Identity Cards

Home Department written question – answered on 18th April 2006.

Alert me about debates like this

Photo of Lynne Jones Lynne Jones Labour, Birmingham, Selly Oak

To ask the Secretary of State for the Home Department whether he has undertaken a privacy impact assessment of the proposed national identity scheme; and if he will make a statement.

Photo of Andy Burnham Andy Burnham Parliamentary Under-Secretary (Home Office)

The Government have carefully considered the privacy implications of the national identity scheme. The national identity register will hold only that information which is listed in Schedule 1 of the Identity Cards Act 2006. A significant amount of the information listed in Schedule 1 is already held on the passport database. For example, most of the information contained within paragraphs one, five and seven are held on the passport database which is administered by the Identity and Passport Service. Additionally, the information and personal reference numbers contained in paragraphs three and four are either allocated by a Government Department, or in the case of documents issued overseas, are generally recorded by a Government Department, usually the Immigration Service. The national identity register will hold much less information than databases that are administered by various private companies, for example credit card issuers and supermarket loyalty schemes. The Identity Cards Act ensures that personal reference numbers which would tend to reveal sensitive personal data cannot be held on the register. The PNC number for example, could not be added to the register as this could suggest that the individual had been of interest to the police, or that the individual had a criminal record.

In addition to the safeguards in the Data Protection Act with which the scheme will comply, the Act also provides additional safeguards. Information will be disclosed only with consent under Section 12 of the Act, or via strictly controlled statutory procedures set out in Sections 17–21 of the Act. The individual will be able to view the 'audit log' information, set out in paragraph 9 of Schedule 1, through which they can view each occasion on which information has been disclosed from their record. A function of the national identity scheme commissioner set out at Section 22, will be to keep under review the extent to which the arrangements of the scheme make appropriate provision for securing the confidentiality of the information stored in the register.

Does this answer the above question?

Yes3 people think so

No1 person thinks not

Would you like to ask a question like this yourself? Use our Freedom of Information site.

Annotations

Chris Lightfoot
Posted on 21 Apr 2006 5:58 pm (Report this annotation)

"The national identity register will hold much less information than databases that are administered by various private companies, for example credit card issuers and supermarket loyalty schemes."

This is false. Credit card companies and loyalty card schemes do not, for instance, hold photographs and fingerprints of each customer; nor do they hold an audit trail which is likely to record, for instance details of occasions on which the customer visits an NHS clinic or a benefit office, or when they travel in or out of the country. In any case the comparison is irrelevant because enrollment in the loyalty card database or the credit card database is voluntary and governed by the Data Protection Act, whereas Burnham and his chums want to make enrollment in the National Identity Register compulsory and the Identity Cards Act allows the government to circumvent safeguards in the DPA.

"The Identity Cards Act ensures that personal reference numbers which would tend to reveal sensitive personal data cannot be held on the register. The PNC [Police National Computer] number for example, could not be added to the register as this could suggest that the individual had been of interest to the police, or that the individual had a criminal record."

This of course is irrelevant, since an individual's record in, say, the Police National Computer could be annotated with their National Identity Registration Number, and that would make it trivial to connect information between the two databases. The Home Office claim that this policy of "data sharing" will make government more efficient; it will certainly make it more intrusive.

(By the way, while it is true that a PNC number itself could not be added to the NIR because the Identity Cards Act doesn't allow the storage of numbers which tend to reveal sensitive data about an individual; there would be nothing to prevent the text of an individual's criminal record, or a flag to indicate that they had a criminal record, from being added to the NIR.)

"A function of the national identity scheme commissioner [...] will be to keep under review the extent to which the arrangements of the scheme make appropriate provision for securing the confidentiality of the information stored in the register."

--and if the Commissioner reports anything embarrassing, the Home Secretary can use his powers under s.23(4) to prevent those parts of his report from being published, simply by claiming that they would prejudice "national security" or "the prevention and detection of crime". Since those are among the (statutory) functions of the scheme itself this exception could presumably be used to cover any criticism of the scheme's operation.