the regulations, which are in pursuit of the Children Act 2004, will be subject to the affirmative resolution procedure and therefore have the full scrutiny of Parliament. There could not be further scope creep without the consent of your Lordships and another place.
The noble Baroness, Lady Walmsley, also asked about guidance to ensure that children and young people will give consent to sensitive services being included on the database. I reassure her that the guidance will address this issue and that consent must be, as will be made clear under the guidance, freely given and explicit. ContactPoint will not hold details of consent on the system, which was another issue she raised.
The noble Baroness asked whether the audit records of ContactPoint usage would be monitored by computers or by human beings. I assure her that audit records will be monitored both by computers and by human beings, each complementing the other. She asked whether shielding the records of children meant that the system was not secure, a point also raised by the noble Lord, Lord Jopling. We do not believe that the fact that some records will be shielded indicates that ContactPoint will be insecure. It is simply an additional safeguard which is entirely consistent with the risk-based approach in the Data Protection Act, which requires security to be appropriate to the harm that may be suffered by the individual. The shielding mechanism is not unique to ContactPoint; it is already in place in a number of systems.
The noble Baroness, Lady Walmsley, raised the issue of the views of young people about ContactPoint and whether we took them seriously. I assure her that we take their views very seriously, which is why we have taken considerable time and effort directly seeking the views of over 1,100 children and young people from a wide range of backgrounds. We have also looked at a wide body of research about the views of children and young people and taken on board the experience of local authority trailblazers, which developed local pilot systems and, as part of such development, consulted children, young people and families. I should stress that this consultation, as part of the development of the trailblazer pilots, generally showed that children understood the benefits of information-sharing and of ContactPoint. Understandably they wanted reassurance that the system would be secure and accurate. That is precisely why we are developing the system as we are—to ensure those robust protections. We will continue to engage children and young people directly, particularly to inform the development of communications material. We are doing so in collaboration with the Information Commissioner's Office, the Office of the Children's Commissioner and the Children's Rights Director.
The noble Lord, Lord Armstrong, asked whether eliminating some delays—he thought that they would be short delays—when a child first exhibits a need for a service was not itself a justification for a universal database. The key issue, we believe, is that practitioners are not able to make good decisions in all cases about need when they do not have the full circumstances of the child available. It is not simply a question of the delay in making entries on a database, but the quality of the decisions that will be made by practitioners in the first place, whether or not they have this information available.
The noble Baroness, Lady Barker, asked me a number of questions. Would children and families have the right to challenge information that is wrong or out of date on the database? Yes, they will. That right is enshrined in the Data Protection Act 1984. A child or their parent can ask to see their data and, if the data are incorrect, they must be corrected. She asked what safeguards were in place to prevent misinterpretation, such as children visiting GPs several times a year, but as I said, that kind of information will not be on the database. She also asked what processes would be followed to ensure that staff who left would have their access revoked—the 330,000 are staff in service, with a right to see the information on the database. I can assure her that the accounts of users will be cancelled immediately the user's supervisor notifies ContactPoint. Staff debriefing will recover the access control token, so that the user will not be able to access the system thereafter.
The first broader theme raised was adequate safeguards. I reaffirm the importance of security as a priority in the development of ContactPoint. First, we will ensure that ContactPoint is built with robust and reliable software, which is configured to remove all known weaknesses. The system will then be tested before being put into use by licensed security testers approved by the Communication Electronics Security Group in Cheltenham, which is an arm of the Government. They will, in effect, try to hack into the system and will undertake software inspection. ContactPoint will not be put into live use until it has passed the security tests. The system will be actively monitored to detect attempted hacking or penetration, and any part of the system where such attacks are detected will be shut down.
