Despite repeated instances of information breaches, and a wide-ranging review by the Cabinet Office of data handling by government, nearly all government departments have failed to put in place basic data protection and error correction policies.
The research was carried out by the Garlik consultancy, which put 30 Freedom of Information (FoI) requests into all major government departments between September and November last year, to see if they had procedures and resources in place to ensure the accuracy of the data they kept. The fourth principle of The Data Protection Act states that "Personal data shall be accurate and, where necessary, kept up to date" but no department was able to show that it was compliant with this simple requirement.
Alan Calder, chief executive of IT Governance Ltd, a consultancy specialising in regulatory compliance, was scathing about the results. "There is an egregious absence of data protection compliance in the whole of central government," he said. "Imagine what would happen in the private sector if the management team ignored instructions to stop breaking the law."
He said it would take little effort or resources to build in the right sort of corrective mechanisms. "It's not very hard to have a data correction policy. It just requires the will to do it, and this is evidence that there is no will across government and the public sector."
The news emerged at the same time as the government announced the launch of the new ContactPoint system, which is a data-sharing protection service that will allow police, medical staff and social workers to see details of up to 11 million children. Announcing the first stage of the project, Children's Minister Ed Balls said: "It is a vital tool to help keep children safe because it is absolutely crucial the right agencies are involved at the right time and get even better at sharing information."
He said basic personal details of children would be held, but not details of any cases. "We have put in place comprehensive arrangements to prevent inappropriate access to the information on the system and ongoing security will remain a priority," he said.
|Government Agency||Written data correction policy or protocol?||Conduct independent audits demonstrating DPA compliance?||Have funds specifically allocated/record of funds re: correction of erroneous data?||Hold statistical data regarding erroneous data corrections?|
|Business Enterprise & Regulatory Reform||NO||NO||NO||NO|
|Cabinet Office (& No 10)||NO||NO||NO||NO|
|Children, Schools & Families||NO||NO||NO||NO|
|Communities & Local Government||NO||NO||NO||NO|
|Crown Prosecution Service||NO||NO||NO||NO|
|Culture, Media & Sport||NO||NO||NO||NO|
|Department of Health||NO||NO||NO||NO|
|Driver and Vehicle Licensing Agency||NO||YES||NO||NO|
|Environment, Food & Rural Affairs||NO||NO||NO||NO|
|Foreign & Commonwealth Office||NO||NO||NO||NO|
|Home Office & associated departments||Delayed response due to public interest concerns||Delayed response due to public interest concerns||Delayed response due to public interest concerns||Delayed response due to public interest concerns|
|Innovation, Universities & Skills||NO||NO||NO||NO|
|Independent Police Complaints Commission||NO||NO||NO||NO|
|Ministry of Justice||NO||NO||NO||NO|
|Ministry of Defence||NO||NO||NO||NO|
|National Audit Office||NO||NO||NO||NO|
|NHS Connecting for Health||NO||NO||NO||NO|
|Northern Ireland Office||NO||NO||NO||NO|
|Office of Public Sector Information||YES||NO||NO||NO|
Stated they fall under the Ministry of Justice
|Serious Fraud Office||NO||NO||NO||NO|
|Work & Pensions||NO||NO||NO||NO|