The ContactPoint database that will hold the details of every child from birth will be set up with restrictions to prevent identifiable data being downloaded more than one record at a time – and an audit trail will track all access requests, the government has pledged.
Children’s minister Kevin Brennan set out a series of security measures to protect children’s records in the wake of the HM Revenue and Customs data loss debacle. The precautions are aimed at making it impossible to download huge volumes of identifiable data from ContactPoint, following the loss of two CDs containing 25 million people's details extracted from HMRC's databases.
Brennan revealed the details in advance of the Deloitte review of ContactPoint’s security, ordered by the government in November, which is expected to delay the project by at least five months.
The establishment of the £224m ContactPoint database follows a key recommendation of Lord Laming’s inquiry into the brutal treatment and murder of eight-year-old Victoria Climbié in 2000.
More than 330,000 education, health, social care and youth justice professionals will have access to ContactPoint data – and the project is among those listed by information commissioner Richard Thomas as posing a threat to data protection rights.
But Brennan said there was “no facility that would allow users to copy personal identifiable information to a file” other than for back-up purposes. The vast majority of users from local authorities or child welfare agencies “will only be able to view child data on the screen - they will not be able to extract files in a personally identifiable form”, he added.
A “very limited number of people” would be able to extract identifiable data, but this would be “one record at a time” in order to meet legal requirements, including children’s rights to see their own records under data protection laws, Brennan said.
He pledged: “To gain access to a child's record, all users will have to state clear reasons why they are accessing ContactPoint, and all use of the system will be monitored and audited. Every access to a child's record will be detailed in the ContactPoint audit trail. This will be regularly monitored by local authorities, using on-line user activity reports, to ensure that any misuse is detected.”
A “very limited number of people in local authorities and the national ContactPoint team” would be able to generate reports from the database, which would be anonymised and would not use identifying data, except for reports produced to meet local councils’ duty to identify children who are missing education, Brennan said in reply to parliamentary questions.
The government has also set out special measures to control the back-up of data by contractor Capgemini, which will set up and manage the £224m database under a seven-year contract.
Back-ups will be carried out “only by specifically identified system operators” and two Capgemini staff will be present when this is done. “This dual control is considered best practice,” Brennan said. Back-up tapes will be encrypted, protected with a complex password and stored in a fire-proof safe in a secure room.