Like you, I have received my 2011 census form from the Office of National Statistics (ONS). The cover page prominently states, in bold, “Your personal information is protected by law. Census information is kept confidential for 100 years”. Like you, perhaps, I have taken this statement at face value.
However, preparing for our Privacy Impact Assessment (PIA) course, I came across the PIA for the Census (PDF/502 KB) . Under the heading “Keeping census records confidential”, the Census PIA states: “Other than for the purposes of conducting the census and in the circumstances set out in Section 39 of the Statistics and Registration Service Act 2007, it is unlawful for any member or employee of the UK Statistic Authority (which includes any member or employee of ONS) or any person who has received personal information directly or indirectly from the Authority, to disclosure such information”(paragraph 12.6.1).
So, unlike the absolute “confidentiality” statement on the census form itself, the website and PIA “confidentiality” reference is qualified by a reference to legislation dated 2007: a year when the then New Labour Government was highly addicted to its unnecessary mass surveillance legislation. To abuse M&S’s well-known advertising campaign slogan one has to consider whether “this is not just confidentiality, this is New Labour confidentiality”.
Section 39 of the Statistics and Registration Service Act 2007 is, so the Act says, about “Confidentiality of personal information”; in practice the section achieves the precise opposite. Section 39(1) begins well enough. It states that: “Subject to this section, personal information held by the Board in relation to the exercise of any of its functions must not be disclosed by (a) any member or employee of the Board, (b) a member of any committee of the Board, or (c) any other person who has received it directly or indirectly from the Board.”
However, Section 39(4) then states that the disclosure prohibition in section 39(1) “does not apply to a disclosure which (take a deep breath):
a) is required or permitted by any enactment,
b) is required by a Community obligation,
c) is necessary for the purpose of enabling or assisting the Board to exercise any of its functions,
d) has already lawfully been made available to the public,
e) is made in pursuance of an order of a court,
f) is made for the purposes of a criminal investigation or criminal proceedings (whether or not in the United Kingdom),
g) is made, in the interests of national security, to an Intelligence Service,
h) is made with the consent of the person to whom it relates, or
i) is made to an approved researcher.”
Section 39(4) therefore possesses all the hallmarks of New Labour’s disdain for personal privacy. It is not a clause to protect confidentiality; it is a clause to remove that confidentiality.
I should add that the national security paragraph (ie section 39(4)(g)) was removed a year later by Schedule 1 of the Counter-Terrorism Act 2008 (PDF/488 KB). It was replaced by a provision to provided unfettered access to a full copy of the Electoral Register whenever any of the national security agencies wants a full copy.
Can we reflect on this for a second? The idea behind section 39(4)(g) was for Census officials to promise Census confidentiality and at the same time register the UK population with the national security agencies. The replacement idea is for citizens to register for a vote and also register an entry in a Security Service database. There has been no public debate about such mass surveillance, and as far as I can see, this data acquisition has little to do with terrorism. After all, those individuals intent on undermining a Parliamentary democracy are unlikely to want to vote in one.
Note also that in relation to disclosures in connection with crime, the threshold test adopted by Section 39(4)(f) is not the Data Protection test of “failure to disclose” causing “prejudice” to criminal investigation (see Section 29 of the DPA). Instead, the New Labour threshold was reduced to any disclosure made for a criminal investigation.
In relation to an “approved” researcher (the last in the Section 39(4) list), the Board can decide from “time to time to publish criteria by reference to which it will determine whether to grant access” to an approved researcher. Note that this means that there is no obligation for the Board to publish any criteria relating any other recipient in the Section 39(4) list. This in turn means that details about ONS disclosures subject to section 39(4)(a)-(h) can be kept conveniently out of the public gaze as there is no obligation to publish criteria for access.
It is interesting to note that in 2009, the department responsible for Education was not keen on Section 39(4) when it wanted to disclose pupil personal data to the ONS. So, in the “Statistics and Registration Service Act 2007 (Disclosure of Pupil Information) (England) Regulations 2009″, the department changed the law to permit the disclosure of personal data about school pupils to the ONS, but also excluded any further disclosure by the ONS for purposes identified in paragraphs 39(4)(d) and 39(4)(f) to 39(4)(h). In particular, the regulations made any national security and crime disclosure unlawful.
If one department of State discovers it cannot stomach the broad reach of section 39(4) disclosures, I cannot see why those who complete the Census forms in a fortnight’s time cannot be similarly protected.
No doubt ONS officials will vociferously state that there will be no such disclosure and that confidentiality is an absolute. This is technically correct as they can argue that the fact that Section 39(4) has disclosure provisions does not mean the Census personal data will actually be disclosed. However, it is also very clear that personal census information can be disclosed, with a considerable degree of secrecy, almost at the whim of ONS senior managers. And it is the existence of this possibility which is, quite frankly, unacceptable.
Ministers, if they want, can easily clarify the relationship between Section 39(4) disclosures and the personal details collected in the Census. Indeed, the “Protection of Freedoms Bill”, currently under debate in Parliament, provides a vehicle to table an amendment that absolutely protects the Census personal details from such disclosures.
Any failure to make this necessary legislative change, or to make a statement concerning the application of section 39(4), provides evidence that the government is not prepared to commit itself to ensuring the confidentiality of the 2011 Census. In which case, the promise that “Your personal information is protected by law. Census information is kept confidential for 100 years”… is worthless.
This story originally appeared at HAWKTALK, the blog of Amberhawk Training Ltd.
PIA for the 2011 Census is available here: Download Census_pia-final-version
Blogs containing comments about the “Protection of Freedoms Bill”
ICO evidence identifies data protection concerns over Freedoms Bill, 3rd March 2011, http://amberhawk.typepad.com/amberhawk/2011/03/ico-evidence-identifies-data-protection-concerns-over-freedoms-bill.html : RIPA changes in Freedoms Bill: negligible improvement in privacy protection, 16th March 2011, http://amberhawk.typepad.com/amberhawk/2011/03/ripa-changes-in-freedoms-bill-negligible-improvement-in-privacy-protection.html : Protection of Freedoms Bill promotes efficient CCTV surveillance not effective privacy, 16 February 2011: http://amberhawk.typepad.com/amberhawk/2011/02/protection-of-freedoms-bill-promotes-efficient-cctv-surveillance-not-effective-privacy.html