Author Archives: Josephine Suherman-Bailey

Josephine Suherman-Bailey

About Josephine Suherman-Bailey

Josephine is a Policy Analyst at Involve. She supports Involve's work on the UK Open Government Partnership civil society network and Sciencewise. She is especially interested in opening up decision-making to those who might otherwise struggle to be heard by policy-makers.

Update on the Quality Assurance Group

The Cabinet Office decided to open up the government’s analysis of the responses to the Better use of data in government consultation to external review. To carry out this review, Involve has established a Consultation Quality Assurance Group and a quality assurance process under which the review will be carried out.

We are pleased to announce that we received ten nominations to sit on the Quality Assurance Group, and accepted eight of those nominations.  We based selection on the criteria outlined in the Terms of Reference, in particular that nominees:

  1. could demonstrate a strong commitment to the OPM process and have attended at least one of the OPM events;
  2. have sufficient expertise to be able to contribute fully to one or more of the proposals or cross-cutting themes that arise;
  3. work for a recognised civil society or academic organisation.

Below are the names of the eight members of the Quality Assurance Group:

  1. Edgar Whitley, London School of Economic and Political Science
  2. Claudia Pagliari, University of Edinburgh
  3. Roeland Beerten, Royal Statistical Society
  4. Professor Matthew Woollard, UK Data Archive
  5. Javier Ruiz Diaz, Open Rights Group
  6. Vanessa Cuthill, Economic and Social Research Council
  7. Daniel Nesbitt, Big Brother Watch
  8. Kieron O’Hara, University of Southampton

Workshop registrations

Below is a list of all the organisations who registered to attend one or more of the workshops:

Amber Hawk
Association of Medical Research Councils
Bank of England
BCS, The Chartered Institute for IT
Big Brother Watch
BOND
British Library
Cambridge University
Catch 22
Centre of Excellence for Information Sharing
Childrens Society
Citizens Advice
Data for Policy conference, Cambridge University
Data Talk
Defence Science and Technology Laboratory
Demographic Decisions
Department for Business, Innovation and Skills
Department of Population Health, Oxford University
Department of Public Health, Oxford University
Economic and Social Research Council
Edinburgh University
Electronics and Computer Science, Southampton University
Energy UK
Essex University
Faculty of Law, Oxford University
Faculty of Law, University of Oxford
Greater London Authority
HACT
HM Courts and Tribunals Service
Homeless Link
Informatica
Information Commissioners Office
Institute of Education
KPMG
LB Redbridge
Leicester City Council
Leicester University
Leicestershire Partnership NHS Trust
London School of Economics
Magnet Solutions
My Dex
National Council for Voluntary Organisations
New Philanthropy Capital
Newcastle City Council
Newcastle University
nPower
Nuffield Foundation
Office for National Statistics
Open Corporates
Open Data Institute
Open Data Services Co-operative
Open Rights Group
Optical Confederation
Parliamentary and Health Service Ombudsman
Practical Participation
Princes Trust
Pro Bono Economics
Royal Society
Royal Statistical Society
Somerset Council
Southampton University
St Basils
Swansea University
Telecommunicaitions UK Fraud Forum
University College London
University of Essex
Valuation Office Agency
Vivas Ltd
Warwick University
Wellcome Trust
Which?

Data sharing consultation workshop I | 22 March 2016 | Meeting note

1100-1500

1 Horse Guards Road, London SW1A 2HQ

The following notes are a complete record of the comments and questions raised during group work at the above session. They are intended to be a faithful record of discussions in the spirit of open policy-making, and we have not provided a commentary or response to comments or questions at this stage. We are very grateful for all attendees for their participation (including those who volunteered to facilitate discussions or to be designated note-takers), and for the useful input that they have provided as a result. Whilst all comments will be carefully studied and used to inform our thinking, the content that has been summarised here does not commit us to recommending any particular course of action.

Where it is felt that a particular comment or question might need clarifying, we have added a suggestion in square brackets “[ ].”

 

 

Introduction

Simon Burall, Director of Involve, welcomed attendees and explained how the session would work and set out the key principles which attendees would be asked to adhere to, such as openness, allowing all opinions to be heard and maintaining the spirit of collaboration that has been present throughout the OPM process.

Sue Bateman, Deputy Director of Data Access Policy Team in Cabinet Office, provided a recap of the OPM work carried out to arrive at this point in the public consultation process. Sue explained that the aim of the session was to explore in more detail the purposes and constraints of the proposed powers and make the details of these discussions available to help inform public responses to the consultation.

Public Service Delivery

Presentations were given by respective policy leads on the following subjects:

Public Service Delivery, including Fuel Poverty (Firoze Salim), and Civil Registration (John Duffy).

Group discussions – Public Service Delivery power

The meeting then divided into table discussions on questions relating to the Public Service Delivery power. A summary of these discussions against questions agreed with Involve (added here for reference) follows:

Discussion point 1: Do you agree with the power being used for these objectives?

(a)        ­ identifying individuals or households who face multiple disadvantages and enabling the public services to be provided to such individuals and households to be tailored to their needs, and

(b)        ­ reducing the energy costs of, or improving the health or well-being of, people living in fuel poverty.

Responses may be grouped around the following themes:

Purposes/Scope

  • Are we identifying individuals or households? How do we define households, and should this be made clearer?
  • Will the powers only be used for the two purposes stated?
  • Is the criterion of “multiple disadvantages” required before these powers can be used? (Could the scope be widened? At present it is focussed on the disadvantaged and vulnerable.)
  • Will powers be sufficient to allow future data sharing needed for other purposes? (Some attendees not happy that it has been limited in this way.)
  • How permissive should these powers be?
  • Power should not be used to the detriment of the individual.
  • Is this bold enough to tackle the caution that some organisations demonstrate towards sharing data?
  • Who will decide what is allowable under the permissive power?
  • What is an appropriate share?
  • How broad should these powers be – broad enough to support multi-agency work whilst constrained to prevent widening of power to include unnamed organisations/purposes?
  • “In general objectives seem reasonable but detail is important”
  • The objectives do not clarify how the Bill relates to other powers

Safeguards and assurance

  • The public would recognise the good in data being collected for two purposes. (the individuals concerned might not want it shared.)
  • How would “improving the health..of people” be measured?
  • Safeguards will be required to protect health data and other sensitive information; what additional safeguards will be in place?
  • Will policy people have more data than researchers? [Presumably this refers to the fact that under the de-identified data proposals researchers would access aggregated datasets without personal identifiers.]

Links between powers

  • If as a result of a share under this power, a fraud issue is identified, can data collected for Public Service Delivery purposes be shared? (Data shared for PSD is collected for those purposes only)

Discussion point 2: The proposed powers do not permit disclosure of the information by the person or anyone else who has received it directly or indirectly from that person for purposes other than the listed objectives. Anyone who contravenes this will be guilty of criminal offence and on conviction be liable to being imprisoned, fined, or both. Do you have any views on these sanctions?

(5)        ­ A person who is guilty of an offence under subsection (3) is liable on conviction on indictment to imprisonment for a term not exceeding two years, to a fine or to both.

(6)        ­ A person who is guilty of an offence under subsection (3) is liable on summary conviction —

(a)        ­ in England and Wales, to imprisonment for a term not exceeding 12 months, to a fine or to both;

(b)        ­ in Scotland, to imprisonment for a term not exceeding 12 months, to a fine not exceeding the statutory maximum or to both;

(c)        ­ in Northern Ireland, to imprisonment for a term not exceeding 6 months, to a fine not exceeding the statutory maximum or to both.

