I accept the Minister's correction; it is something we are all getting used to. I congratulate him on retaining his job.

The new Department has no idea in how many schools this is happening. Despite the fact that unofficial surveys would suggest that it is taking place in every local education authority area in the country, the Government have no records of how many schools are collecting Biometric data. That was revealed in an answer by the former Schools Minister, Jacqui Smith, in February 2006:

"We are aware that some schools do hold a photograph of pupils on their management information systems; use fingerprint scanners for the twice daily attendance registration of pupils; or use iris-scanners. However, my Department does not collect any information on how many schools use such equipment or hold photos or any other biometric data on their systems."—[ Hansard, 27 February 2006; Vol. 443, c. 505W.]

Yet a survey conducted by the campaigning organisation Leave them Kids Alone has estimated that 3,500 primary and secondary schools now use biometric data systems and that approximately 750,000 children have been fingerprinted by their schools. It is estimated that 20 new schools a week are being added to those figures. Therefore, the issue needs to be addressed.

One thing is certain: we may not know how many schools this is happening in, but we do know that parents are often not being asked for consent and in many cases are not even being informed. Some schools will send a letter home—some do so before the system is introduced, some afterwards—but there is no requirement to do that. There is real concern among parents, parent groups and civil liberties organisations, which, I am afraid, up to this point has been ignored by the Government. Indeed, in responding to requests to devote parliamentary time to the issue, the former Leader of the House, Mr. Straw said:

"I am not aware of the practice, but obviously people have accepted it."—[ Hansard, 25 January 2007; Vol. 455, c. 1567.]

That is absolutely not the case. David Coulter, who runs Leave them Kids Alone, has reported that over 1,500 parents polled between July and September last year were against the use of fingerprinting systems. He has received more than 300 complaints from disaffected parents in one month alone.

I am delighted that finally—and, it seems, entirely coincidentally—the Department published the long-awaited guidance for schools on the issue today. That is welcome. However, as well as being overdue, it still leaves uncertainty as to the rights of parents and pupils to object, a point to which I shall return.

To give the background to the issue, biometric systems are being used for attendance, borrowing library books and cashless lunch systems. A form of biometric data such as a fingerprint or retinal image is collected and converted by an algorithm into a unique binary number. This is then stored in encrypted form and checked against the corresponding number every time the pupil places his thumb on a scanner allowing that pupil to borrow a library book or to buy lunch in the canteen. As a result of the encryption process, and because the fingerprint is stored as a number rather than a fingerprint, it is claimed by the companies who provide these systems that it cannot be reverse-engineered, and therefore, it is secure and not open to identity fraud or theft. However, that is not strictly accurate. Independent technology experts have stated that in their opinion it is impossible to say that data will remain secure. Advances in technology mean that it is inaccurate to say that it will not be possible to reverse-engineer the data stored in order to obtain the original fingerprint.

There is also concern about how the data is stored. It is generally stored on small school networks or stand-alone PCs, with the most basic level of firewall protection and anti-theft protection, or it is held by the agencies who provide the technologies—and we are talking, of course, about an industry that is unregulated. Further, as Action on Rights for Children points out, schools are not secure places. Theft of school equipment is alarmingly frequent and IT equipment is a magnet for thieves. The Metropolitan police recorded 7,500 school burglaries between 2000 and 2004. Outside London, local crime figures suggest that at least one school a day is burgled in each police area.

Andrew Clymer is a senior identity management security expert with more than eight years of experience working for organisations such as Cisco Systems, Visa, Fidelity and Merrill Lynch. He says

"There is an element of risk storing thumbprint" templates

"on a school computer. No system can guarantee the security of information against future technology. Attempting to protect lifetime relevant information is extremely tricky and potentially costly."

Banks invest millions of pounds in constantly updating and adapting their security systems to prevent identity fraud, but how can schools be expected to do the same? However, unlike a bank personal identification number—PIN—biometric data cannot be changed in the event of theft or identity fraud, and a person's biometric data remains the same for a lifetime. Therefore, once stolen, it is compromised forever.

How long data is stored is also an issue. Schools act independently. Some might destroy the data they hold as soon as the child leaves school, but there is nothing to stop them keeping the data for longer, or permanently, if they have sufficient storage space. Not only does that raise questions about whether the data could be used by organisations, including the police or security services, in later life, or indeed while the child is still at school, it raises further concerns about the security of the data and the chance that it might be compromised.

