UK Politicians Question the Safety of Mega Databases
U.K. politicians are increasingly questioning the safety of holding vast amounts of information in databases despite government plans to rely on them more to battle terrorism, crime and immigration problems.
The opposition Conservative Party has charged that the ruling Labour government has created "a series of unwieldy databases" that have resulted in several high-profile data breaches and losses across government departments, according to a position paper.
"A key problem in the United Kingdom in recent years has been that databases have been built and then issues of data security have been addressed as 'bolt on' considerations rather than considered as integral to the initial design," the document said.
If the Conservatives are elected in the next general election, the party says it would take several measures to ensure data safety, such as avoiding having a single database that holds massive amounts of information. There isn't a fixed date for the next general election but it must take place before June 3, 2010, according to the Electoral Commission.
"New technologies are enabling this information to be dispersed and held locally rather than in centralized databases or mainframes," the paper said. "This approach is not only less expensive than constructing a giant central database, but it is also more secure."
The U.K.'s National DNA database holds some five million records, including people who have never been convicted of a crime or do not have a police record. The Conservatives are proposing to only retain DNA while a person is under investigation, and expunge records for those who are not convicted. The DNA for those who have been convicted would be retained indefinitely.
The U.K. is also undertaking a massive program to issue national identification cards to citizens and foreigners. Under the Conservative plan, two databases that store data, the National Identity Register and Contact Point, which stores information on minors under 18, would be scrapped.
The Conservatives didn't expound further on the architecture of a new system, saying the resources would be deployed to "more effective measures."
Other ideas include giving the U.K.'s Information Commissioner, which oversees data protection issues, the power to audit government agencies and other public bodies on a rotating annual basis to ensure data isn't carelessly managed.
Government departments would also be required to conduct a Privacy Impact Assessment before launching new projects involving the collection of data, the Conservatives said.
The Conservative plan comes as Scotland's government recently launched a consultation on Aug. 31 on a set of principles concerning identity management and privacy. The consultation is a chance for public organizations to comment.
The document focuses on good data retention practices, such as only asking for the minimal amount of information, holding for only as long as is needed and ensuring the information is securely held.
The consultation ends Nov. 23, and Scotland plans to issue the final document in February for widespread use later in 2010.