The Committee consisted of the following Members:
Chair: Mr Virendra Sharma
† Buck, Ms Karen (Westminster North) (Lab)
† Byrne, Liam (Birmingham, Hodge Hill) (Lab)
Cooper, Rosie (West Lancashire) (Lab)
† Double, Steve (St Austell and Newquay) (Con)
† Elmore, Chris (Ogmore) (Lab)
† Herbert, Nick (Arundel and South Downs) (Con)
† Huddleston, Nigel (Mid Worcestershire) (Con)
† James, Margot (Minister for Digital and the Creative Industries)
Johnson, Diana (Kingston upon Hull North) (Lab)
† Lamont, John (Berwickshire, Roxburgh and Selkirk) (Con)
† Lewer, Andrew (Northampton South) (Con)
† McMorrin, Anna (Cardiff North) (Lab)
† Morris, Anne Marie (Newton Abbot) (Con)
† Shuker, Mr Gavin (Luton South) (Lab/Co-op)
Smeeth, Ruth (Stoke-on-Trent North) (Lab)
† Thomson, Ross (Aberdeen South) (Con)
† Tolhurst, Kelly (Rochester and Strood) (Con)
Yohanna Sallberg, Committee Clerk
† attended the Committee
Second Delegated Legislation Committee
Tuesday 26 June 2018
[Mr Virendra Sharma in the Chair]
Draft Code of Practice for Civil Registration Officials Disclosing Information Under Section 19AA of the Registration Service Act 1953
I beg to move,
That the Committee has considered the draft Code of Practice for Civil Registration Officials Disclosing Information Under Section 19AA of the Registration Service Act 1953.
It is indeed a pleasure to serve under your chairmanship, Mr Sharma. The Digital Economy Act 2017 amends the Registration Act 1953, introducing discretionary data-sharing powers that allow civil registration officials to share civil registration data such as birth, death, marriage and civil partnership records with other civil registration officials and with public authorities for the purposes of fulfilling their functions. Any data sharing will be carried out in accordance with the requirements of data protection legislation. For the data-sharing powers under part 5 of the Digital Economy Act 2017 to become operational, the codes of practice, including the civil registration code of practice, have to be laid before Parliament and approved by a resolution of each House.
The civil registration code of practice sets out how the discretionary data-sharing powers should be used by civil registration officials when considering disclosing information under those powers. While primarily for civil registration officials, the code of practice will become a public document and will provide greater transparency on how civil registration information is held and managed.
The code of practice has been drafted in consultation with the Information Commissioner’s Office to ensure that it is compliant with data protection legislation and the latest standards for best practice for information sharing. In developing the code of practice, work also took place with other Departments, the devolved Administrations and civil society groups with privacy interests. That approach ensured the right balance was struck between supporting civil registration officials using the discretionary data-sharing powers and building appropriate safeguards in the code of practice to protect individuals’ privacy and prevent the unlawful disclosure of data.
Before data is shared, the code of practice provides that privacy impact assessments and data-sharing agreements should be drawn up and agreed with public authorities to include such things as how data is to be used, stored and retained. Data should be used only for the purpose it has been provided for and retained only for as long as is necessary.
Data-sharing agreements should prevent the creation of a database or the linking of registration data in any way. Any breach would have to be reported to the Information Commissioner’s Office, which has the power to impose penalties where appropriate. Details about all data-sharing agreements under the powers will be made available by civil registration officials within a publicly available register. There will be one register for all the data-sharing agreements relating to civil registration, public service delivery and debt and fraud powers.
The register will require the same data fields to be completed on the register for each of the delivery provisions. That will ensure consistency and transparency about how the powers are being used. It will set out the purpose and anticipated benefits of each data share and clarify the controllers of data under the respective data-sharing agreements, including data retention periods.
The code of practice, along with the other codes of practice in part 5 of the Act, was subject to a six-week public consultation that concluded on 2 November 2017. The majority of respondents were broadly positive on the content of the civil registration code of practice and found it to be clear. Suggestions on how the code could be improved, which included providing more information on data controller responsibilities, were taken on board and reflected in further revisions to the code of practice prior to its being laid before Parliament.
The final point I would like to make to fellow Members is that we are working within Government to have the register of information-sharing agreements available on gov.uk to coincide with the data-sharing powers becoming fully operational. I commend the code to the Committee.
It is a privilege to serve under your chairmanship, Mr Sharma. The Minister will be delighted to hear that we are not planning to divide the Committee this afternoon, but none the less hon. Members will want some assurances about the change that the legislation will effect in the world.
