I thank Greg Mulholland for raising such an important issue. The subject has generated a great deal of debate, some controversy and a lot of mythology. The hon. Gentleman has written to me and questioned me several times about the issue, so I welcome this opportunity to try to offer him further reassurance, although as he said the response was inadequate, he may have prejudged me.
For some time, I have been keen to publish guidance on how the secure use of biometric technologies can support efficient school management, and we did so today. The guidance was produced in consultation with the Information Commissioner. Once the debate was announced, I was determined to have the guidance published by today so that the debate could be informed by it, and I am grateful to officials and to the commissioner for their co-operation in ensuring that we could do so. The guidance was produced on behalf of the Department for Children, Schools and Families by the British Educational Communications and Technology Agency—the Government agency that leads our national drive to improve learning through technology. I have placed a copy of the guidance in the Library and it will soon be available on the BECTA website. The Information Commissioner has also produced a complementary statement, which I shall ensure is available on the commissioner's website. Furthermore, Members will have noticed the publication of a written ministerial statement on the subject today.
The debate is driven by the legitimate need to ensure that the privacy of pupils is both respected and protected, but unfortunately it is characterised by some significant misconceptions and I hope that I can address them effectively today. It is important to clarify exactly what we mean by biometric data. The biometric element in this case, as the hon. Gentleman said, is an algorithmic representation of a fingerprint—not the recording of a fingerprint. It is extremely important that people understand that it is not the recording of a fingerprint, but the algorithmic representation of one.
In plain English, the technology derives a unique numerical value from a fingerprint—a number to identify an individual pupil. Images of actual fingerprints are neither created, nor are they stored. The number is linked to basic identifying data about the pupil such as their name and form. That means that biometric data stored by schools are of no more practical use than that stored on the swipe-card system to which the hon. Gentleman referred.
Biometric data are in common use for security and identification purposes; indeed, I have fingerprint recognition on my laptop. Some schools see biometric technology as a practical solution to some of the day-to-day issues they face. In a number of instances, schools may find it helpful and effective to collect and use biometric data.
I have seen at first hand how such systems can help the running of schools—maintaining accurate attendance records, enabling cashless canteens to be introduced and maintaining accurate and efficient library records. Of course, as the hon. Gentleman said, there are alternative solutions for improving school management and administration, including the use of smartcards.
Smartcards are not without their own issues, however, as I saw recently on a visit to a school in Harrow. As happens in many other schools, a child's family is charged £5 every time a card is lost, which is a common occurrence and £5 that many families can ill afford—it is clearly much more difficult to lose one's finger. Not only can swipe cards easily be lost or forgotten, they can also be swapped between pupils, causing a particular problem for maintaining accurate attendance records, which could put the education and safety of our children at risk.
Using biometric data means that there are no cards to be lost. In addition, if the technology is used in the canteen, pupils no longer need to carry money, thus helping to reduce opportunities for bullying and theft. Cashless canteens, which can be facilitated by swipe cards, mean that it is not possible to tell who is receiving free school meals, thereby reducing stigma and increasing take-up.
It is up to schools to decide whether any of those systems will work for them. We certainly do not advocate one technology over another, or technology for technology's sake. We want schools to adopt it where it makes sense for them. The hon. Gentleman refers to answers from the then Schools Minister, my right hon. Friend the Secretary of State for the Home Department that referred to the Education Act 2002. That Act enables governing bodies to do anything that is necessary or expedient for the purposes of, or in connection with, the conduct of the school or the provision of facilities or services. As a result, schools are free to use biometric technologies in the ways that I describe if they feel that it will help the school to run more smoothly, in accordance with data protection legislation and with regard to the guidance that we have issued.
