Comms snooping database poses data protection risks, says information commissioner

A government database holding...

A government database holding citizens' private communications records would be "a step too far", information commissioner Richard Thomas has warned.

Any such database containing the telephone and internet communications of the entire population would raise serious data protection concerns, he said.

Commenting on reports that the government is considering such a database, as part of it attempts to counter terrorism and serious crime, Thomas said it would be "a step too far for the British way of life".

Thomas said, "I am absolutely clear that the targeted, and duly authorised, interception of the communications of suspects can be invaluable in the fight against terrorism and other serious crime.

"But there needs to be the fullest public debate about the justification for, and implications of, a specially-created database - potentially accessible to a wide range of law enforcement authorities - holding details of everyone's telephone and internet communications.

"Do we really want the police, security services and other organs of the state to have access to more and more aspects of our private lives?"

Speculation that the Home Office is considering collecting this information from phone companies and internet service providers has been reinforced by the government's Draft Legislative Programme which, referring to a proposed Communications Data Bill, talks about "modifying procedures for acquiring communications data".

Thomas believes there has not been sufficient parliamentary or public debate on proposals to collect more and more personal information without proper justification, citing the expansion of the DNA database and the centralised collection and retention of data from Automatic Number Plate Recognition (ANPR) cameras as two recent examples.

The Information Commissioner 's Office (ICO) has served enforcement notices against HM Revenue & Customs and the Ministry of Defence following recent high-profile data breaches.

The notices require both departments to provide progress reports documenting in detail how recommendations have been, or are being, implemented to improve their data protection compliance. Failure to comply with an enforcement notice is a criminal offence.

The information commissioner's annual report said the ICO received 24,851 enquiries and complaints concerning personal information in 2007-08. The Information Commissioner 's Office has prosecuted 11 individuals and organisations in the last 12 months.

The ICO received 2,646 freedom of information complaints over the past year and closed 2,658. Some 395 decision notices were issued, and of these, 30% ruled in favour of the complainant, and 25% upheld public authorities' original decisions.

In 45% of cases, the ICO upheld some elements of the complaint in favour of the complainant and agreed with the public authority on others.

Read more on IT risk management