Skip to main content

Children: Databases

Volume 468: debated on Thursday 6 December 2007

To ask the Secretary of State for Children, Schools and Families what reviews have been undertaken by external consultants of the security measures proposed for the ContactPoint database; and what recommendations were made in those reviews. (170027)

ContactPoint has been subject to scrutiny at key stages throughout its development. My Department’s own Chief Security Officer—external to and independent from the project, has checked the Security Policy, the security architecture, and our risk assessment, and found them to be appropriate.

The news on 20 November of the loss of large volumes of child benefit data from HMRC has raised questions about the safety of large scale personal data in other Government systems, including ContactPoint. ContactPoint will not contain any financial information (such as bank details) or case information (such as case notes, assessments, medical records, exam results or subjective observations).

On 20 November, the department conducted an assessment of how personal data are stored and protected in the Department. As a result of that assessment, I am confident that we have very robust procedures in place.

On 21 November, the Prime Minister confirmed this approach when he asked all departments to check their procedures for the storage and use of data. In light of the security breach at the HMRC, we are continuing to check our procedures to ensure standards are as high as they can be. To this end, on 20 November, the Secretary of State for Children, Schools and Families decided to commission an independent assessment of its security procedures. This will be undertaken by Deloitte.

To ask the Secretary of State for Children, Schools and Families (1) if he will place in the Library copies of the regulations, guidance and directions, on the operation of databases made under section 9 of the Children Act 2004; (170208)

(2) what the outcome was of the feasibility work undertaken to identify the best source of a unique identifying number in relation to databases established under the Children Act 2004.

In relation to question 170208, The Children Act 2004 Information Database (England) Regulations (SI2007/2182) and the accompanying explanatory memorandum are available from the Office of Public Sector Information (OPSI) website:

http://www.opsi.gov.uk/si/si2007/20072182.htm, and:

http://www.opsi.gov.uk/si/em2007/uksiem 20072182_en.pdf

and can be accessed from the Library.

The Department consulted on draft ContactPoint Guidance between 4 May and 27 July 2007. I am arranging for a copy of the consultation draft of the ContactPoint Guidance to be supplied to the Library. We plan to publish the Guidance in June/July 2008 in advance of deployment to the Early Adopter local authorities in September/October 2008.

Section 12 of the Children Act 2004 provides for the Secretary of State for Children, Schools and Families to establish and operate a database (to be known as ContactPoint) and to make regulations and issue guidance and directions in relation to its establishment and operation. The Children Act 2004 Information Database (England) Regulations 2007 were approved by affirmative resolution in this House on 23 July 2007, and in another place on 18 July 2007, and have been in force since 1 August 2007. No directions have been issued under Section 12 of the Children Act 2004.

In relation to question 170209, the number to be used for identifying child records on the ContactPoint system will be an entirely new and unique number generated from the child reference number by ‘electronic code book encryption’.

This new number will thus be based on, but entirely different to the child reference number, which underpins the child benefit system, such that the unique link between the two numbers will be securely and separately held. This is the strongest form of such encryption, and no pattern or link can be made between these two numbers.