ID card database to hold sensitive personal data despite Government claims

The Government refers in its consultation paper to the types of data that may be held under the scheme. "None of this information," it tells the public, "falls within the category of sensitive personal data".

Sensitive personal data is defined in the Data Protection Act as including data about an individual such as, among other things, racial or ethnic origin; political opinions; religious beliefs; physical or mental health or condition.

However, writing in the latest issue of Data Protection & Privacy Practice, published by Masons today, Dr. Chris Pounder said that the Government's reassurance with respect to sensitive personal data cannot be relied upon.

"It is well known that the central database will include a photograph of the ID card holder. If that photograph reveals a certain medical condition, for instance, Downs Syndrome or blindness, then clearly these photographic data are sensitive personal data," said Dr. Pounder.

"Equally," he continued, "sensitive personal data would be processed if photographic identity data were used in a racial context – for example, if the authorities searched the database to identify an Afro-Caribbean Fred Bloggs from, say, a Caucasian Fred Bloggs".

These are not the only issues, however. In explaining how the NHS will benefit from the ID card, John Hutton, Minister of State at the Department of Health told MPs on the Home Affairs Select Committee in April that the ID card will most likely have to be presented "when you first register with a GP" and "in relation to the first in a series of hospital appointments, outpatient appointments or whatever". The Minister added that there was "an argument too for periodic checks as well because a person's residency and immigration details can change over time".

Dr. Pounder points to the draft ID Card Bill, which states that the central registry database is to contain "access records". The Bill states that these "access records" include "particulars of every occasion on which a person has accessed an individual's entry and of the person who accessed it".

He said: "If an individual with an ID card uses an NHS service which requires a check on entitlement for free treatment, there can be a record in the ID Card database which describes that check. This would provide details of which NHS body holds the medical records and, in the context of our analysis, of the circumstances outlined by the Minister - in particular 'first outpatient clinics'."

"The record of which clinic the patient attends, however, can give inferential detail of the individual's medical condition. After all, patients who attend at a sexually transmitted diseases outpatient clinic or a pre-natal maternity clinic are not queuing for a flu jab," he reasoned.

Dr. Pounder concluded: "On the spectrum of privacy issues associated with the ID Card database, this issue is relatively minor. It is the categorical assertion that there is 'no sensitive personal data' which causes concern. It shows that the proposed ID card scheme has not been informed by any serious understanding of the data protection and privacy elements involved."