Serious Crime Bill [HL]

I say to the noble Earl, Lord Northesk, that he is by no means tiresome in this regard. He and I both know that this is an important issue which we have to scrutinise. He is absolutely right when he says that, in terms of the end result that we wish to achieve, there is very little between us, if anything. I hope that I will be able to persuade him that the way in which the Bill hasbeen structured in no way weakens the substantial protection provided by the Data Protection Act and by the Human Rights Act. Although I will resist the amendment, I hope that I will be able to persuadethe noble Earl that we have unanimity of view. The noble Earl asks, in the amendment, for the creation of a provision for the Secretary of State to produce and disseminate guidance to all those using the data-sharing powers under Clause 61. I absolutely understand the scope that he seeks to explore, because he asks that the guidance be disseminated to all those involved in data sharing and that it cover the type of sharing of information that can take place between and among those involved and the circumstances in which that sharing can take place. The amendment provides that the guidance should be maintained under review and that the Information Commissioner should be consulted on the content of the guidance. The amendment also requires that the guidance should cover the procedures designed to ensure accuracy and security of the information being shared under the powers, the procedures to ensure co-ordination between bodies and agencies sharing information, the procedures that govern the circumstances in which information can be shared and the procedures designed for circumstances where, notwithstanding the second data protection principle, data are intended to be lawfully shared or processed beyond the purpose of their original collection. The final requirements of that part of the amendment cover the procedures that would guarantee the rights of the data subject and the procedures governing the period of retention of data and how such data will be disposed of. I reassure the noble Earl that we have looked very carefully at those issues. We understand the way in which he puts them, but we question the need for that degree of prescription. The Data Protection Act provides the regulatory framework for data sharing and I would be reluctant to introduce a further layer of regulation that would seem, I respectfully suggest to him, to add little to the general regime. Nothing in these clauses authorises disclosures that contravene the Data Protection Act. At a practical level, I question whether it would be possible to draw up guidance that could sensibly be applied to all the circumstances and types of information that public authorities may wish to share in order to prevent fraud. There would be the difficulty of the guidance applying only to those public authorities that use the power provided by Clause 61—many, as we discussed earlier, would not do so. It may be helpful, since we have not specified the organisation yet, if I use CIFAS as an example of how the system might work. CIFAS is the UK’s fraud prevention service. This is an organisation of the sort that the Government have in mind for the purpose. CIFAS currently has more than 250 members from the financial services sector. Members of CIFAS put on to a central secure database information on those who have attempted to defraud them. Members can then check new applicants against this central database and, should a match occur against this applicant, further investigation will be carried out before a service is granted. Automatic rejection on the basis of a match is not permitted by the rules of membership. CIFAS is a data controller for the purposes of the Data Protection Act and has its own rules, which conform with the Act. We argue that that is a much better way of addressing the issues that the noble Earl’s amendment seeks to address. Central to the reason for resisting this clause is that none of the data sharing enabled by Clause 61 can be done without complying with the Data Protection Act. On this basis, the amendment is, I respectfully and gently suggest, unnecessary. We have given a clear exposition of the reasons why we think that data sharing is good; indeed, the noble Earl concurred with that view. We need safeguards; I concur with him. Those safeguards are properly set out in the Data Protection Act. I also say to the noble Earl that if it was part of the effect of this Bill that we were in any way undermining the safeguards provided by the Data Protection Act, making it more difficult to apply or disapplying it, I would feel the level of discomfort that he obviously feels. The whole premise on which the Bill is created is that the Data Protection Act remains, with its full bite, and that the commissioner has the same duty and responsibility in relation to these acts—and omissions—as he has in relation to any other data. That is a very powerful tool to prevent us from sleepwalking into the surveillance society that the noble Earl presented us with. I, too, remember the sagacity of Lord Williams; he is greatly missed by this House. However, on this occasion, it is likely that his view would rest with mine.