The U.K. government has begun a period of consultation on data sharing by both public and private sector bodies, as part of a far-reaching review that was first announced by Prime Minister Gordon Brown in October.
The consultation period will run until February 15, and is aimed primarily at experts and practitioners in the field of data sharing and data protection. But the general public can also have their say at a time when data security is a subject of widespread public debate following HM Revenue and Customs’ loss last month of 25 million child benefit records in the biggest-ever U.K. data breach.
The review is being led by information commissioner Richard Thomas and the director of the Wellcome Trust, Dr Mark Walport. Among other issues, they are charged with considering whether there should be any changes to the way the Data Protection Act operates currently and how any changes they do suggest should be brought in.
The review will also make recommendations about the powers and sanctions available both to the Information Commissioner’s Office and the courts in the various pieces of legislation that govern information sharing and data protection. And the review team will look at how data sharing policy can be developed to ensure transparency, scrutiny and accountability, the Ministry of Justice has said.
When Gordon Brown set out plans for a review of data-sharing, in a speech at the University of Westminster in October, he said: “Whatever views people have in the debate we are currently engaged in about the management of identity … I believe we need a wider debate about the right form of independent oversight and parliamentary scrutiny and safeguards.”
Ovum analyst Graham Titterington said the review was urgently needed.
“It will address transparency, accountability and scrutiny. All three of these have been seriously lacking in the catalogue of recent breaches involving government departments, of which the HMRC discs is just one example.”
Titterington said the government’s description of the HMRC incident “appeared to show a lack of accountability about the handling of data.” And he said the current laws were “overly complex” and largely powerless.”
“The government and its officials simply do not understand the value of the information they hold, and the cost of remedying data security failures,” he warned.