GOVERNMENT DATABASE

The rapid growth of information technology and the huge amount of information that can now be stored (and searched for) within seconds has brought some considerable advantages. It has, however, also raised some big challenges, particularly in relation to privacy and human rights.

Recently, the Scottish Government narrowly won a debate at Holyrood on a plan to allow public bodies to access data through an individual’s NHS number. Such data can be retrieved from a database known as NHSCR. Anyone who was born in Scotland or registered with a GP practice north of the border has a Unique Citizen Reference number held in the NHSCR.

The concern is not so much to do with the data that is already held here, but that the government wants various streams of data held by the National Registers of Scotland by postcode to be added to the register and freely shared with other public bodies.

A simple adding of the postcode information would remove by default the consent currently required by the address system.

Protagonists will argue that adding individual postcodes to a database has existed since the 1950s. They might add, as they should, that it helps to trace children missing from the education system and by helping to identify foreign patients accessing the NHS. And with laws currently moving through parliament, it will make it much harder to avoid paying Scottish rate income tax (SRIT), which comes into force next year. It has to be a good thing when better ways are found of ensuring everyone due to pay tax does pay that tax, setting aside of course the Scottish Government’s position on poll tax defaulters who have been allowed to see their debts owed to local authorities written-off in full.

The Scottish Government has tried to give assurances that no medical records will be shared, but there have to be causes for legitimate concern. Losing the crucial consent from the public for the information to be stored under an individual’s postcode is one. The sheer breadth of the public bodies this would be available to is another. What would be preventing Scottish Canals, Quality Meat Scotland or even Botanic Gardens Scotland from accessing personal information on any individual, which quite clearly would be far outside of their own operational domain?

Because no-one can predict the future with any accuracy and political environments can change quite quickly, thinly laid down arguments tend to perform poorly and can easily be lost within the plethora of the wider debate. But that is not the same as raising perfectly legitimate fears about the security of access to an individual’s personal data. The creation of one universal number, the huge amount of data stored by postcode and the number of organisations that would have access must increase the opportunity for abuse, either through wrongful proliferation, malevolent external hacking practices, rogue individuals permitted access to the network, or even by a government agency itself.

The least we should expect is that safeguards are spelled out in parliament so that there are reassurances on these reasonable points before the green light is given on these proposals. Otherwise, the whole plan will be seen as introducing ID cards by stealth by the back door, a process which, similarly, relies on the proliferation of information across a single database.