U.K. CIO issues warning on large database risk

U.K.’s chief information officer, John Suffolk, has cautioned government agencies against putting “more eggs in a single basket” when it comes to protecting sensitive data.

Speaking at a meeting of MPs called, The Surveillance Society, Suffolk warned about the risks of creating more large government databases.

The man charged with bringing coherence to government IT strategy made his comments just hours before Chancellor Alistair Darling revealed to MPs the loss of 25 million personal records on two discs being transferred between the HM Revenue and Customs and the National Audit Office.

Suffolk said the “UK public sector is more advanced than other sectors in doing joined-up technology. The oldest, at 33 years old, is the police national computer. We work at a national scale.”

But he added, “To put more eggs in single basket is a foolhardy approach. The best way to protect data is to say: this data is for specific purpose, put protection around [it].

“Only those that need legitimate access can access the data. The more people get access the more complex it becomes. If we can avoid yet another large-scale citizen database, where we have a number of those already, that would be a wise thing to do.”

Although Suffolk did not mention the government’s plans to introduce a national identity card scheme or the scheme to provide every citizen with an electronic health record, his words are likely to be cited by critics of these programmes.

The government CIO also warned against any moves to create an overarching citizens’ database. “There is a balance to be struck. It’s nonsense to assume or even think about a central database or central clearing house,” Suffolk told MPs.