Secondly, all data are secured by encryption or scrambling while moving between computer systems, so that anyone trying to monitor communications will not be able to see the information. Thirdly, it will only be possible to access ContactPoint from computers that are either known directly to ContactPoint or connected to corporate or local networks approved by ContactPoint. The biggest risk for hacking is through the internet and from public access into computer systems; we are countering this by ensuring that any attempt to access ContactPoint from any system other than those known to be legitimate systems for access is rejected. Furthermore, we are taking active steps to ensure secure use. Systems that use passwords alone are vulnerable to misuse. ContactPoint users will therefore need to have an identifier, a password, a PIN and a physical token. We are restricting the user numbers, as I described in my opening speech. Finally, the ContactPoint system will monitor every user activity and record that securely in an audit log. The audit log will look for patterns of unusual or potentially suspicious behaviour, which will be reported to the user's manager.
I also refer directly to the submission made to the Merits Committee by the Information Commissioner, in which he reported that he had had considerable involvement with my department during the development of ContactPoint. For noble Lords who have not been so closely engaged in discussions about the development of the scheme, I quote from what the Office of the Information Commissioner said:
"It is the case that we had reservations about certain aspects of early proposals for creating an index of Children ... However, we have enjoyed very constructive relations with those responsible for implementing ContactPoint. We are pleased that our suggestions concerning the privacy, transparency and security aspects of running ContactPoint have been taken on board ... we are satisfied with the overall design of ContactPoint ... We are pleased that the 'ContactPoint Guidance', which we have worked closely with DFES on, sets out a practical set of rules and procedures for those using ContactPoint. This guidance will provide a sound basis for developing the training that DFES will be carrying out, and which the Information Commissioner will participate in. It is also encouraging"—
this takes up the point of the noble Earl—
"that sanctions have been put in place to deter those having access to ContactPoint from abusing their access".
The Information Commissioner concludes:
"We will, of course, continue to keep close contact with DFES, and with ContactPoint end-users ... We are prepared to devote the resource necessary to make sure that ContactPoint is operated properly and that the privacy interests of the individuals included on the database are safeguarded properly".
On balance, our arguments in favour of the security of the scheme are justified. That is not to say that there is no risk whatever, in response to the noble Lord, Lord Jopling. No Minister could stand here and say that. However, we have taken all reasonable precautions against it. The Information Commissioner looked objectively at the safeguards we have put in place, and they are of the most robust kind. We must set aside the continuing risk that there may be on that front against the huge gain to be had from the database. The judgment of Parliament should lead us to want the gain that could be had from making the information on children available to practitioners to help those who may, at some point in their young life, be at risk.
I dealt with most of the arguments about proportionality and cost in my opening remarks so, rather than rehearsing all those points again, I shall deal with some of the specific issues raised by the noble Baroness, Lady Walmsley, to show that her concerns are substantially either unfounded or exaggerated. She queried the £88 million annual saving, but a robust case for that saving is set out in the memorandum—whose methodology she did not seek to undermine—which my department submitted to the committee.
The noble Baroness specifically asked, and this was a key point, whether the £88 million and all the hours of practitioner time that would be saved would predominantly affect front-line practitioners. I assure her that it will. At the moment those practitioners' time is often used or wasted in having to get in touch with other practitioners or in making duplicate referrals, which would not be necessary if the database was available and access could be gained much more quickly.
Baroness Walmsley (Spokesperson in the Lords (Education and Children), Children, Schools and Families; Liberal Democrat)
My Lords, the £88 million is only a gain if the figure of £41 million is accurate, and the noble Earl has raised severe concerns that those are perhaps very optimistic figures for both the set-up and the annual running costs. You only have a gain if the figures for the running costs are correct.
My Lords, that is not the case. Even if the running cost figure is higher than £41 million, that does not of itself undermine the £88 million saving. Page 17 of the committee's report, which prints the relevant memorandum, identifies the practitioner groups whose time will be saved by the availability of the database. I shall read out the list: school nurses, health visitors, social workers, educational administrators, Connexions workers and youth offending teams. Those are front-line practitioners; we are not just dealing with back-office staff and functions.