I want to turn now to the concerns that have been raised about the implications for privacy. There are several safeguards in place that I want to draw to the attention of the House. First, the Data Protection Act 1998 protects against the improper use of all types of data, including biometric data. As part of their responsibilities under the Act, schools have a duty to ensure that personal data are kept secure. Today's additional guidance will make it clear how the law relates to biometric data and advise schools on how to comply with it. By law, such data can only be used for their stated purpose; they cannot be shared with third parties beyond that stated purpose, and they must be destroyed when pupils leave their schools. Some have raised concerns about, for example, the police using such data. Not only do we know of no circumstance where biometric data have been used by the police, but they could only access the data as part of an investigation into a specific crime. There certainly can be no read-across to other databases.
Schools already hold pupils' personal details. Information such as a pupil's address, date of birth and reports from social services are securely held as a matter of routine. I am sure that no one would argue that schools should not collect and store that information while pupils attend school. Many of those data are much more sensitive than an algorithmic number, generated by a fingerprint. Schools are used to holding such data securely and within the boundaries of the Data Protection Act 1998, and the introduction of biometric data does not represent a significant addition.
Schools and local authorities are responsible for developing their own policies about the information that they wish to collect and hold, subject to relevant legislation on data protection and freedom of information. There have been calls for the Government to introduce further regulation specifically to clarify how biometric data can be collected and used. As I have stated, that is already covered by existing legislation and is not necessary. It would also go against the essential principle of giving governing bodies the freedom to manage their school as they see fit, free from unnecessary interference from Whitehall, which is something that hon. Members on both sides of the House keep asking me to bear in mind.
Secondly, as I stated earlier, it is not possible to recreate a fingerprint using the numbers that are stored. The algorithm generates a unique number, producing no information of any use to identity thieves. I shall quote from a statement from the Information Commissioner's Office—a thoroughly independent source—that says in the third paragraph:
"Full fingerprint images are not stored and cannot be generated ('reverse engineered') from the template."
I hope that that is clear to all those listening, because it is an important reassurance on the points that the hon. Gentleman has made.
Thirdly, pupils and, where appropriate, parents must be fully informed of the data collected and kept, through a fair processing notice, as part of the data protection legislation. No data can be collected without their knowledge. That is common sense and a central principle of the guidance that we will publish tomorrow.
Fourthly, the use of biometric data in schools does not, as some say, edge us closer to a surveillance society any more than taking the register at the start of class ever has. By law, the data cannot be shared. There are no fingerprints to be handed to the police or stolen by anyone, nor any personal data that are not already held electronically by every school in the land.
This is technology introduced for the benefit of our pupils and teachers. It is not "1984" by the backdoor. There are no sinister forces at work here, and I would argue that it is irresponsible to suggest otherwise to get some cheap headlines.
I recognise, however, that although schools are acting legally and that all data collected will be handled in line with the Data Protection Act 1998, some parents may want further information. The guidance clearly lays out the legal position for schools. It advises head teachers on the practical and legal steps they need to follow if they decide to introduce the technologies. It will help schools to operate such systems, while respecting the wishes of pupils and parents who do not wish to participate. The guidance specifically recommends that schools give pupils and parents with genuine concerns the opportunity to opt out. Those who choose to do so should be offered an alternative means of accessing the same services. We have had some reassurance that the sorts of technology that might be used in the dining hall, the library, or for attendance could be interchanged with the use of swipe cards.
The guidance also encourages schools to be open and clear with parents, providing straightforward information on the nature and use of biometric technologies through a fair processing notice. I understand parents' concerns if they believe that images of their children's fingerprints are being taken and stored. That is a perfectly legitimate concern and I am sure that many of the parents to whom the hon. Gentleman referred are raising exactly that concern. It needs to be made clear to them that that is not the case: images of fingerprints are not being kept or stored. An algorithmic number is being generated from those fingerprints that cannot be reverse engineered.
I have seen how biometric data can have a very positive impact in schools. The technology does not put pupils' information at increased risk, nor does it imply a criminalisation of our children. It is the decision of the individual school, in consultation with parents, whether to introduce the technology. It is a way for head teachers to improve the administration and safety of their schools. For many, it may be common sense. I hope that I have reassured the hon. Gentleman about the use of biometric data in schools.
Question put and agreed to.
Adjourned accordingly at twenty-four minutes to Ten o'clock.
Copy and paste this code on your website