Identity Cards Bill

It enables you to check who has asked for information and who has given information about you. So when you made your inquiry it would be possible for you to check who had done that. Also it makes it clear to those who give information that they have to be absolutely certain of its accuracy and that they are entitled to give that information, because the individual concerned will be able to look at the log and check back. So if they have given information that they should not have given, you can look back and find out which reader was used and which individual was involved. You can track the information to try to bring people to account if they have done that which they should not properly have done. We think this will be a useful tool for ensuring the integrity of the register and feeding our counter-fraud strategy. It would benefit both the cardholder and the user organisations as the information held through sub-paragraph (c) would support retrospective review of the audit logs to detect possible fraudulent use. If a card holder or user organisation disputed a particular transaction, being able to make recourse to detailed audit information would make repudiation very difficult. We think that is a very important safeguard for the individual. Sub-paragraph (c) enables particulars of,"““the provision of the information””" to be recorded. It is apt to include the person by whom, and the means by which, information is provided; for example, whether the provision of information was by post or conveyed electronically. It does not provide carte blanche torecord the purpose for which information has been requested or any other extraneous information; it is simply part of the audit trail. So that audit trail will have integrity. The noble Lord, Lord Thomas of Gresford, says that the whole system is a nightmare. If it was as he thinks it is, I could understand him saying that, but I assure the Committee that, as we have drafted it, it is not. ““May”” means may; it does not mean must. Generally speaking, each provision of the information will, as I say, be recorded as a safeguard for the individual. But, for example, if someone uses their card to enter a government building every day, it would not be sensible to record each occasion. It will also not be the case that all information will be kept for ever. The register needs to be maintained in accordance with Clause 3(4), and that is only for so long as it is consistent with the statutory purposes. Individuals recorded on the register should be reassured that their details will not be provided without a record being kept of that request. That will provide a deterrent to anyone attempting to obtain information improperly as their details will be recorded. This is in line with data protection good practice. Clauses 19 to 20 set out only very specific circumstances in which information recorded in paragraph 9 of Schedule 1 can be provided to the intelligence and security agencies for their statutory purposes. Other agencies involved in the prevention or detection of crime, such as the police and Her Majesty’s Revenue and Customs and government departments, can also be provided with information but only for purposes connected with the prevention or detection of serious crime. Schedule 1(9) has important public interest benefits associated with it, as well as providing reassurance to the individual that information held on the register about them cannot be misused. I reassure the noble Baroness, Lady Carnegy of Lour, that there will not be a long list of people who will then make it seem as if the individual is in error. It will be possible for the individual to turn the tables, if you like, on them and look at the log and ask why people are making the inquiries, and be able to check it if they think that is appropriate.