  • Could restrict willingness to share data
  • The same sanctions may not be appropriate for all datasets
  • Custodial sanctions are necessary to boost public trust, they must be seen to have ‘teeth’ to protect individuals
  • Individuals should be protected by an opt-out
  • These sanctions go further (in terms of sentence maxima) than the DPA. There are potential inconsistencies with enforcement of the power compared with the ICO’s enforcement of the DPA.
  • If private companies are included within scope of power (they are currently excluded but there is a question about their inclusion in the consultation paper), these sanctions may not be stringent enough
  • A clear code of practice will help third parties
  • How does individual accountability occur within a public organisation?
  • What happens when an organisation is culpable, e.g. how do you take a local authority to court?
  • Sanctions already exist for some organisations (e.g. Ofgen). How would that fit with proposed new sanctions?
  • “Consistency is important – and these appear to be consistent”

Discussion point 3: There are instances where disclosure of information received under the power is permitted (listed below). Do you have views on these conditions?

(a)        ­ which is required or permitted by any enactment (including section 1),

(b)        ­ which is required by an EU obligation,

(c)        ­ which is made in pursuance of an order of the court,

(d)        ­ of information which has already lawfully been made available to the public,

(e)        ­ which is made for the purposes of a criminal investigation (whether or not in the United Kingdom),

(f)        ­ which is made for the purposes of legal proceedings (whether civil or criminal and whether or not in the United Kingdom),

(g)        ­ which is made with the consent of the person to whom it relates, or

(h)        ­ which is made for the purposes of —

(i)         ­ saving life,

(ii)        ­ safeguarding vulnerable adults or children,

(iii)       ­ responding to an emergency, or

(iv)       ­ protecting national security.

  • How are we defining “saving lives,” as an emergency-only situation or towards data shares aimed at preventing deaths (Such as work being carried out by FRS and NHS, or medical research)?Is this too broad?
  • Similarly, how are we defining “vulnerable adults or children”?
  • Who arbitrates where the meaning of criteria, e.g. “national security” is disputed/unclear?
  • “Any enactment” or EU obligation is very vague
  • Could there be a requirement for future monitoring/review of the legislation?
  • Nothing about the length of time covered [possibly asking whether there should be duty to review power?]

Discussion point 4: The proposed power includes the ability for the relevant Minister to add or modify objectives as long as it meets certain conditions (listed below). Do you have views on these conditions?

(4) The condition in this subsection is that the objective has as its purpose —

(a) the improvement or targeting of a public service provided to individuals of a particular description, or

(b) the facilitation of the provision of a benefit (whether or not financial) to individuals of a particular description.

(5) The condition in this subsection is that the objective has as its purpose the improvement of the well-being of individuals of a particular description.

(6) The reference in subsection (5) to the well-being of individuals includes —

(a) their physical and mental health and emotional well-being,

(b) the contribution made by them to society, and

(c) their social and economic well-being.

  • These objectives are potentially very wide in their definition, some feel that they are too wide and that the power is set out unnecessarily broadly without sufficient constraints
  • Is this more about policy intent than effects?
  • In whose opinion is “well being” defined?
  • How is “contribution…to society” defined? Needs consideration
  • Need to be clear about specific objectives when setting out the details of how this would be used operationally (e.g. given the earlier point about not being used for the detriment of individuals).
  • Would individuals give consent to data share if they were asked (perhaps a good test?)
  • “There should be a presumption to share by public authorities”
  • There are some circumstances where data should not be linked [does not specify what they are]
  • If more objectives are added, will the original objectives be removed?
  • Checks and balances are required to assuage public concerns
  • Affirmative resolution will be required in Parliament – will this cause significant delays to public authorities accessing data in order to deal with the problem/issue that they need it for?

Discussion point 5: The proposal as it currently stands is to define public authority so that it excludes non-public sector organisations (such as charities and private bodies) who fulfil a public function to a public authority. The consultation paper asks the question whether the scope of the power should be broadened to cover such bodies. Do you have any views on whether the scope should be extended?  

(3)        ­ A person is not a public authority for the purposes of this Part if, apart from this subsection, the person would be a public authority for those purposes merely because the person exercises functions on behalf of another public authority.
  • Why disclose information to a non-public body? Given broad scope of power some caution required when sharing data with private sector?
  • It should be recognised that charities and private bodies already carry out some functions for the public sector
  • On a similar theme, the scope of the power needs to be broad enough and be adaptable to changes to the status of public bodies, etc. Extending the power to (private sector) service providers could come with requirement for consent [of individuals or data holder/] before making onward disclosure
  • Need more clarity as to why some parts of the data sharing work exclude private/third sector
  • Does not account for safeguards that are in place
  •  Can a broader version of the fuel poverty proposal be used?

Fuel Poverty

Discussion point 6: Should the Government share information with non-public sector organisations as proposed for the sole purpose of providing assistance to citizens living in fuel poverty or for any other reason?

  • “This proposal makes sense”
  • “Its purposes should be extended beyond fuel poverty (although it is not clear what other purposes should be included)”
  • “Warm Home Discount is acceptable as a purpose but extending scope of power would be an issue”
  • Depends what “any other reason” might include
  • “Clauses need to be tightly drafted to prevent broader use, e.g. using data to target other households in that area.”
  • How are we defining “citizen” – does this include groups of citizens?

Discussion point 7: Would the provision of energy bill rebates, alongside information about energy efficiency support, be appropriate forms of assistance to citizens living in fuel poverty?

  • “Yes they would be appropriate forms of assistance”
  • “Free energy efficiency surveys would be acceptable but should not be used beyond that.”
  • If they are provided this information, could fuel companies use this to select/deselect customers?

Civil Registration

Discussion point 8: The proposed power would allow civil registration officials to disclose civil registration information with specified public authorities and other civil registration officials to exercise one or more of their functions. Do you have any views?

(1)        ­ A civil registration official may, subject to this section, disclose any information held in connection with any of the official’s functions to —

(a)        ­ a specified public authority (see section 2), or

(b)        ­ any other civil registration official.

(2)        ­ A civil registration official may disclose information under this section only if the official is satisfied that the authority or civil registration official to whom it is disclosed (the “recipient”) requires the information to enable the recipient to exercise one or more of the recipient’s functions.

  • “Broadly happy with the powers”
  • Are we broadening the meaning of “public bodies”? [As a question number was not recorded, it was not clear where this comment should be placed. This appears to be the most likely discussion point for it to be placed.]
  • Some of this information (e.g. death records) is useful for research purposes. Would researchers be able to access this information through this route?

Discussion point 9: It is proposed that any  express restrictions placed on the data through other  legislation will not be overridden by this power. Do you have any views?

(4)        ­ The power to disclose information under this section is subject to any express restriction on disclosure imposed by another enactment (ignoring any restriction which allows disclosure if authorised by an enactment).
  • Some issues over consistency – this wording appears to place restrictions on sharing data in a way that the Public Service Delivery power does not.

Discussion Point 10:  Is it considered appropriate to include controls as part of a Code of Practice instead of criminal sanctions given that Misconduct in Public Office offences would act to safeguard any deliberate misuse of data. Do you have any views?

