Database State
9
Database State
-
Upload
ian-brown -
Category
Technology
-
view
5.073 -
download
0
description
Presented at 2nd Privacy Open Space, Berlin, 3 Apr 2009
Transcript of Database State
Database State
Outline
UK government systems for identity, health, criminal justice, social security
Data protection and human rights standards
Designing privacy-friendly e-government systems
Scale of DWP systems
System Cases Fields
Customer Management System
480,000 1,300
Pensions Transformation Programme
6.5m 15,500
Customer Information System
92m 9,800
Income Support Computer system
8m 700
Identity management Central National Identity Register of all
those over 16 living in UK longer than 3 months with biometrics, biographical data and audit trail
ContactPoint database of all 11m children in England and Wales with biographical data and links to services used
National Identity Registration Number can be used to link up other databases
National Programme for IT
Central Summary Care Records with biographical data, allergies and prescriptions
Regional Detailed Care Records Central Secondary Uses Service for
administration and research
Criminal justice National DNA Database with 5.1m profiles ONSET system attempts to identify
potential young offenders National Fraud Initiative collects much
sensitive information but absolved from liability for any confidentiality breaches
National ANPR system keeps up to 18bn records pa for up to 5 years
Communications database proposed
DP and human rights standards Interference with private life must be based on
detailed, clear, precise, foreseeable law (Copland v UK)
Systems must limit access to data to those who have a proportionate requirement for access (I v Finland)
Bleeding-edge states have a particular duty to consider impact of databases upon privacy (S & Marper v UK)
Only 5 of 46 databases reviewed met these standards
Privacy-friendly e-government
Privacy Impact Assessments are needed much earlier in policy cycle, and include ECHR compliance checks
Sensitive personal information should be kept on local systems and shared only with the subject’s consent or for a specific lawful purpose
Final thoughts
The UK is a model for how not to do e-government, as the ECtHR is recognising
It is dangerous to allow these large centralised databases to proceed in the hope they will later be ruled illegal
Governments need to build privacy into systems by design at a much earlier stage