There is also the question of whether biometric information collected in schools is prohibited by data protection legislation. The Government's defence is that the information stored is not sensitive, but how can that be the case? The data is unique to each individual. As plans are being drawn up to introduce cash machines that use biometric data such as fingerprints, not to mention biometric passports, how can the Government suggest that that is not sensitive data?

The fundamental issue, however, is that of parental consent—or rather the lack of it in respect of the collection of biometric data in schools. Many schools collect that data without directly consulting parents, never mind obtaining explicit parental permission. An online poll last summer of 1,400 parents by Leave Them Kids Alone found that 94 per cent. were against schools taking biometric data without parental consent. Many parents have contacted MPs and Ministers to express their outrage following their discovery that biometric data had been collected from their children without their knowledge, never mind their consent. Action on Rights for Children states:

"Given the seriousness of the issues involved, it is nothing short of astonishing that children's fingerprints are being taken without parental knowledge or consent."

Some parents have taken the step of withdrawing their children from systems such as cashless lunch arrangements, but that is not without consequence, and many parents fear that their children might be stigmatised or marginalised as a result. If parents were given the right to withdraw consent and did so to any extent, the use of biometric systems would be entirely undermined. An alternative system would need to be in place. However, instead of there needing to be two systems, why not have one system that works and that delivers the same benefits as biometric data systems, without issues and concerns?

The lack of guidance has been a concern. Regardless of what the Minister might say, there has been a U-turn. In an answer to a written question last year, the former Schools Minister said:

"My Department has issued no guidance to schools on the collection and recording of pupils' biometric information. In collecting data of this type the school is likely to rely on the broad powers contained in paragraph 3 of Schedule 1 of the Education Act 2002. This enables a governing body to do anything which appears to them to be necessary or expedient for the purposes of, or in connection with the conduct of the school."—[ Hansard, 27 February 2006; Vol. 443, c. 504W.]

Today, finally, the guidance is published. I welcome that, but it is six months after the Government said that they would publish it and it is very conveniently timed for this debate. However, the Government still have not fundamentally addressed the issue of whether parents have the right to be asked for consent: the guidance merely says that they should be asked. It is welcome that parents should be fully informed about how their children's biometric data will be used, what is involved, what data will be held and stored, why it is required, how it will be secured, and for how long it will be retained. However, the guidance critically fails to introduce a legal requirement for parental consent to be obtained before a child's biometric data can be collected. That is unacceptable, on such a critical issue that has so many ramifications for the children involved and the security of their personal data. The only way to resolve the problem is to introduce a legal requirement for consent.

The collection of biometric data by schools is not necessary. There are reasons why schools are buying such systems and why the companies are telling schools that it is a good idea to do so. They suggest reasons of efficiency; traceability, of library books, for example; or identification of pupils who qualify for free school meals without revealing that to other pupils. But all those could equally be achieved by swipe cards. It is interesting to note that swipe cards are 100 per cent. accurate when passed over a reader, but biometric systems such as fingerprint scanners are only 93 per cent. accurate. So they are less accurate than swipe cards and considerably more expensive.

Will the Minister clarify the situation regarding e-learning credits? There is some confusion about what part of such systems can or cannot be purchased with e-learning credits. Many parents feel that it is not an appropriate use of e-learning credits, but I would welcome the Minister's comments.

In conclusion, this is a real issue that needs to be addressed. I am glad that the Minister and the Department are taking it seriously and have finally published guidance.

It raises many issues, including those of security, consent and information, as well as benefit, necessity and cost. I mean cost not only in monetary terms, but in the possible ramifications and consequences of the introduction of that practice. The Government have been too slow to listen and too slow to act. They are finally engaging with the issue, but their response is still inadequate. It is not enough to say that parents should be consulted. They must be consulted, if biometric data, such as fingerprints, are to be taken from their children. Like a child's safety on a school trip, the collection of a child's fingerprints or other biometric data is enormously important, and should be treated with the same respect.

Given all the problems and concerns about the issue, which have been raised by parents, parents' groups and civil liberties groups over the past few months, I have come to the conclusion that the costs of introducing that technology into our schools utterly outweigh any positive benefits that may ensue. The collection of biometric data in our schools is unnecessary, intrusive and insecure. A can of worms has been opened and, as yet, the Government have failed adequately to close it. The situation is now a little clearer, but we want real clarity. The only way to achieve real clarity is for the Government to say that schools must always ask parents for consent before taking biometric data from children.