  • Sanctions could help improve public trust in the process
  • Would outcomes/sanctions be published?
  • Who governs the Code of Practice, and is this a strong enough safeguard?

General comments (applicable to all three proposals)

  • What happens if (inputting) errors that are made in one dataset are duplicated as a result of the data share? Would they be reversible, and would there be any sanctions?
  • We need clarity about whether “personal information” would be correct wording, e.g. would it include house type
  • Punitive sanctions may discourage smaller third parties for using data

Fraud and Debt powers

There followed two short presentations on the Fraud proposals (Graeme Thomson) and the Debt proposals (Naomi Hunter)

Fraud powers

Discussion point 11: A definition of fraud is set out in the illustrative clauses. Do you have any views?

(2)        ­ In this section “fraud against a public authority” means an offence under section 1 of the Fraud Act 2006 which involves —

(a)        ­ loss to a public authority, or

(b)        ­ the exposure of a public authority to a risk of loss.

(3)        ­ In subsection (2) “loss” has the same meaning as in the Fraud Act 2006 (see section 5 of that Act).

  • At least one table happy with definition of fraud
  • Fraud Act 2006 extends to England and Wales only
  • There was some discussion about how this might be applied to devolved administrations
  • If fraud is discovered to be occurring in a public authority that is not part of a given data share, would there be a legal duty on those who are in the share to inform that authority?
  • Do these proposals cover non-monetised services?
  • Do they apply to companies as well as individuals?
  • Clause 4 (a) and (b) are possibly too broad and disproportionate as currently worded
  • Is there an inconsistency between scope of Clause 2 (which implies that fraud hs already taken place, and Clause, which includes the purposes of detection and prevention
  • No mention of “Error,” it may not be intentional fraud, could be an error on the part of a local authority

Discussion point 12: The purpose of the power is defined as taking action in connection with fraud against a public authority. The illustrative clauses provides a definition of such actions (set out below). Do you have any views on the definition?

(4)        ­ The reference in subsection (1) to taking action in connection with fraud against a public authority includes any of the following —

(a)        ­ preventing fraud of that kind;

(b)        ­ detecting fraud of that kind;

(c)        ­ investigating fraud of that kind;

(d)        ­ prosecuting fraud of that kind;

(e)        ­ bringing civil proceedings as a result of fraud of that kind;

(f)        ­ taking administrative action as a result of fraud of that kind.

  • At least one table agreed that this looked reasonable
  • Is there a danger of scope creep here? We need to identify how great the risk of fraud is to the public sector first

Debt powers

Discussion point 13: The illustrative clauses for the purpose of the proposed powers provides a definition of debt. Do you have any views?

(1) A specified person may disclose information held by the person in connection with any of the person’s functions to another specified person for the purposes of the taking of action in connection with debt owed to a specified person or to the Crown.

(2) For the purposes of this section debt is owed to a specified person or to the Crown if—

(a) a person is required to pay a sum of money to a specified person or to the Crown, and

(b) all or part of that sum remains unpaid after the date on which, or after the end of the period within which, it is required to be paid.

  • Do we need to define the purpose/benefit of this power more in the legislation?
  • Issue is sometimes one of losing contact with the individual, e.g. in the case of student loans, the individual may not be in debt but need to be able to check this.
  • It would be useful to explain meaning of “debt to the Crown”
  • Is this more controversial than fraud – is data going to be shared to obtain money from me?
  • Is a “person” here defined as a specific person or an organisation?
  • Does this apply to public authorities or to private bodies?

Discussion point 14:  The purpose of the power is defined as taking action in connection with debt owed to a specified person or to the Crown. The illustrative clauses provides a definition of such actions (set out below). Do you have any views on the definition?

(a) identifying debt of that kind;

(b) collecting debt of that kind;

(c) bringing civil proceedings as a result of debt of that kind;

(d) taking administrative action as a result of debt of that kind.

  • Is it a realistic proposal if a number of public authorities are involved? How will it work in practice, who leads etc?
  • Criteria (d) felt possibly to be too broad, although “administrative action” tightens this
  • Is there a requirement for transparency, e.g. to measure effectiveness of this power?
  • Is there a threshold for the size of debt to be recovered in order for this power to apply?

Issues relating to both fraud and debt proposals

Discussion point 15: The proposed powers do not permit disclosure of the information by the person or anyone else who has received it directly or indirectly from that person for purposes other than the listed purposes. Anyone who contravenes this will be guilty of criminal offence and on conviction be liable to being imprisoned, fined, or both. Do you have any views on these sanctions?

(5)        ­ A person who is guilty of an offence under subsection (3) is liable on conviction on indictment to imprisonment for a term not exceeding two years, to a fine or to both.

(6)        ­ A person who is guilty of an offence under subsection (3) is liable on summary conviction —

(a)        ­ in England and Wales, to imprisonment for a term not exceeding 12 months, to a fine or to both;

(b)        ­ in Scotland, to imprisonment for a term not exceeding 12 months, to a fine not exceeding the statutory maximum or to both;

(c)        ­ in Northern Ireland, to imprisonment for a term not exceeding 6 months, to a fine not exceeding the statutory maximum or to both.

  • These sanctions are standard for HMRC
  • Sanctions should be strong as the power has a strong financial component?
  • Should the deployment of sanctions be preceded by a warning?
  • Why do these sanctions differ from those under Civil Registration powers?
  • Safeguards need to cover private bodies who might disclose/access data under this power
  • Can personal data be onwardly disclosed if used for the same purpose? How is it controlled?
  • These sanctions are consistent with the previous section but not DPA
  • Who is responsible for enforcement, and what is the process?
  • “The relevant Minister” does not suggest independence of process
  • Sanctions should be applied proportionately
  • Incentives for smaller organisations to comply?

Discussion point 16: It is proposed that the power be reviewed after an agreed period of time to determine whether it should be amended or repealed.

  • Do you have any views on what would be a suitable length of time for the gateway to be active before this review is carried out?
  • Do you have any views on who the Minister should consult when carrying out the review?
(1)        ­ As soon as is reasonably practicable after the end of three years beginning with the day on which this Part comes into force, the relevant Minister must review its operation for the purposes of deciding whether it should be amended or repealed.

(2)        ­ Before carrying out the review the relevant Minister must publish the criteria by reference to which that determination will be made.

(3)        ­ In carrying out the review the relevant Minister must consult —

(a)        ­ the Information Commissioner, and

(b)        ­ such other persons as the relevant Minister thinks appropriate.

(4)        ­ Once the review is completed the relevant Minister must —

(a)        ­ publish a report on its outcome, and

(b)        ­ lay a copy of the report before Parliament.

(5)        ­ If as a result of the review the relevant Minister decides that this Part should be amended or repealed, the relevant Minister may by regulations amend or repeal it (as the case may be).

  • Legislation to be reviewed after 3 years to ascertain that it is required, i.e. that the problem is indeed legal
  • Is 3 years long enough for the whole process to be demonstrably effective?
  • Is 3 years too long?
  • Who is “the relevant Minister”? Should it be someone more independent?
  • Who should they consult? Should this requirement include bodies already in the schedule to canvass their views on its efficacy? Should it include debtors’ representatives?
  • Will the Minister be obliged to take into account the findings of his consultation?
  • Civil society groups not specified to keep power future-proofed
  • Is there a requirement for transparency, to state who is sharing data with who, so that data source can vet service
  • Process and protections could be checked if consent was required for onward disclosure
  • How are the public assured that the authorities in the schedule are competent to carry out their functions under this power?
  • The Code of Practice will need to set expectations on the bodies covered in the Schedule (arms-length agencies etc)
  • Review of power should use open methodology on a continuous basis
  • Why piloting for Fraud and Debt but not other powers?
  • Standards required for processing and destroying of datasets over time, compliance with DPA principles etc

Discussion point 17: It is proposed that the scope of the power covers non-public sector organisations who fulfil public functions to a public authority. Disclosure of information will be strictly limited to the functions that the organisation exercises in taking action in connection with fraud against a public authority. Do you have any views?

