Thursday, 5 March 2015

The ID Database Hasn't Been Thought Through.

It’s been interesting to see the reaction of SNP supporters to criticism of what is officially called the “proposed amendments to the National Health Service Central Register”. Not least because the SNP itself is officially opposed to an ID database; its stated concerns include some of my concerns.

Here’s an SNP press release from 2009: http://www.snp.org/media-centre/news/2009/feb/snp-confirm-scottish-id-card-opposition

So where are these current proposals coming from? They originated when Labour was in office in Holyrood, but come from the Scottish civil service. It should be no surprise that many projects originating from the civil service continue no matter which party is in power.

That being the case, why are SNP supporters so keen to defend the plans?

It seems that many believe that it must be OK if the SNP is doing it. Well, that kind of faith is touching, but I’m unable to share it. SNP supporters need to ask themselves if they are completely comfortable that there will be no “mission creep”, bearing in mind that this proposal is being driven by civil servants. They also need to consider a future when the party they trust so much might no longer be in power: are they just as happy with someone else running this scheme?

I’ve heard some interesting views on the proposals. That it “isn’t data that’s being held, it’s your name and address”. Well, that is data. The proposal specifically says the point of the exercise is “to enable certain data contained on the National Health Service Central Register (“the NHSCR”) to be shared with certain named bodies and for the NHSCR to hold additional postcode data”. So, data given to the NHS will be shared with other bodies - up to 100 authorities and services within Scotland. The information I gave to the NHS – even just my name and address - was specifically given to the NHS to assist the NHS in dealing with me. I did not give my permission to the NHS to share that information with other bodies.

It may be that I’m less trusting about handing over my information in this data sharing age. I’m not on Facebook, for example, precisely because I have concerns about how my data would be shared. Many people are quite comfortable about a degree of data sharing. But perhaps they are too ready to see the advantages and therefore too keen to discount the possible dangers. One of the possible dangers is that systems can harbour errors. Data can be lost, corrupted, or incorrect to begin with. If those errors have only one source, against which every service or public body verifies their information, then countless problems can arise. Individuals might find themselves “non-people” because somebody has entered their name incorrectly once, and the error is repeated over several bodies.

For example, I had an issue with a bank, on their correspondence to me, issuing me with an extra middle name that I don’t possess. I noticed that they had begun doing this this several years ago, and went into the branch with my passport to prove that it wasn’t my name. They duly changed it in their records, but just recently the same erroneous middle name has crept back into their correspondence somehow. Many of you will no doubt be able to think of similar examples. So far, this particular issue has caused me no problems. Yet. But it could. And how much more so if the central registry makes such an error, and that becomes the verified “truth” against which my bone fides is checked?

A central registry is just a bad idea.

Another response I’ve seen is that this is all voluntary. “An individual will give, of their own free will, their details if they want to access a service, and this will then be checked against the central registry”.

Well, that’s not quite right, is it? The central registry will already have your details – they’ll have harvested them from details given to the NHS. And in any case this talk of checking someone’s entitlement against a central database doesn’t sit well with me at all. It doesn’t sound very voluntary; it sounds like a compulsory ID card without the card. The card itself was never the real problem anyway, it was the central register that was the problem – and here it is all over again, in a new guise.

Before you dismiss this as nothing to worry about, read the handy briefing from Open Rights Group:

https://scotland.openrightsgroup.org/policy/2015/02/19/the-scottish-national-id-database-your-questions-answered/

No comments:

Post a Comment