Government offers school pupil data to private companies

Olivia Solon writes in Wired:

Data relating to every school pupil in England is now available for use by private companies thanks to a change in legislation implemented last year.

The move is part of a wider government initiative to “marketise” data, which includes initiatives such as the much-criticised Care.data and the selling off of taxpayer data by HMRC.

Education Secretary Michael Gove launched a public consultation back in November 2012 on proposal to let the Department for Education share extracts from the National Pupil Database “for a wider range of purposes than currently possible” to “maximise the value of this rich dataset”.

The National Pupil Database (NPD) contains detailed information about pupils in schools and colleges in England, including test and exam results, progression at each key stage, gender, ethnicity, pupil absence and exclusions, special educational needs, first language.

The data have been collected since around 2002 and is now one of the richest education datasets in the world, holding what the government says is “a wide range of information about pupils and students” at different phases.

Extracts of the data are available for use by “any organisation or person who, for the purpose of promoting the education or wellbeing of children in England are: conducting research or analysis, producing statistics, providing information, advice or guidance.” Bespoke extracts are also available on request.

This might all seem quite non-controversial, but in light of stories about healthcare data misuse there may be some cause for concern.

HMRC to sell taxpayers’ financial data

Rowena Mason writes in The Guardian:

The personal financial data of millions of taxpayers could be sold to private firms under laws being drawn up by HM Revenue & Customs in a move branded “dangerous” by tax professionals and “borderline insane” by a senior Conservative MP.

Despite fears that it could jeopardise the principle of taxpayer confidentiality, the legislation would allow HMRC to release anonymised tax data to third parties including companies, researchers and public bodies where there is a public benefit. According to HMRC documents, officials are examining “charging options”.

The government insists that there will be suitable safeguards on personal data. But the plans, being overseen by the Treasury minister David Gauke, are likely to provoke serious worries among privacy campaigners and MPs in the wake of public concern about the government’s Care.data scheme – a plan to share “anonymised” medical records with third parties.

Government finally ends e-Borders programme

Bryan Glick writes in Computer Weekly:

The government has formally ended the troubled e-Borders programme, four years after it cancelled a £750m contract for the IT project, although its intended functions have been incorporated into a new, broader project to secure the UK’s borders.

Charles Montgomery, director general of the UK’s Border Force, told a meeting of the Home Affairs Select Committee on Tuesday 11 March 2014 that e-Borders had been “terminated”.

But Home Office officials were subsequently keen to point out that although the e-Borders name is no longer used, all the intended aims of the programme have been merged into the the Border System Programme (BSP), an initiative launched in January 2013. At the time BSP was put out to tender, the Home Office told Computer Weekly it was separate to e-Borders, but its scope has since been expanded.

The e-Borders programme was first commissioned in 2003 to improve the use of data to track people moving in and out of the UK’s borders. One aim was to conduct checks on travellers at the point of embarkation to the UK, rather than on arrival in the country.

Care.data is in chaos. It breaks my heart

Ben Goldacre writes in The Guardian:

I am embarrassed. Last week I wrote in support of the government’s plans to collect and share the medical records of all patients in the NHS, albeit with massive caveats. The research opportunities are huge, but we already knew that the implementation was chaotic, with poor public information, partly because the checks and balances on who gets access to data – and how – have not yet been devised or implemented. When you’re proposing to share our most private medical records, vague promises and an imaginary regulatory framework are not reassuring.

Now it’s worse. On Monday, the Health and Social Care Information Centre admitted giving the insurance industry the coded hospital records of millions of patients, pseudonymised, but re-identifiable by anyone with malicious intent, as I explained last week. These were crunched by actuaries into tables showing the likelihood of death depending on various features such as age or disease, to help inform insurance premiums.

We can reasonably disagree on whether you find this use of your medical records acceptable, but the process must be competent and transparent. The HSCIC has now told the BBC that this release of your medical records broke the rules, and that there may have been other similarly erroneous releases: but it won’t say more until “later this year”.

On Tuesday, at a health select committee hearing, things got worse. HSCIC said it couldn’t share documentation on these releases because it had all been done by its predecessor body, the NHS Information Centre – even though the HSCIC replaced the NHSIC in 2013, and is in the same building, doing the same job, with almost identical personnel and all the old records. Furthermore, the actuaries’ report using the hospital data carries the HSCIC’s logo – not the old NHSIC one – with the HSCIC’s admitted full consent. If HSCIC disapproves of NHSIC releasing this data – or regards it as illegal – why did it add its logo and approval to the output?