(6)        ­ In the case of a person (“P”) who is within the Schedule merely because of providing services to another specified person, the reference in subsection (1) to the functions of a specified person is limited to the functions P exercises for that purpose.
  • Should the power extend beyond the public sector?
  • Schedule will set out who may access data under this power
  • Data is only shared for those specific purposes set out in DSP 13
  • Should power be consolidated with public service power?
  • What is risk of data being used for other purposes?
  • Consent will need to be re-sought over time [It is not clear whether this refers to consent of individuals, data holding authorities, or both]

Research and statistics proposals

Simon Meats gave a short presentation on the proposals for sharing de-identified data for research purposes. Ross Young then presented on the proposals for UKSA to access identified data for the purpose of prducing national and official statistics.

De-identified data for research purposes

Discussion point 18: The illustrative clauses defines the instances in which the proposed powers can be used by a public authority. Do you have views on how the purpose has been defined?

(1)        ­ This section applies to a public authority if —

(a)        ­ the authority holds information in the form of a dataset,

(b)        ­ the dataset contains information which directly identifies one or more persons, and

(c)        ­ the authority thinks the information in the dataset would, if combined with information in one or more other datasets held by one or more other persons, produce information which would be useful for the purposes of research which is in the public interest.

(2)        ­ The public authority may supply —

(a)        ­ the information by reference to which the person or persons are identified to an accredited indexer, and

(b)        ­ a de-identified dataset created from the dataset mentioned in subsection (1)(b) to an accredited access facility for the accredited access facility to exercise the functions in subsection (4).

  • Provides flexibility in the spirit of the DPA and also provides legal clarity
  • Is there a better way of setting out the purpose/process
  • “Pleased to see changes in the consultation paper allowing a public authority to be both the data provider and secure access facility
  • Re fees charging – some views from data holding departments that it is possible to calculate costs of making data available
  • What if information is held, but not as a dataset?
  • How are we defining “dataset”? What is the definition of this? Prefer “electronically held data.”
  • Re 1(c) – the use of the word “thinks” is odd, needs to be worded more positively
  • Does this place restrictions on existing facilities with existing processes and established teams for de-identification?
  • Why not simply have regard to the ICO’s Code of Practice on Anonymisation, rather than re-define something that is already defined?
  • We need a definition for research (purpose/statement/in public interest)

Discussion point 19: The de-identification process is set out in the illustrative clauses. Do you have any views about how it is described?

  • “This is acceptable provided terminology does not inadvertently restrict/exclude current practice”
  • Can we “future-proof” it more?
  • Can we take out the details of the specified process (Clause 1) and instead set out criteria/conditions that can be met?
  • Need to be careful and consistent in referring to “data” versus “information”
  • The UKSA needs to be clear about its role as accreditor and transparent about the purposes of the research undertaken under this power
  • Does this power make composite datasets (in other strands) accessible?

Discussion point 20: To allow the power to be kept up-to-date with new de-identification methods, the illustrative clauses allow the relevant Minister to modify or include additional procedures by regulations. Any changes will need to adhere to key parts of the de-identification process. Do you have any views on this power to amend the procedure?

  • “This is acceptable provided terminology does not inadvertently restrict/exclude current practice”
  • Who is the relevant Minister? Should it include departmental Ministers as well as MCO?
(3)        ­ Any procedure for which provision is made by virtue of subsection (1) must —

(a)        ­ enable the creation of information using a dataset held by a public authority and one or more other datasets held by one or more other persons,

(b)        ­ enable the information that is created to be supplied only for accredited research purposes,

(c)        ­ ensure that, where the datasets contain information that directly identifies a person (“identity information”), the identity information is removed before the information is supplied, and

(d)        ­ involve a person or persons who are accredited in the removal of identity information, the creation of information for supply and the supply of that information.

(4)        ­ Regulations under subsection (1) must have the effect that —

(a)        ­ section 2 applies in relation to the supply of information under a procedure for which provision is made by virtue of subsection (1),

(b)        ­ sections 3 and 4 apply in relation to personal information supplied under that procedure,

(c)        ­ section 5 applies in relation to the accreditation of persons and research for the purposes of that procedure, and

(d)        ­ section 6 applies in relation to the resulting functions of the Statistics Board.

  • Should requirements for accreditation for researchers, or at least the broad principles, be published?

UKSA access to identified data for the purpose of producing national and official statistics

Discussion point 21: Under the proposed power, the Board can only request information via a notice if it enables the Board to exercise its functions (as set out in the Statistics and Registration Service Act). Do you have any views?

(7)        ­ The Board may give a notice under subsection (1) only if the Board requires the information to which the notice relates to enable it to exercise one or more of its functions.
  • Is there a commitment to transparency? Will the notices be made public?

Discussion point 22: Under the proposed powers public authorities and undertakings do not have to comply to a notice to provide information if compliance would result in certain outcomes. Do you have any views?

(10)      ­ But the public authority need not comply with the notice if compliance —

(a)        ­ might prejudice national security,

(b)        ­ would contravene the Data Protection Act 1998, or

(c)        ­ would be prohibited by Part 1 of the Regulation of Investigatory Powers Act 2000.

  • Mandation is inconsistent with other proposed data measures
  • What about a cost recovery mechanism?
  • As a general comment, how do we guarantee data quality?

Discussion point 23: Under the proposed power, the UKSA can only use information received as a result of issuing a notice for the purpose of one or more of its functions. Furthermore, consent from the disclosing body is required where the Board wishes to to use the information for the purpose of its statistical services. Do you have any views?

(1)        ­ Information disclosed pursuant to a notice under section 45B or 45C may only be used by the Board for the purposes of any one or more of its functions.

(2)        ­ Information disclosed pursuant to a notice under section 45B or 45C may not be used by the Board for the purposes of its function under section 22 (statistical services) except with the consent of the person who disclosed the information.

Discussion point 24: Under the proposed power, the Board must publish a statement setting out how the procedures under the powers will be exercised. Do you have any views?

(5)        ­ The Board must prepare and publish a statement of —

(a)        ­ the principles to which it will have regard in exercising its functions under section 45B or 45C, and

(b)        ­ the procedures which it will adopt in exercising those functions.

  • This is similar in approach to current codes of practice
  • Data accessed by UKSA is not available to data providers – “a missed opportunity?”
  • Explicit consent for onward disclosure should also be in other proposed powers

General comments on Research and Statistics

  • “Consistency of sanctions is good”
  • We need consistency in approach to disclosure
  • Data access has been complicated by fragmentation/privatisation
  • Data quality is important and is not mentioned much
  • Implementation – are the processes/knowledge/will there to make this work\/
  • Work is needed to support legislation is educating officials to give them the confidence to use data
  • Proportionality is important, there seems to be an emphasis on big data, whilst some organisations, e.g. local authorities often need to share data in small volumes
  • “Allow data accessed by Fraud and Debt purposes be then de-identified and used for research purposes”
  • Bill should enshrine transparency needs

Wrap-up

The main meeting ended with closing remarks from Simon Burall and Sue Bateman, including a reminder that the second session will be held on Monday 11th April.

