Children's database delayed to review security

Tags: Safety Security

28 Nov 2007

The government has announced that the £224m children’s database, ContactPoint, will be delayed for five months, so that a full security review can take place, following last week’s HM Revenue and Customs child benefit data loss scandal.

The new system, originally due to go live in spring 2008, has been postponed and is now due to begin operation by no earlier than September 2008.

In a statement to MPs in the Commons yesterday, children’s minister, Kevin Brennan announced: “Delaying the implementation of ContactPoint will enable the independent assessment of security procedures to take place, as well as address the changes to ContactPoint that potential system users have told us they need.”

ContactPoint, conceived after the Victoria Climbie enquiry, is intended to hold records of all children in England from birth until 18 and will extract data from national and local sources – including NHS Connecting for Health.

Information about every child's name, address, their parents or guardians as well as contact details for each government service they use, including which GP they go to, will be held on the system. This has raised concerns about the extent of access to such sensitive information about individual children.

ContactPoint will not, however, hold assessment or case information, or subjective observations about a child or their parents, or any other detailed personal information about a child or their family.

The eight month delay means that the database, being built by Capgemini for the Department for Children, Schools and Families (DCSF) will now not go-live until next September at the earliest.

The security review follows the news last week of a security failure by HM Revenue and Customs (HRMC) on child benefit data, resulting in the loss of two discs containing the personal details of 25m UK citizens, including bank details and addresses.

A DCSF spokesperson told E-Health Insider: “Security is of paramount importance in the development of ContactPoint, and will be reflected in the statutory guidance and staff training that will govern the operation of ContactPoint. A number of stringent measures will be in place to ensure security.

“Access will be restricted to authorised users who need it as part of their work. Users will be trained in the safe and secure use of ContactPoint, information sharing practice and the importance of compliance with the Data Protection Act and Human Rights Act. Robust procedures and mechanisms will be in place to guard against access by unauthorised users, and the inappropriate use of ContactPoint by authorised users.”

No assurances were made that the data would be completely encrypted, although Ed Balls, the minister responsible for children, is reported to be under pressure to make this change.

The database will be available to almost 330,000 vetted users, and is designed to be the quickest way for a practitioner to find out who else is working with the same child or young person, making it easier to deliver coordinated support.

ContactPoint was devised in response to a recommendation from the inquiry into the death of Victoria Climbie, in order to make it easier to co-ordinate the efforts of different agencies involved in child protection.

However, parents' groups have protested against putting their children on the database, fearing it could be dangerous.

Mary MacLeod, chief executive of the National Family and Parenting Institute said: “Parents and their children are already worried about how secure ContactPoint will be, especially because of the number of people who will have access to details about their children. In the light of recent events the Government should reconsider whether a database with all the children's names in the country is the best way to ensure that information about children at risk is properly shared, so they can be protected.”

The news comes as it was revealed last night that apology letters being sent in the name of Dave Hartnett, acting chairman of HMRC, contained personal data relating to strangers, including each claimants’ name, address, national insurance and child benefit numbers.

Liberal Democrat children’s spokesperson, Annette Brooke said: “There could be more than financial costs if the addresses of vulnerable children from a family separated because of domestic violence, for example, are not kept secure.

"The government has proven itself not be trusted with large databases containing personal details. The failure of security procedures by HMRC has left millions of parents extremely worried and raises questions about the safety of other records stored by the government.”

According to the Press Association, the children's rights director for England, Roger Morgan, warned that youngsters had serious concerns about the safety of the database. He said children “thought that paedophiles would spend a lot of time and effort trying to break into ContactPoint.”

Links

ContactPoint

Joe Fernandez

Readers Comments

Ready

29 Nov 07 09:31

Does anyone know if it was actually ready to hit its planned go-live date or is this a convenient breather?

Oh for pity's sake

29 Nov 07 12:23

The real danger is that software alone does nothing for the protection of children.

I am an advocate of the benefits well designed IT systems for professionals.

