Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Database State


Published on

Presented at 2nd Privacy Open Space, Berlin, 3 Apr 2009

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Database State

  1. 1. Database State
  2. 2. Outline <ul><li>UK government systems for identity, health, criminal justice, social security </li></ul><ul><li>Data protection and human rights standards </li></ul><ul><li>Designing privacy-friendly e-government systems </li></ul>
  3. 3. Scale of DWP systems Fields Cases System 700 8m Income Support Computer system 9,800 92m Customer Information System 15,500 6.5m Pensions Transformation Programme 1,300 480,000 Customer Management System
  4. 4. Identity management <ul><li>Central National Identity Register of all those over 16 living in UK longer than 3 months with biometrics, biographical data and audit trail </li></ul><ul><li>ContactPoint database of all 11m children in England and Wales with biographical data and links to services used </li></ul><ul><li>National Identity Registration Number can be used to link up other databases </li></ul>
  5. 5. National Programme for IT <ul><li>Central Summary Care Records with biographical data, allergies and prescriptions </li></ul><ul><li>Regional Detailed Care Records </li></ul><ul><li>Central Secondary Uses Service for administration and research </li></ul>
  6. 6. Criminal justice <ul><li>National DNA Database with 5.1m profiles </li></ul><ul><li>ONSET system attempts to identify potential young offenders </li></ul><ul><li>National Fraud Initiative collects much sensitive information but absolved from liability for any confidentiality breaches </li></ul><ul><li>National ANPR system keeps up to 18bn records pa for up to 5 years </li></ul><ul><li>Communications database proposed </li></ul>
  7. 7. DP and human rights standards <ul><li>Interference with private life must be based on detailed, clear, precise, foreseeable law ( Copland v UK ) </li></ul><ul><li>Systems must limit access to data to those who have a proportionate requirement for access ( I v Finland ) </li></ul><ul><li>Bleeding-edge states have a particular duty to consider impact of databases upon privacy ( S & Marper v UK ) </li></ul><ul><li>Only 5 of 46 databases reviewed met these standards </li></ul>
  8. 8. Privacy-friendly e-government <ul><li>Privacy Impact Assessments are needed much earlier in policy cycle, and include ECHR compliance checks </li></ul><ul><li>Sensitive personal information should be kept on local systems and shared only with the subject ’ s consent or for a specific lawful purpose </li></ul>
  9. 9. Final thoughts <ul><li>The UK is a model for how not to do e-government, as the ECtHR is recognising </li></ul><ul><li>It is dangerous to allow these large centralised databases to proceed in the hope they will later be ruled illegal </li></ul><ul><li>Governments need to build privacy into systems by design at a much earlier stage </li></ul>