Terms of Reference for the Quality Assurance Group which will monitor/audit consultation responses

Some delegates remained to meet on this issue in a discussion chaired by Simon Burall.

The meeting closed at 1500.

Invitation to data sharing consultation workshop, Monday 11 April 2016

The Cabinet Office is running two workshops facilitated by Involve to feed into the Cabinet Office’s ‘Better use of data in government’ consultation, which opened on 29 February and closes on 22 April 2016. The first of these workshops took place on 22 March. The notes from this workshop, which examined the Cabinet Office’s policy proposals in detail, will be available on the data sharing website shortly. The second of these workshops will take place on 11 April. Please note that it is not necessary to have attended the first workshop to attend this second workshop.

This workshop on 11 April will provide an opportunity for the Cabinet Office to draw on the expertise and knowledge of the network, focusing on the development of principles and codes of practice that will support the proposed powers on: Public Service Delivery; Fraud and Debt; and Research and Statistics. The workshop will also provide an opportunity to raise any other issues on the proposals that you think should be considered. We will be circulating more materials for this workshop prior to the event. Register to attend this workshop here: http://www.eventbrite.co.uk/e/data-sharing-consultation-workshop-ii-tickets-24254138782 

While they will not constitute a formal response to the consultation, the workshops are part of the ongoing open policy making process intended to inform thinking.

Invitation to data sharing consultation workshop, Tuesday 22 March 2016

The Cabinet Office will be running two workshops facilitated by Involve to feed into the Cabinet Office’s ‘Better use of data in government’ consultation, which opened on 29 February and closes on 22 April 2016:

Workshop 1 (22 March)
– Workshop 2 (11 April)

The first workshop on 22 March will provide an opportunity for the Cabinet Office to draw on the expertise and knowledge of the network about the detail of the proposals, focusing on the constraints on powers specified in primary legislation and consistency between the three strands of proposals: Public Service Delivery; Fraud and Debt; and Research and Statistics. We will be circulating an outline agenda and more materials for this event in the next few days. Register to attend this workshop here: https://www.eventbrite.co.uk/e/data-sharing-consultation-workshop-i-tickets-23103346732

The second workshop on 11 April will focus on the codes of practice that will sit alongside the powers, and will also provide an opportunity for those taking part to raise any other significant issues that they think are important for the Cabinet Office to hear. Details of venue and timings for 11 April workshop TBC. A separate Eventbrite page will be set up for 11 April workshop.

While they will not constitute a formal response to the consultation, the workshops are part of the ongoing open policy making process intended to inform thinking.

 

Hold the date: data sharing consultation sessions, 22 March and 11 April

The Cabinet Office will be running two workshops facilitated by Involve to feed into the Cabinet Office’s ‘Better use of data in government’ consultation, which opened on 29 February and closes on 22 April 2016.
While they will not constitute a formal response to the consultation, the workshops are part of the ongoing open policy making process intended to inform thinking. They will provide the opportunity to explore the detail of the proposals, focusing on the constraints on powers specified in primary legislation and the supporting guidance.
Please hold Tuesday 22nd March and Monday 11th April 2016 in your diaries for the consultation sessions. More details will follow shortly.

A message from Cabinet Office on the “Better Use of Data” Consultation Launch

We are grateful for your involvement during the extensive open policy-making process on improving public authority access to data for the purposes of improving public service delivery, tackling fraud and debt, and supporting research and statistics. We are pleased to announce that the proposals developed through the open policy-making process have now been published and is now open to public consultation. The consultation document and accompanying illustrative clauses and consultation stage impact assessments can be found at:
We are encouraging views from as wide range of people (and organisations) as possible. Please do take the time to review and share the link with anyone who may have an interest in these issues. The closing date for responses is c.o.p. April 22nd.

Supplementary Data Sharing Workshop: General Registrars Office proposal | 15 January 2016 | Meeting note

When: 10:30-12:00, 15 January 2016

Where: Conference Room B, 70 Whitehall, London, SW1A 2HQ

Agenda

Session Info/details to cover
Welcome and introductions

 

Purpose of the session:

Recap of discussion from 6th and what we want to cover today

Quick recap of “principles” for discussion

 

Presentation of General Register Office Proposals (John Duffy)

 

Presentation of the proposals, including areas that were not comprehensively covered in the session on the 6th.

 

High level Q&A

 

General questions of clarification on the presentation.
Discussion of GRO proposals Discussion of the proposals in smaller groups
Plenary Discussion of proposals Groups to report back to the room on their discussions
Wrap-up and close.

 

Wrap up and forward look

Introduction from Sue Bateman, Cabinet Office who acted as facilitator, in the place of Involve.

This session was additional to the 6th of Jan and 19th of Jan sessions, to look more closely at the GRO proposals.

A Re-cap of the meeting on the 6th, which covered the main OPM strands of Research and Statistics, Fraud and Tailored Public Services, which garnered support for further development. We also discussed revised proposals on Identified Data and Debt and new proposals from DECC and GRO.

A number of comments were generated in discussion, some of which were incorporated into the pack that was circulated on 14th January; there are some that will require further exploration.

One of the main points we took away from the session on the GRO proposals was a lack of time to get into any of the details and some concerns expressed by a few people that this power would lead inadvertently to a national ID database that we wanted to discuss as a clear principle of the OPM is to avoid the creation of such databases.

This (GRO) session was run to give the opportunity to ask questions and have a more detailed discussion – these will inform the considerations around this policy area and how it fits into the package being proposed and the advice being given to the minister. A note of the meeting will go to the whole OPM group.

The OPM principles were covered as a way of framing the discussions:

Transparency – non-attributed comments but everything will be written up and made available.

Accessibility – everyone is open to engage if they have interest.

Collaboration – constructively participating in the process, there is no expectation of reaching consensus as an outcome but to know where the areas of broad agreement lie is an aim.

John Duffy presentation:

Civil Registration in England and Wales sits within a local authority framework and records are held centrally.

Slide 1 – Civil Registration is where someone goes to their local registration office and provide information which is collected and recorded, obtaining a certificate which are used for accessing services from government partners and service providers. Death certificates are required to close bank accounts etc. Certificates have a role and purpose in society, as the information obtained as part of that process.

Currently there is a complex and dated legislative framework that dates back to 1836.

There is a piecemeal data sharing approach taken to share data between departments, where data sharing is not possible, purchasing of records is required.

Slide 2 – The proposal is to introduce a discretionary power to allow civil registration information to be shared with public bodies for the purpose of fulfilling public functions.

The proposals are looking for discretionary information to be shared with public bodies through a gateway. The intention is to ensure complete transparency over what records are held and shared, providing an outline of the policy and the circumstances whereby information can be shared. Information and data will be shared within the public sector, not beyond this.

Slide 3 – The proposals are limited to England and Wales only, there is no intention to change the way civil registration information is currently obtained or held. There is no intention to link up civil registration records or to create a citizen database.

Slide 4 – benefits of the proposals are:

  • Improved customer experience
  • Improved security
  • Enabling public sector transformation
  • Increasing efficiencies across government

Slide 5 – Safeguards – strict adherence to the ICO data sharing code of practice.