At the moment, it feels to me that the Government are being forced to take incremental steps forward. We lack a holistic plan for electronic identity in this country. A country such as Estonia has 10 basic databases that contain all the information that anyone entitled to public services might need to draw on, and it is well connected. Here, we are relying on the Minister’s introducing “bits and pieces” statutory instruments, which allow this official and that official to share information.
I urge the Minister to go back to the drawing board in the months to come and think about how we can create a public option for eID. Most of us now have a plethora of private IDs, some of which are safer than others. In Estonia, they have found that creating a public option for electronic ID with good oversight allows them to unlock all kinds of new electronic services, which will be in both the public and private sector in the years to come.
The proposals are basically good. They are important because most entitlements to public services in this country still require some kind of verification from the individual, such as their paper birth certificate, marriage certificate, civil partnership certificate or indeed death certificate. At the moment it is too difficult to share that information.
There are two particular case studies on which I want to press the Minister for answers. The first relates to how the regulations will empower immigration officials in the UK Border Agency and the Home Office to quickly and readily get hold of basic information that they need to prove someone’s right to a British passport. I know that you, Mr Sharma, will have had such cases. I have had lots of cases where the Home Office either lost a passport or lost access to a passport, and where basic information is just not readily accessible or collectible in one place to allow a quick decision on, for example, nationality. Will the regulations make it easier for immigration officials to get hold of registration information that is often buried in the books and databases of registrars up and down the country, so we can stop this basic injustice? That injustice, at its worst, led to the Windrush scandal in recent weeks.
The second point on which I want to press the Minister relates to the very difficult situation that many families face upon the death of a loved one. As she will know, the courts have recently ruled that someone’s faith is a relevant issue in deciding whether to release a body quickly, so that where the diktats of someone’s religion require a burial within 24 hours, that wish can be accommodated. At the moment, in cities such as Birmingham—I know it is a problem in London as well—delays are far too great. That leads to incredible distress among families who cannot bury their loved ones within 24 hours, as they would like to in line with their religion.
It is partly about the underfunding of registration services up and down the country, but there is also a lack of information sharing between the national health service, the coroner’s office and the registration service. At the moment, that leads to delays. If, for example, someone dies at the weekend, the consultant who was on at that weekend may not be rostered back on duty for another few days, so the coroner cannot get in touch with the last medical professional to see the person before they died. It beggars belief that the national health service is unable to put in place systems that allow information sharing with civil registration officials and, where necessary, with coroners, so that bodies can be released within 24 hours and people can be buried in line with their religious beliefs.
I urge the Minister to think more radically about how we assemble a proper electronic ID scheme in this country that connects the principal databases that hold information about each of us. Secondly, I would like an answer on whether this will help us to avoid some of the mistakes that we saw in the Windrush scandal. Thirdly, if she will give us some hope that the registration system for deaths may get better for important communities in our country, we would all be reassured.
I thank the right hon. Gentleman for the good questions that he has raised. In answer to his concern that there are a number of SIs all relating to various codes of practice with regard to information sharing, he cites Estonia as a model. I agree with him that Estonia has many benefits in terms of the way it has embraced the digital economy—we would all welcome that—but we have to remember that Estonia has a population of 1.3 million, which is half the size of a small city in this country, so the challenges are very different. None the less, we have a national system of personal verification and that is on GOV.UK Verify. That is the UK platform, which is open to the public sector.
The right hon. Gentleman talked about the provisions improving various functions of government and that is precisely what they are designed to do. There will be one register relating to all the data-sharing agreements—civil registration, public service delivery, and debt and fraud powers—available on a searchable basis across the public sector. It is hoped that the immigration system would benefit from that fully searchable database. I will look into that and will write to him if I can say anything more specific about that, other than that people will have access to an up-to-date fully searchable database, which will be an improvement.
The second example the right hon. Gentleman rightly draws our attention to is the system for deaths when the person belongs to a religion where people need to be buried within 24 hours. He calls for greater collaboration between the coroner’s office, the registration office and the NHS. I think the measures will assist in improving the dialogue between those three arms, but I believe, from bitter experience, that it will take quite a lot of awareness raising of the new system of data management and the availability of civil registration data on a fully searchable platform before the improvements we all want to see actually take root. The system will allow electronic information to be shared with NHS bodies, which should speed up data-sharing processes, subject to IT limitations. We have some way to go before we bed this down, but the potential is there. I commend the code of practice to the Committee.
Question put and agreed to.