The alternative before the House is not no scheme at all but a partial scheme, a register for those at risk, which the noble Baroness supports. If it is not to be a national scheme, local schemes will need to be maintained for identifying those at risk. All our advice is that the cost of a partial scheme simply identifying those at risk would be higher than that of having a universal scheme. The cost in terms of time of having to make constant decisions about the addition and subtraction of names on the list would be great, and we would need to support systems and staff engaged in the filtering of data input case by case to decide what was appropriate in respect of individuals. That is not the case with the universal scheme. The result would be a substantial increase in the implementation cost, adding £20 million to the existing £240 million cost, and a significant increase in the per capita cost of ContactPoint.
The point made about Victoria Climbié was quite telling. The noble Baroness, Lady Morris, quoted somebody who said that Victoria Climbié would not have been identified on the universal register, as she had been presented to some services as only being in England on a temporary basis. I am advised that she would have been on the register. It is important that we understand that, as a good deal of the concern that has motivated the development of this database was precisely that very harrowing case and what could happen in future if we did not safeguard against it. The aunt of Victoria Climbié was claiming child benefit and had registered Victoria with two GPs, so she would have been on the database if it had been available. In weighing up the costs, benefits and fine judgments that noble Lords have to make this evening, that is a factor to be considered.
I conclude by quoting the memorandum submitted to the Merits Committee by Barnardo's, an organisation respected in all parts of the House. Its final conclusion was as follows:
"Having ready access to the wider network of care around a child will mean that all practitioners are better informed about the range of services being provided, and any gaps that there might be, such that an early intervention can be effected if needed, rather than costly remediation once something has gone wrong. The system"—
that is the system that we are proposing—
"will support integrated delivery of services, help prevent duplication, and help practitioners in the wider ECM reforms".
Barnardo's concluding judgement on the scheme that we are putting before the House was:
"This is a challenging project, but worthwhile in that it harnesses the technologies of the 21st century to the support of those who work with children in the interests of the children themselves".
That is the case that we put before the House this evening. I invite the House to approve the regulations.
Baroness Morris of Bolton (Shadow Minister, Children, Schools and Families; Conservative)
My Lords, I appreciate the contribution of all noble Lords, who with the exception of the noble Lord, Lord Tunnicliffe, have all expressed great anxiety. I especially thank noble Lords from the Merits Committee, who I understand are nominated for an award at tonight's HouseMagazine ceremony; I wish them well.
The speech of my noble friend Lord Jopling summed up perfectly our objections to the regulations. I thank the noble Baroness, Lady Walmsley, for her support. I agreed with every word of her powerful speech, and we support her amendment.
The Minister was, as always, thorough and courteous in his reply and I accept that his undertakings are made in all good faith. However, I am not reassured and remain deeply troubled both by the principle of this database and by its operation.
The noble Lord, Lord Tunnicliffe, said that the system was safe—or as safe as it could be—because it had five layers, but my noble and learned friend Lord Mayhew pointed out the terrifying statistics from the Leeds Teaching Hospitals NHS Trust. It referred to,
"wholesale sharing and passing on of system log-in identifications and passwords".
I am afraid that that is human nature.
"if the justification for the information-sharing about children is that it ... is always proportionate where the purpose is to identify children who need welfare services, there is no meaningful content left to a child's Article 8 right to privacy".
For the sake of our children's privacy, for the sake of their sense of self and for the sake of those children who most need our protection, I urge the Government to think again to avoid the nightmare of which the noble Lord, Lord Armstrong, spoke. Even though the hour is late and many noble Lords are at the HouseMagazine awards, we feel so strongly about this that I wish to test the opinion of the House.
Baroness Walmsley (Spokesperson in the Lords (Education and Children), Children, Schools and Families; Liberal Democrat)
rose to move, as an amendment to the Motion in the name of Lord Adonis, at end to insert "but this House regrets that the cost is likely to be disproportionate to the benefit and could have been more effectively and safely spent on professional staff".
My Lords, although I regret having to keep you from your House Magazine dinner, I shall have to trouble you for another opinion. I beg to move.
Moved, as an amendment to the Motion, at end to insert "but this House regrets that the cost is likely to be disproportionate to the benefit and could have been more effectively and safely spent on professional staff".—(Baroness Walmsley.)