'Regulations under section 2(5)(iii), section 4(4)(b) (to the extent that they make provisions of a kind permitted under section 2(5)(i)) and section 6(1) or (2) shall make suitable provision to protect the confidentiality of information provided or disclosed under those regulations, including an appropriate enforcement mechanism.'.—[Patrick Mercer.]
Brought up, and read the First time.
I beg to move, That the clause be read a Second time.
New clause 2 is essentially a confidentiality clause. It is based not on the idea of a reasonable and rational Government enforcing such powers, but a Government who are malevolent, misguided, or, more predictably, thoroughly shocked by the events that surround them, in a way comparable to the effects of the strictures and difficulties under which Mr. Bush's Government operated after 11 September. In those circumstances, I think that that Government reacted extremely rationally, but it is possible that a Government might not react so rationally.
The new clause is designed to act as a whistleblower's comfort blanket. As things stand, the Government will be able, on Royal Assent, to demand information for any purpose they desire and pass it on or force it to be passed on to whatever level of responder they desire. That information could be dangerous; it might lead to conflicts of interest and to difficult circumstances where the passage of intelligence is concerned. It is important that the new clause should be viewed as intending to alter the behaviour of a malevolent Government, or a Government in deep shock. Although the new clause does not guarantee personal anonymity for the source of the information, at least the information will have to be kept secret. That might allow whistleblowers, for want of a better phrase—those who have difficulties with the way the Government are conducting themselves in these circumstances—physically to come forward with that information. I would be grateful if the Minister would illuminate me on that point.
The new clause picks up on some issues that we raised at the start of this Committee—it feels like many weeks ago, but it was not that long—concerning part 1 powers. The hon. Member for Newark is right about the ability for responders to demand information from people and then pass it around between themselves. What might happen with that data remains a matter of concern. We are probably primarily concerned with problems arising with commercially sensitive data, rather than intelligence-sensitive data. The point where there is
greatest danger of leakage, and of upset on the part of a company because its commercial information is in the public domain, is probably when the information about the telephone networks and other utility networks has been demanded and is in circulation. However, personal data about individuals could also be included. If we think about the public health issues that might arise here, such as those raised by communicable diseases, we could be dealing with personal data, and a category 1 responder requesting personal data from another category 1 responder. If they are both health bodies, that data will be incredibly sensitive.
My guess is that the ministerial response will say that this is covered by the Data Protection Act 1998—that tends to be the response to any question concerning the leakage of data—but that is large and all-encompassing and is rarely used. The notion of there being straightforward legal redress—the penalties imposed for the leaking of certain kinds of information—is perhaps not as current as it should be, or as Parliament intended. It remains quite a weak instrument, and the idea that there should be specific reference to sanctions, as proposed in the new clause, in the context of a Bill that gives category 1 responders a power to demand this kind of information is quite healthy. Where, for the public good we are stating that data must be handed over, it is appropriate to say that those people who demand the data have, in Government jargon, responsibilities as well as rights, and their responsibility is a responsibility of confidentiality, backed by sanctions if they step from the path set out for them.
Indeed. It is entirely appropriate that if we have the ability to demand information, there should be an explicit corresponding responsibility to protect it. I did not feel that that was explicit enough when we discussed the matter in part 1. The Data Protection Act powers are there—speaking of long Committees, the Committee on that Bill was 10 times as long as this one, mentally, if not in actual time taken—but they are not in the common usage required for there to be immediate recourse for people if their data have been leaked.
I feel that I will disappoint the hon. Member for Newark once again by resisting the new clause. Throughout the Committee stage he has consistently implored us to take a practical approach. Indeed, it may be a matter of some quiet pride to him that one morning I was doing something as innocuous as shaving when he appeared on the ''Today'' programme making exactly these points and causing the Minister to have a rather more troubled breakfast than he had anticipated.
I will try to answer specific points about information sharing, which is important with regard to the Bill's intentions and the safeguards that form the substance of what the hon. Member for Sheffield, Hallam said. Information sharing is fundamental to the development of sound risk assessments and well founded planning and response arrangements. How could a fire authority assess risk and make response plans without a thorough knowledge of how a local
electricity generator works? That is a very straightforward example. We recognise, however, that while information sharing is vital, it is highly sensitive. The hon. Gentleman was right, therefore, to emphasise that the confidentiality of information disclosed as part of the civil protection arrangements should be protected. He is also right to seek assurances that where confidentiality is breached, enforcement action will be available.
While I am unable to accept the amendment, I hope that my explanation will at least throw light on the points he has raised. Information sharing, whether under clause 2(5) or clause (6), will not materially affect the law of confidence. If one responder passes confidential material to another, pursuant to the regulations, he will be able to rely on common law remedies to enforce that confidentiality. In addition, the draft regulations contain provisions that preserve the confidentiality of sensitive information shared between responders. Furthermore, a responder—or a Minister of the Crown—may bring action in the High Court in respect of a failure by a responder to comply with the regulations. As draft regulation 29 makes clear, provisions concerning the protection of sensitive information not only cover commercially sensitive information but information the disclosure of which would be contrary to the interests of national security or would endanger public safety, and personal data the disclosure of which would breach the Data Protection Act 1998. That was raised by the hon. Member for Sheffield, Hallam.
In addition to the remedies offered by the Data Protection Act, the enforcement mechanism under clauses 10 and 11 would also apply. On that basis, I hope that I have offered the assurance that the hon. Gentleman seeks and I urge him to withdraw the amendment.
I am sorry if I spoiled the hon. Gentleman's breakfast; I have no doubt that he consumed all the sausages that he might otherwise have thrown to us. The analogy cannot go on; I have obviously had my chips. The Minister has made it clear that he is not going to give any ground, despite the eloquent intervention of the hon. Member for Sheffield, Hallam.
I have no doubt that we shall wish to return to this subject on Report, but in light of what the Minister said, I beg to ask leave to withdraw the motion.
Motion and clause, by leave, withdrawn.