However when software is commissioned as a panacea for organisational failure or to provide "cash releasing benefits" there is good reason for suspicion.

Divers National "databases" are charged by the current administration with reducing child abuse, gun crime, waiting lists, terrorism, illegal immigration and most other threats to mom and apple pie.

It is all too easy to take a recommendation (invariably by an IT illiterate enquiry) to "create a database" and ignore the other failings invariably highlighted in such reports:

1. lack of a named individual with whom the buck stops

2. unrealistic workloads heaped upon poorly qualified and / or inexperienced staff

3. the chaos resulting from the continuous revolution of management reform public service agencies and their inter-relationships have been subjected to over the past two decades

Poor IT systems (or good systems implemented poorly) not only waste money but actually move one further away from desirable goals -

1. The buck stops with the computer

2. Cheaper less experienced staff are used because the computer is so 'clever'

3. The IT system itself becomes another combatant and victim within the continuous revolution of reform

Will we ever have political insight and discussion of these vital issues? The alternative is the continued futile transfusion of billions into the coffers of management consultancies.

Malcolm H Duncan

Medical Object Oriented Software

Other interests

30 Nov 07 14:04

Whilst they are looking at security, could do with some clarity about the 2 factor authentication (Will health staff be able to use their NHS Smartcards ?).

Also, the Contact Point website talks about integration with other systems. Which and how, and what knock-on security implications ?

And will it really be fast enough and seamless enough to be used always by health and social practitioners at the front line ?

Convenient breather? NHS Smart Cards?

nhstechie@btinternet.com

01 Dec 07 20:52

Is this a convenient breather?

Let's look at the evidence. Due in April - but supplier only recently announced (see EHI) - prior to this week the latest press release showe "during 2008" instead of "April 2008".

Use of NHS Smart Cards? Computer says no.

Confidential Databases

preston.demendonca@nhs.net

05 Dec 07 14:20

"The database will be available to almost 330,000 vetted users"....so no worries about security then!

Any lock with 330,000 keys cannot be secure.

Preston de Mendonca GP Plymouth.

Balance of risk

05 Dec 07 23:51

"Any lock with 330,000 keys cannot be secure. "

Perhaps not, but if you monitor everyone who uses a key to open the lock and track everything they look at you can mitigate the risk somewhat.

Surely the key issue here is enabling information to be shared? ContactPoint, for all its faults, was spawned by the Laming Report which lambasted Health, Education and Social Services for not sharing information in a way which would probably prevented Victoria Climbié's maltreatment and death.

There will always need to be a balance struck between the need to share such information and the need to keep it safe. Locking the firedoors and hiding they key may keep your building safer from the risk of intrusion but it puts the staff and patients at risk if there's a fire.

Deterrence is nonsense

colin.brown99@nhs.net

11 Dec 07 21:13

"if you monitor everyone who uses a key to open the lock and track everything they look at you can mitigate the risk somewhat." This is the policy of deterrence by retrospective audit. It is vacuous as it overlooks 2 points: - deterrence only applies to the amateur, serious blackhats don't get caught, charged, prosecuted, convicted .... then punished. Or if they might they factor it into their rates. - retrospective audit - is there any evidence of any of these services actually systematically doing this, analysing the results and publishing them on the web? So that anyone whose privacy might have been compromised can check it and seek remedies, practical and legal?

The unacceptable risk is in assuming that 330,000 users can ever be free of security risks, and that so many users are somehow desirable for Child Protection. A federated structure of interoperable systems on the scale of natural working groups, and with access so defined - now that might be both safe and effective.

re "balance of risk"

preston.demendonca@nhs.net

12 Dec 07 09:48

the children's rights director for England, Roger Morgan, warned that youngsters had serious concerns about the safety of the database. He said children “thought that paedophiles would spend a lot of time and effort trying to break into ContactPoint.”

...are you still sure that 330,000 keys to the database of the most vulnerable children in the country are necessary?Have we changed the balance of risk by creating a targetable single database?

Preston de Mendonca GP Plymouth.