Questions of clarification raised in plenary:

Q: For the data sharing powers to have any relevance will the remaining un-digitized records be digitized?

A: There is no funding to do this, so there are constraints.

Q: What do you have?

A: There are a huge number of records, half of which are digitized. Modern records are digitized by default and older records are digitized due to work around genealogy etc.

Q: Could funding be realised to digitize this information?

A: in terms of the records, they are available in different formats that aren’t on a system yet. There is still an ability to share information where possible. This is about enabling transformation across government, and this power would allow the sharing.

Q: What is the volume of the information that will be shared?

A: there is an opportunity for all records to be digitized on a system.

Q: Public authorities – looking at this in the broadest sense, is there any intention to provide this data to other bodies that have a public mandate such as ONS? For help with the census etc.

A: If the bodies are specified and there were affirmative procedures then the data could be shared.

Discussion Session:

Positives

  • For the citizen – partial digitization,
  • Within government – administrative cost savings.
  • Benefits to research/genealogists.
  • Improve protection against ID theft.
  • Could help to make the remaining digitization of paper document happen.
  • Identity fraud and issues around death registration would be improved.
  • Clarifying the legal scenario clear and replete with safeguards.
  • Benefits e.g. ensuring everyone who is eligible for a pension can claim it at the right time.

Concerns/potential issues

  • Handling and comms issues.
  • Patchy digitization.
  • Purpose and necessity as well as proportionality needs to be understood.
  • How will this legislation fit with DPA and future protection legislation without ‘trumping’ it?
  • Potential unintended consequences of onward disclosure between depts.
  • Issue about sharing parts of personal data, how to avoid the mosaic effect.
  • Architectural limitations stopping data being linked, will this always be the case? How do you safeguard against unauthorised disclosure?
  • One thing making an argument for case-by-case sharing, but quite another to talk about bulk data sharing.
  • On the transparency requirement – a public list of records being used would be desirable.
  • Links to Verify programme?
  • Risks around the data sharing, how it would work? What will be in the code of practice?
  • GRO to clarify what type of data sharing would be expected (beyond just a yes/no dichotomy).

Additional Points:

  • In terms of reducing identity theft – this could work if you remove the need for certificates, but with using digital systems this could increase the risk of bulk hacking and fewer, but greater magnitude, of theft.
  • The DPA may not be enough if the legislation removes the principle.
  • Will this process enable the big bulk of records to increase in footprint size?
  • Concrete concern is whether this data could end up inadvertently resulting in a quasi-ID system (i.e. not by design).

Any further questions, please direct to data-sharing@cabinetoffice.gov.uk

Event Attendees:

Silkie Carlo (Liberty)

Javier Ruiz (Open Rights Group)

Frances Pottier (Department for Business, Innovation & Skills)

Sue Bateman (Cabinet Office)

Sam Roberts (Cabinet Office)

Firoze Salim (Cabinet Office)

Simon Meats (Cabinet Office)

Jackie Riley (HMRC)

John McIlwraith (DWP)

Jess Adkins (Cabinet Office)

Daniele Bega (HMRC)

Gillian Unsworth (HM Passport Office)

Amanda Hillman (DWP)

David Knight (Department of Health)

Edgar Whitley (London School of Economics)

Judith Jones (Information Commissioner’s Office)

John Duffy (HM Passport Office)

Data sharing workshop I | 6 January 2016 | Meeting note

Introduction

On 6th January 2016, a plenary meeting was held to review the latest data sharing proposals against the recommendations  of the open policy making (OPM) process to check:

  •      That they fit with the spirit of what was discussed during the year long OPM process.
  •      What could be improved.
  •      Whether there were any aspects of the proposals that crossed any red lines.

The meeting was attended by representatives from privacy groups, civil society organisations and government. The meeting was opened by Rt Hon Minister for the Cabinet Office, Rt Hon Matthew Hancock MP.

 

Minister for Cabinet Office’s introduction

The Minister stated his hope that we can continue this relationship and dialogue which has existed for some time now. The data sharing discussion is vital historically. It is comparable to the printing press, which had huge and unpredictable consequences. The collapse in the cost of storing and transmitting data is having an impact on a similar scale.

The Minister stated that in government, we should be smart and thoughtful about responding to the discussion. We should be harnessing progress whilst at the same time  protecting citizens’ privacy. The DPA works well and there is a broad consensus. But as technology develops, the legal framework needs to continue to be relevant whilst protecting the citizen. There was much progress in the last Parliament on modernising rules. But the rules are significantly out of date in many areas, so we need to update them today. We plan to run a normal consultation, but we also wanted to fully engage the wisdom, insight and collective experience of those in the room.

There are three areas of importance:

  1.    Improving research and statistics.
  2.    Fraud.
  3.    Tailored public services.

At the core core is striking a balance between harnessing the opportunities of data and protecting citizens. Ultimately the Minister does not see this as a trade-off. If we get it right we can improve the way data is used and managed, and make sure citizen protected. He underlined how important this is for the government. The end goal is a system that works better for citizens. It is an exciting new area of policy yet to reach full maturity.

 

Previous OPM proposals: De-identified Data

Simon Meats, Cabinet Office, presented the current version of the proposals for sharing de-identified data for ​the purposes of research and statistics ​(“the de-identified data proposals”)​, part of the set of proposals ​originally explored during the OPM process.

Simon talked through the key areas of agreement that have been covered in the OPM process to date.

​These included:

  • That the power is permissive across all public authorities (with the exceptions of health and social care) to share/link de-identified data for the purposes of research and statistics in the public interest.
  • The use of models of data sharing (recommended by the​ 2012 Administrative Data Taskforce report*) that allow for such cross-linked research to take place whilst maintaining privacy protection for the data subjects by restricting the use of identity data.
  • Oversight through a designated accreditation body for indexers and accredited secure access facilities.

Simon went on to describe how these ​main policy features have​ been reflected in draft legislation. ​There are detailed clauses describing processes in a way that strikes a balance between; transparency and robust legal definition, and flexibility for future -​ proofing. There are also provision for accreditation and commitments to transparency (publishing registers of accredited indexers, access facilities and researchers​, for example).

The modifications that have taken place include:

  • UKSA being named as the accreditation body,
  • Limited delegated power for Minister to amend certain provisions by affirmative process,
  • Unlawful disclosure provision.

The reasons for these modifications are that the UKSA is the only body to fit the criteria agreed through the OPM process, there is a need to ensure legislation can be adapted to cover new processes and that universal protection of data held by all public authorities to share data under this power will provide additional assurance.

The group reflected upon the proposal and were broadly supportive of its inclusion for consultation. The following ​questions​ were raised​:

  • Who adjudicates/arbitrates if a public authority refuses an application to share data under this power​ (i.e. ​​should there be an ombudsman)?
  • What are the potential impacts ​from local authority devolution?
  • What about the effects of organisations leaving the public sector ​ e.g. schools academy programme, with the consequent loss of data sources?
  • ​With reference to implementation – what will/should​ be done to test the robustness of de-identification process​?
  • Is this simply a way of lowering the bar set in s.47 SRSA?

*Improving Access for Research and Policy, December 2012

 

Previous OPM proposals: Tailored Public Services

Jess Adkins, Cabinet Office, presented the Tailored Public Services (TPS) proposals.

