Data fear haunts ID card scheme

idcard.jpgBy Mark Ballard | THE UK government has been warned that it should deal with the risk of data loss from its Identity Card Scheme before it proceeds any further.The latest data warning follows repeated requests from the Information Commissioner’s Office (ICO), the UK data guardian, that the Identity and Passport Service (IPS) conduct a proper assessment of the risks of data loss from the ID Scheme. That advice was ignored and now, in the wake of the HMRC data fiasco, the IPS has been told that it must improve its data standards across the whole of government to avoid data leaks from the ID scheme.

The 2007 report of the Independent Scheme Assurance Panel (pdf), which provides official oversight of the ID Scheme, said yesterday that the data risks were so serious that they needed ministerial direction and that its precautions ought to be transparent because public trust was vital to the scheme’s success.

“The Government’s top priority is the trust people can have in the security and safety of their personal data and central to this is identity data; therefore that is where to start,” said the report.

“There would be benefits to the programme in clearly setting out a rigorous analysis of these risks and the strategies and plans to address them,” it said.

This should be done “across government…in advance of procurement” because the risks of ID data loss would be heightened by the scheme’s integration with people and systems across all government departments.

The risks of ID data loss where therefore not merely a matter of improving the data security of the ID system, it required the government to address data security in all its guises across all levels of government to avoid mishaps like the HMRC’s loss of 25m child benefit records in the post.

This meant considering data risks from the outset, in process design, staff training, governance, monitoring and assurance standards, regulatory constraints and customer advocacy. These were all matters that the ICO became exasperated about last year after its repeated requests for a proper privacy impact assessment of the ID scheme were ignored. The ICO believed data privacy can only be addressed if it is built into the very foundations of a project.

The ISAP said it had been “encouraged” by some initiatives the IPS had started to tackle the data fear. But warned that the issue needed to be addressed more widely.

“Data governance standards and their management for the NIR and its users across Government should be addressed in advance of procurement (and this goes beyond simple data security),” it said.

“This will require change across Government which IPS can specify but which will only succeed with the active participation of each department and agency,” it added.

The IPS published the ISAP report yesterday, the same day it admitted the full rollout of the system would begin up to four years late. It did not say why the scheme had been delayed.

The ISAP had other fundamental reservations about the ID scheme.

The IPS needed to check it could manage the work, or verify that it had the means to handle the “complexity of integrating increasingly interdependent systems across Government”.

It also needed to be clear that there was cross-governmental agreement on how identities would be managed, that they were all using the same technical and procedural standards.

More fundamentally, the IPS still wasn’t clear what its priorities were for the ID system. This is not only recognised as necessary for the smooth implementation of large IT projects, but has been identified by the ICO as one of his concerns regarding the potential for data loss. The IPS also needed to do more to reassure people what it was doing to protect their identity data, including being up front about what its toleration level was for errors.