This
prospect reverses the position stated in the Government's public
consultation documents in which it confirmed that none of the
information in the ID Card database falls within the category of
sensitive personal data as defined by the Data Protection Act.
The amendment is to be debated tomorrow.
Details of how the amendment works
The ID Card database content is specified in the Bill. There are
around 50 data classes which could be stored in a central register.
These “registrable facts” fall within nine categories which in
relation to an individual ID Card holder means:
"(a) his identity;
(b) where he resides in the United
Kingdom;
(c) where he has previously resided in the
United Kingdom and elsewhere;
(d) the times at which he was resident at
different places in the United Kingdom or elsewhere;
(e) his current residential status;
(f) residential statuses previously held by
him;
(g) information about numbers allocated to
him for identification purposes and about the documents to which
they relate;
(h) information about occasions on which
information recorded about him in the Register has been provided to
any person; and
(i) information recorded in the Register at
his request."
The technical amendment tabled by the Home Secretary states that
the registrable facts falling within category (g) above "do not
include any sensitive personal data (within the meaning of the Data
Protection Act 1998) or anything the disclosure of which would tend
to reveal such data." By inference, this limitation automatically
implies all the other items in the above list – except item (g) –
can be linked to sensitive
personal data.
This subtle change has to be considered in conjunction with
powers in the Bill which permit the Secretary of State to modify
the information in the ID Card database. This power, if
exercised, combined with the implication that the database
can now legimately include items of sensitive personal data
completes the reversal in policy that OUT-LAW has identified (i.e.
the legal infrastructure is in place to permit details of criminal
and medical records to be held in the database in future).
The items of sensitive personal data which are currently
held
At the moment the items of sensitive personal data in the ID
Card database are very limited. For example, the central database
will include a photograph of the ID card holder. If that photograph
reveals a certain medical condition, for instance, Downs Syndrome
or blindness, then clearly these photographic data reveal sensitive
personal data. Additionally, sensitive personal data would be
processed if photographic identity data were used in a racial
context – for example, if the authorities searched the database to
distinguish, say, an Afro-Caribbean Fred Bloggs from a Caucasian
Fred Bloggs. Sensitive personal data could also be revealed if the
address of the Cardholder relates to a mental hospital or a
prison.
Sensitive personal data will also be contained as the central
registry database is to contain "access records". The Bill states
that these "access records" include "particulars of every occasion
on which a person has accessed an individual's entry and of the
person who accessed it". Thus if an individual with an ID card uses
an NHS service which requires a check on entitlement for free
treatment, there will be a record in the ID Card database which
describes that check – in particular 'first outpatient clinics'
which has been identified by Health Ministers.
The record of which clinic the patient attends, however, can
give inferential detail of the individual's medical condition.
After all, patients who attend at a sexually transmitted diseases
outpatient clinic or a pre-natal maternity clinic are not queuing
for a flu jab.