Jess described the myriad of legal barriers which impact on the ability of public authorities to share data between them and identify which citizens are eligible for particular services or benefits, ensuring that the right people receive the right intervention or offer, at the right time.

The TPS power is designed to facilitate data sharing where it would directly benefit service recipients, by enabling authorities to better tailor services; as well as protecting privacy by restricting the authorities and the purposes involved in any particular share quite tightly.

The power is also future proofed to meet data sharing needs of public policy delivery as they change over time.

The key elements of the power are:

  • The power is permissive. Data controllers retain the right to say no to a data share,
  • The power is intended to benefit individuals – the purpose of a data share cannot be detrimental to individuals,
  • Only specified public authorities – not private providers – can use the power.

A separate policy paper was developed in the OPM process, bringing together safeguards that were new with those already existing in practice/legislation. Draft clauses reflect where there is a need for new primary legislation, where existing legislation is reflected it will not be mentioned, and where legislation isn’t appropriate the safeguards will be included in the Code of Practice.

The OPM group discussed the proposal, generating several questions:

  • Who makes the decision that the power is being used appropriately?
  • How can you ensure that any data share is for ‘The benefit of citizen(s)’? Conversely, how do you define ‘not to detriment of citizens’?
  • What are the unintended consequences of TPS data sharing? What is the mitigation/solution to this?
  • How does the power work for ‘direct’ (e.g. face-to-face) interventions?
  • What is the rationale behind excluding private companies? How does this work in public/private service partnerships? Can private sector organisations receive data from authorities to provide services with explicit consent?
  • How are data shares communicated transparently to those whose data is being shared?
  • Does this power lead to data segregation within organisations? (e.g. debt recovery teams using data collected by other areas of the department).
  • Would the power overrule departments’ existing data powers and agreements?
  • Does a family count as an individual for the purpose of processing?
  • How can the term ‘beneficial outcome’ be adequately constrained?
  • Will information-sharing orders be used?
  • Is there a statutory bar for information release under FOI?

 

Previous OPM proposals: Fraud

Graeme Thomson, gave a presentation in plenary to explain why this proposal is being re-introduced and outlining the new proposal.

Previously the group had an OPM session which recognised that government faces substantial problem with fraud, and the process for data sharing is very slow and may take up to six years. However, fraud moves very quickly and it takes too long to get the data for it to be useful. Data sharing could be an answer to this. Government dropped the idea of looking at error in addition to debt as it was decided that there would be too much data and too much sharing required to address it.

This proposal is permissive, not mandatory. A business case will be needed to justify sharing, and it will be used to measure success. The proposal allows for pilots to prove that this data sharing is of value, as the previous OPM process asked for this evidence. If the pilots do not prove value within a defined period of time, they will stop. They will publish criteria for measurement and the outcome of what benefit is. There is also the capacity for minister to shut the whole thing down, and there is a review period after three years. An assessment will judge whether it has been successful and if not will shut down.

There will be a code of conduct and if it is breached, the data will be surrendered. If you breach the legislation you can be taken to court, It includes all public authorities including local government. It’s not clear whether it includes the NHS, more discussion is needed on this.

This project will involve the ICO and external civil liberties groups. ICO anticipate a huge number of requests for data and are considered ways of managing it. They will be starting the project with a team in place to implement. The secretariat will be in Cabinet Office.

The groups had some reflections and questions on the revised proposal:

  • More detail is required on the assessment criteria for the pilot, and what the criteria will be for it to be deemed successful after the 3 year period.
  • There were some concerns that three years is not long enough for projects to be established and prove their value.
  • The measurement criteria needs to be set near the start and a support team set up immediately.
  • Will there be a statutory bar for release under FOI?  
  • Transparency of benefits and measurements and transparency of openness and sharing will be vital.
  • How will citizens be protected from false positives, could greater transparency be an answer?

 

New/revised proposals: Identified data for research and statistics

Ross Young, UK Statistics Authority, gave a presentation in plenary to explain why this proposal is being re-introduced and outlining the new proposal.

This proposal is to open up sources of administrative and other data for the Office for National Statistics for the sole purpose of producing aggregate National and other official statistics. Official statistics are a core part of UK’s information and data infrastructure. Everyone needs official statistics ‐ legislators, policy makers, companies, academics, media, the public. The proposal is good for efficiency, improved official statistics and statistical research, and better decision making.

The powers will enable ONS to share data with the statistical functions of the Devolved Administrations while preventing the use of information for any operational purposes, ensuring information is only used for statistical purposes. In terms of safeguards, the UKSA is independent and reports and is accountable directly to Parliament. ONS has strong track record of security and confidentiality of data. They will reinforce rigorous penalties for the misuse of data.

The groups were supportive of the proposals. The groups had some reflections and questions on the revised proposal:

  • There was support for powers to compel disclosure of information – permissive powers may not allow desired outcomes.
  • How to make the difference between de-identified and identified data intelligible to people?
  • How to guarantee quality and standardisation of the data?
  • Greater clarity is required on how the powers to compel businesses will impact global companies based in the UK.
  • Clarification is required on where indemnity lies in the case of a data breach.
  • Will there be an explicit statutory bar on FOI requests and other legal obligations?
  • What type of data is covered?
  • Transparency should be an integral part of this proposal – i.e. the number of data breaches and failures to comply recorded and published.
  • Clarification is required on who meets the cost of the provision of data?
  • Clarification is required on where the permissive power ends and power to compel starts?
  • What does it mean to say that the National Statistician is “consulted” on changes to systems for collecting data? What power does that confer?

 

New/revised proposals: Debt

Naomi Hunter, Cabinet Office, gave a presentation in plenary to explain why this proposal is being re-introduced and outlining the new proposal.

Naomi stated that they are bringing back the proposal for consideration to align with the fraud proposals. There will be the same safeguards, code of conduct and review period process  as the fraud proposals. The objective is to recover money owed to different parts of government under one payment. This is more affordable for debtors and more effective and efficient at recovering debt.

Currently government has powers to share data regarding debt owed. However, the system for accessing it is bureaucratic and neither timely nor practical. The process can take two to six years. The National Audit Office believes that there was £22 billion owed in 2013 which rose this year to £24 billion. Sharing this data can help government to identify the people who can pay and the people who can’t. There will be different responses to those people

When this proposal was considered before, there were a few issues. The OPM group felt that the key purpose was unclear. In response they have defined the purpose as to help people manage their debt better and pay back the money they owe. In addition, the OPM group identified a need for better terminology, and they responded by creating clear and consistent terminology.

Naomi clarified that the Debt Market Integrator (DMI) doesn’t do anything independently that government doesn’t mandate.

The groups had some reflections and questions on the revised proposal.

  • The group felt that not enough detail or clarity was provided on the revised proposal to consider it thoroughly.
  • How is the ownership of shared debt viewed, given that it seems to focus on individual debt?
  • It is unclear whether the legislation will only support a pilot of this project.
  • Are corporations subject to this data sharing or only individuals?
  • Will data be shared with private sector companies such as Experian?
  • Attendees had concerns about the quality of the data being shared and noted that there is a lack of persistent identifier in the data – which may cause issues in relation to projects pertaining to debt.
  • Attendees saw identifiable data elements as a potential red line for citizens.
  • The group felt that debt assessments need to be linked up and that it doesn’t make sense to centralise information.
  • There were concerns about the Debt Market Integrator (DMI). As a joint venture, will government’s position be as the supplier or the customer?

