information

The Scottish Government’s Plans for a National Identity Database

Clicky Steve, , , , , Leave a comment

Over the past couple of weeks, it has come to light that the Scottish Government are holding a public consultation on changes to the National Health Service Central Register (Scotland) Regulations 2006. 

The NHSCR is essentially a database that holds records on every single person in Scotland who was either born – or registered with a GP – in the country. This is tied to a unique number called the UCRN. Since the bulk of us need to see the doctor now and then – and don’t have private healthcare – that means pretty much all of us is on there. The changes would allow the register to collect some additional information (in the form of postcodes), and then share that data with other public sector organisations.

The proposed aims of these changes are as follows:

i. Improve the quality of the data held within the NHSCR

ii. Assist the tracing of certain persons, for example, children who are missing within the education system and foreign individuals who received NHS treatment in Scotland and left the country with outstanding bills

iii. Enable the approach to secure and easy access to online services (myaccount) to extend beyond services of Scottish local authorities and health boards to a wider range of public services

iv. Enable the identification of Scottish tax payers to ensure the accurate allocation of tax receipts to Scotland associated with the Scottish Rate of Income Tax.

So hold on, how on earth will changes made to a register held by the NHS help trace missing people, or to sort income tax? I’m glad you asked!

Data Sharing

Despite being buried away in a seemingly minor consultation in an innocuous piece of legislation, the proposals are actually pretty significant. In essence, they are seeking to use NHS records as a central location for a whole manner of other organisations to track details about people resident in Scotland.

On the face of it, the sheer dishonesty involved in appropriating a database which has been collected through public trust for other purposes is dismaying enough. However, there are some legitimate aims in there. After all, who could argue with attempting to trace missing children more efficiently? Given the sensitive nature of the information involved, I’m sure that we can expect that the other organisations which would gain access to view and share these types of personal details would be small, and tightly controlled. Right?

Wrong.

In the proposed new schedule, there are 98 different organisations listed who would get access to a core set of records. Amongst them are:

  • The Scottish Ministers
  • The Scottish Parliament
  • Revenue Scotland

Well, okay… not great, but hard to really justify spitting the dummy out over.

But wait, there’s more:

  • The Foods Standard Agency in Scotland
  • The Drinking Water Quality Regulator in Scotland
  • The Queen’s Printer for Scotland

Err… what?

That’s not all though!

  • Glasgow Prestwick Airport
  • Cairngorms National Park Authority
  • Scottish Canals

and… possibly the best one of them all:

  • Quality Meat Scotland

Yep, that’s right. Quality Meat Scotland.

Don’t believe me? See the full list for yourself.

Now, correct me if I’m wrong, but I see absolutely no reason for these people to have access to my private information:

Scotsheep 2012 Kings Arms 053

I’m sure they’re wonderful human beings that do a great job, but when I go to see the doctor about a private matter, I don’t expect that information to then be available to anybody else, especially not a seemingly arbitrary selection of other public organisations.

Here’s some other possible data exchanges that I find curious:

  • The Forestry Commission sharing information on people with the National Library of Scotland (to find out which books are pulped most, perhaps?)
  • SQA (the exams people) sharing information on people with The Crofters Commission (finding under-qualified Crofters?)
  • Scottish Canals sharing information on people with The Board of Trustees of the Royal Botanic Gardens, Edinburgh (?!?!)

There are other, more serious potential implications though:

  • The address information of vulnerable people being discovered, or exposed to disgruntled or abusive ex-partners
  • Details of people’s personal medical records (including mental health issues such as depression) being laid bare for others to access – with the potential for discrimination on that basis markedly high

These possibilities are purely hypothetical at this point, and would arguably be outside of the scope of the proposals in their current form. However, they illustrate the risks that are presented by linking up disparate data-sets in this manner. Once the UCRN is deployed across the public sector, there is little to prevent the above examples from being enabled. The consultation does not the risks that are presented by this, and haven’t given the impression of any sort of detailed consideration about either the privacy implications, or general public interest of this move.

One would expect there should be detailed regulations in place to control the sort of information transfer being described, yet the consultation remains remarkably quiet on the matter, stating only the following:

In each of the proposed amendments outlined above the minimum amount of data would be shared for the specific purposes outlined. The organisation will provide information on the individual they wish to identify and will receive equivalent information from the NHSCR and the principal reference number which is the UCRN. Where an organisation wishes to take advantage of this legislation it will also require to have in place data sharing agreements to ensure that appropriate processes are put in place and followed and that the data is used for the specific purpose identified.

That’s all very well and good, but there is a worryingly scant supply of details on the framework that would ensure these protections would be afforded, or what these ‘appropriate processes’ might be to prevent extra data being shared between organisations without justification. There is also nothing to stop this limited, and disparate set of aims (tracking missing children, establishing a more efficient online user account system for public services, and ensuring Scottish people pay income tax) from expanding in the future to share much more data.

This is a far bigger issue than it is being presented as.

Here is a summary of the issues:

  • The proposed changes would create a single national identity database in Scotland
  • There have been no adequate considerations of the privacy or data implications outlined in the consultation
  • There is no way to guarantee that the scope of the data to be shared would not increase in future, once the mechanism is established
  • The changes would undermine the public’s trust in the NHS, by using it as a vehicle to deliver these proposals

The consultation is woefully inadequate for the significance of these proposals, and the questions framed as if their premise is already universally accepted as a good thing. Almost laughably, instead of leaving space for any potential concerns, the consultation asks about suggestions for other organisations who the data should be shared with. That’s in addition to Prestwick Airport and Quality Meat, for the record.

The Scottish Government should halt the proposals, and instead move to recognise these changes for what they are: a significant development in our relationship with public sector organisations, requiring a full debate in Parliament, with the chance for both MSPs and the public to scrutinise them.

Read more from the Open Rights Group on this here.

Details on the Consultation itself is here. If you’re looking to do so, make sure and get yours in quick, as the closing date is the 25th of February.