A security review for the ContactPoint database that is set to hold the details of every child from birth will delay the £224m project by at least five months, children's minister Kevin Brennan has admitted.
The independent security review was ordered by schools secretary, Ed Balls, in the wake of the HM Revenue and Customs (HMRC) data loss debacle that has seen details of 25 million people, held on two CDs, lost in transit between HMRC and the National Audit Office.
In a ministerial statement, Brennan said the review - to be conducted by Deloitte - would mean that deployment of ContactPoint to early adopter local authorities and child welfare agencies will not take place until September or October 2008. The system was originally due to be rolled out to early adopters in April next year. Brennan also announced £40m funding to support local implementation until March 2009.
The HMRC data security breach – Britain’s biggest – emerged on the same day that a report by the government’s own children's rights director, Roger Morgan, revealed that a survey of children had found most were worried about the safety of information on the ContactPoint database.
ContactPoint will contain basic identifying information about all children in England from birth until age 18, along with contact details for their parents or carers and for professionals providing support services to them.
The establishment of the £224m database follows a key recommendation of Lord Laming’s inquiry into the brutal treatment and murder of eight-year-old Victoria Climbié in 2000.
But the project had already raised security concerns before the HMRC data fiasco, because of the number of people who are expected to have access to ContactPoint data - more than 330,000 education, health, social care and youth justice professionals.
Earlier this month, information commissioner Richard Thomas included ContactPoint in a list of government projects that threatened individuals’ data protection rights.
Morgan’s report – with the project-friendly title Making ContactPoint Work – is based on a survey and discussion group with a total of 62 children in care, with foster parents, in residential schools or in receipt of other social services.
Concerns about the safety of the data were a key issue for the vast majority of those surveyed. Children felt that "eventually, the system would either break down, or its security would be breached" and that staff with access to the database could hand their passwords and electronic security tags to others.
Morgan said: "The children have told me that they are concerned about the safety of ContactPoint. Children want to be assured that their information will remain safe and confidential and have asked specifically that the government will never in the future put a child's photograph or telephone number on the database."
There would "always be a need to keep security under review, as the repercussions of information falling into the wrong hands could be extremely dangerous," he added.
A spokesperson for the Department for Children, Schools and Families (DCSF) said: "We are fully committed to the Contact Point programme."
Ed Balls had also asked DCSF permanent secretary David Bell to conduct an immediate assessment of how personal data was stored and protected across the department. Bell had reported back within 24 hours "to confirm the department was confident that we have very robust procedures in place", the spokesperson said.