 

New/revised proposals: GRO Civil Registration Data

John Duffy from the General Register Office presented new proposals for the sharing of Civil Registration data.

The data in scope is the registration of all births, stillbirths, adoptions, deaths, marriages and civil partnerships. John explained that the data is governed by a complex and dated legislative framework that dates back to 1836. Civil registration is a devolved function in the UK with Scotland and Northern Ireland having their own registration services.

The General Register Office (GRO) supports the delivery of local registration services that are delivered by 174 local authorities and retains all centralised records – 270m dating back to 1837. Records are held in a variety of formats.  Approximately half are digitised.

Civil registration information is only shared where there are statutory gateways in place.

Current legislative gateways have been built up over time, in a piecemeal manner, in response to individual requests for registration information.  Examples include:

  • Police and Justice Act 2006 – Provides for death registration information to be shared with private bodies for the specific purpose of preventing, detecting and prosecuting fraud offences,
  • Immigration Act 2014 – provides for information to be shared for immigration purposes.

The GRO is aiming to enable wider use of registration data without requiring primary legislation each time a new requirement emerges; remove requirements for paper certificates, therefore reducing the opportunity for fraud in relation to forged certificates; increase the integrity of data across government systems; providing benefits for citizens who would have greater choice over how they access government services

Restrictions on sharing civil registration information within government will continue to be constraining unless additional powers are put in place to extend information sharing.

GRO would benefit from getting to a position where they have:

  • A discretionary power that allows civil registration information to be shared with public bodies for the purpose of fulfilling public functions,
  • Restrictions on sharing information to continue to apply where there are prohibitions – e.g. linking gender recognition records,
  • Secretary of State control over the sharing of GRO data.

It is proposed that a number of safeguards would be introduced, including:

  • Strict adherence to the current UK legal framework including the Data Protection Act and the Human Rights Act,
  • Ministerial notification and agreement on data sharing provisions relating to GRO data,
  • Completion of Impact Assessments, Data Sharing Agreements and Memoranda of Understanding,
  • Adherence to data sharing principles and a developed criteria for considering requests to access information.

The subsequent discussions with the OPM group generated the following questions and comments.

  • Can case study examples be generated?
  • What is the implementation plan when not all GRO data is digitised?
  • Is there a consent element to these proposals?
  • Distinction is required between service and sharing of a dataset.
  • Data is currently openly available but not in bulk.
  • Why is this data only for the public sector?
  • Why is death data not already completely openly available?
  • What’s the purpose of sharing marriage data?
  • There are potential issues around the collection and recording of marriage data.
  • Using this data as a means of verification seems justifiable.
  • Clearer benefit analysis is required to justify the proposals.
  • What does this proposal extend to (birthday, marriages, deaths – anything else)?
  • Will this power be used to:
    • Verify individuals?
    • Nationality/immigration status?
    • Provide access to services?
  • How is it different to National ID? Using the same justification as for Verify.
  • Data is big, complex and nuanced, could this lead to accidentally creating a national database?
  • Is this effectively creating a national register?
    • It’s not centralised and the linkages are not there to create an identity database.

 

New/revised proposals: DECC assistance for fuel poor citizens

Alan Clifford from the Department for Energy and Climate Change (DECC) presented on proposals to expand the automatic provision of direct energy bill support for citizens living in fuel poverty. This type of assistance is currently provided each winter under the Warm Home Discount scheme.

Each winter, approximately 1.4million pensioner households receive an automatic discount off their energy bill. This is possible because energy suppliers can ‘match’ some of their customer records with DWP to identify who is eligible without the customers’ prior consent.

The policy is delivered in a way that:

  • Ensures eligible customers get support automatically.
  • Ensures that vulnerable customers don’t miss-out.
  • Is simple and low-cost to administer, so helps to keep everyone else’s bills down too.

DECC stakeholders from all sectors have called for more use of this type of data matching to facilitate the provision of assistance to fuel poor citizens. It’s tried, tested and demonstrably safe.

Currently many recipients of fuel poverty support are not actually fuel poor, so DECC want a way to prioritise those with the most pressing need – i.e. households in the coldest homes and lowest incomes:

There are already powers (s.131 of the Welfare Reform Act 2012) to extend automatic provision of assistance to some non-pensioner households. This includes recipients of means-tested benefits.

But there are two important gaps:

  • No power to include those on tax credits, which are some of those facing the most severe levels of fuel poverty.
  • No power to use the Government’s housing stock data, which would allow the coldest homes to be prioritised.

The proposed permissive power would enable Government to use HMRC tax credits data, housing stock data (e.g. that held by the Valuation Office Agency), and other relevant public sector datasets. It would dramatically improve the targeting of finite resources, meaning that the Government helps more fuel poor citizens sooner. The power would use the same tried-and-tested approach and safeguards as existing Warm Home Discount (WHD) data matching process.

The discussion raised the following questions:

  • Why does this practice not share attribute data (rather than full data sharing)?
  • Why this specific policy area? What about all the others?
  • What do poverty groups think of this?
  • How would this work with tax credits data (as structured around individuals not households)?
  • What stops energy providers from musing this data for their own purposes (e.g. marketing services to fuel poor customers)?
  • Is there a link to schools and academy data?
  • What will flagging data be used for outside of government? Is there potential for private companies to use it to pitch/market products?
  • What are the red lines/unintended consequences of the data sharing?
  • Are there opt-out mechanisms for the discount?
  • Could this data be used by academia/private sector in a safeguarded environment?
  • In terms of future proofing, if successful is there scope for a private sector role in Tailored Public Service proposals?
  • Safeguards are required to ensure energy companies do not misuse the data – irrespective that the data shared is just a flag as that offers considerable insights to an energy company.

 

Final Plenary session

In the final plenary session the group was posed two questions:

  1.   What do you need from the Cabinet Office to be able to contribute to the 19th January follow up session?
  2.   What’s the overall steer?

Attendees had the following reflections:

  • More detail is needed in advance of the next session.
  • There could be too many proposals now and this is a big risk.
  • Send paperwork in advance. Paperwork should include anything that is being presented on the day, even the material which is already published online. Paperwork should be circulated at least 5 working days in advance.
  • Need a clear definition of safeguards and the details. What exactly will they be?
  • On 19th January need to think of ways to communicate these proposals to the public, and be able to explain clearly what it means in practise.
  • There needs to be greater clarity on how these proposals will actually work: where responsibilities lie and who makes the decisions on data sharing in these proposals.
  • There needs to be greater clarity on the ways in which proposals are different to each other.
  • Should be a greater explanation of the extent to which there have been thoughts about permissions and penalties.
  • Need to know about the transparency across the piece. Will there be something which articulates this clearly?
  • Something like an appendix on the website which defines terminology. Need evidence of consistency as terms are being used inconsistently currently.
  • The narrative on this set of seven proposals is missing. If they’re going to hang together in one consultation, there needs to be a narrative.
  • Need examples. If this legislation passess, what will be possible but what will still not be possible?
  • There needs to be clarity on the very simple questions of what data, to who, why and how
  • There needs to be some consideration of the impacts at local level and the need for training for local staff. This legislation won’t change the problems they have. Don’t want this to come to a grinding halt if the legislation doesn’t go forward.

Attendees requested the email address of one point of contact to email suggestions. Sue Bateman gave her address.