The next item of business is a debate on motion S4M-12491, in the name of Willie Rennie, on privacy and the state. I must advise the chamber that we are very tight for time for all of this afternoon’s debates, and I invite members who wish to speak in the debate to press their request-to-speak buttons now.
14:41
Liberals of all political parties and none have a healthy suspicion of Government’s voracious appetite for information on us and, indeed, every individual. Information is a powerful tool that, used in the right way, can help us; however, if misused, it can be intrusive and sometimes even dangerous. The purpose of today’s debate is to allow the Parliament to debate openly the complex issues that surround this important matter, and our hope is that this will not be the only time that this important topic is debated in the chamber and that all members of this Parliament will have opportunities in future to consider primary legislation and to ensure effective scrutiny of any changes. Unfortunately, the Government’s current intention is to restrict debate to one committee.
The motion’s simple aim is to put any such changes into primary legislation, not to determine whether the changes are acceptable or otherwise or whether they amount to an identity card system. All I am seeking support for is the suggestion that these proposals, should they advance, be put into primary legislation.
Let me explain why we are making this suggestion. The first reason is scale. The proposal has the potential to cover 120 organisations across the public sector, which matters because our current diffuse system of information storage contains an in-built protection from crime and misuse that would be lost if there were one super database that was shared across the public sector. We all know the problem with putting all our eggs in one basket or putting all our savings into one bank or business, and we should be cautious when the Government asks us to do the same now.
The second reason is the unique citizen reference number, or what is often called the persistent identifier. Yes, we have a unique number at the moment, but it is not unique across the public sector. Allowing all organisations to share one number means that we move from having a series of numbers to having a single, universal number and leaves open the possibility for information to be searched, profiled and mined. Paragraph 4.6 of the Scottish Government’s own principles of identity management, which were published by John Swinney just last October, states:
“If a public service organisation needs to link personal information from different systems and databases (internally or between organisations), it should avoid sharing persistent identifiers”.
The proposals seem to breach John Swinney’s own principles.
Thirdly, the current system operates on an opt-in basis, whereas in the new approach everyone’s address will be automatically included through the transfer of the community health index postcode into the national health service’s central registry. That means that no consent will be required for a person’s full details to appear on this universal database. By virtue of simply being born, a person’s details could be accessible by Quality Meat Scotland or even the Royal Botanic Garden Edinburgh. We would not be in control of our own information.
I have set out three reasons why the plans are flawed: scale, unique number and consent. There are other reasons, but those three should be sufficient to cause at least some doubt in the minds of Scottish National Party members.
I am pleased that the Conservatives, Labour and the Greens agree with our concerns, and I would be interested in the opinions of the independent members. I urge those who are considering backing the Government’s amendment to reflect carefully. If there is even a scintilla of doubt in their mind about what the Government is proposing, they should vote for our motion. Voting with the Government would give it permission to proceed with limited and inadequate scrutiny. The Scottish Government disputes the claim that what is being proposed is a precursor to an ID card. The problem is that, if there is an all-encompassing single database with one single number for each individual and no consent required, it is a simple process to produce a card with that number on it, stick a picture on it and then there would be an ID card. I think that everyone would recognise that as an ID card.
Will the member take an intervention?
Not just now.
We may not be there yet, but we are creeping towards that destination. If SNP members have any doubt, they should vote with us.
I am grateful to the Open Rights Group and the NO2ID campaign for the advice and support that they have provided to inform the debate. They have very real concerns.
The British Medical Association has expressed concern about the relationship between the NHS database and tax collection, which it fears may drive patients away. The Scottish Council for Voluntary Organisations wants the Government to think again. However, the submission from the United Kingdom Information Commissioner’s Office caused the greatest alarm. The UK information commissioner spoke of breaching European and British data protection laws, creeping towards an ID card system and the lack of reason and necessity in the Government’s plans.
Therefore, members do not have to take my word for it; they should listen to the other voices. Ignoring the advice of an independent information commissioner would be unwise for any member of any Parliament.
Very few are against cards that identify us. We need forms of identification to conduct our daily business. Our parliamentary card is an ID card, and my driving licence, bank card and Carnegie Harriers membership card—that is probably the most important of all—are all forms of identification and information. However, each one has a different number and each is stored on a different database. It is not identification that I oppose; it is the super ID database that concerns me.
Christian Allard rose—
Will the member give way?
Yes. [Interruption.]
Order, please.
Sorry, colleagues.
Does Willie Rennie agree that those who raised concerns about the UK identity card scheme, including SNP members and organisations that have engaged their concerns on the issue that we are discussing, did not principally raise concerns about the piece of plastic, but about the data system behind that and the ways in which it could be used? That is the point of similarity and the issue that we should be putting on the agenda today.
Patrick Harvie is absolutely right: it is about the whole system. It is not just about the bit of plastic; it is about the database behind that, because that is open to potential theft and misuse. Therefore, Patrick Harvie is right on the button. He is right to identify the whole system, not just the card.
At the start of the debate, the member talked about the debate not being about ID cards, but we are now hearing only talk of ID cards. I have an ID card with me. ID cards will not be imposed by any Scottish Government while the SNP stays in power. We cannot say the same thing about Westminster.
Can I hurry you along, please?
Is this debate about ID cards or not?
That is all I need: Christian Allard’s assurance. That gives me the greatest confidence that I could ever need to drop my motion. The reality is that he has more confidence in what the Government proposes than I do. The reality is that his Government is preparing a super ID database that is a step towards an ID card.
Members: Rubbish!
SNP members obviously do not agree with me on that, but if they have any doubts, they should listen to the protest groups. [Interruption.]
Order, please.
They should also listen to the privacy groups, the BMA and the SCVO, because they have doubts. Are their opinions no longer to count? If SNP members have any doubts, they should consider their position today.
I accept that the Government needs methods to authenticate that a person is who they say they are, because such methods prevent fraud and ensure that people get what they are entitled to. However, all that we need to do is to look south of the border, to what the Cabinet Office, working together with privacy groups has identified to create a system to—[Interruption.]
Order, please. The member is in his last 30 seconds and we must hear him.
We must work together with privacy groups to ensure that we have a system that is diffuse, that does not involve one single database and that our information is protected. For once, the Scottish Government should look to others for their advice and support.
My message today is simple: if members support the Government’s amendment, they will be voting to limit the scrutiny that the Government’s proposals will receive; but if members have doubts, they should express them by supporting and voting for my motion. Members do not have to agree with everything that I have said. They might reject some of the arguments that privacy campaigners have made and they might not even accept all the points made by the information commissioner.
You must conclude.
However, if members have any doubts, they should vote for our motion.
I move,
That the Parliament notes the Scottish Government’s consultation on amendments to the National Health Service Central Register (Scotland) Regulations 2006 and the concerns of privacy campaigners about those proposals; believes that these issues merit full parliamentary scrutiny, and therefore calls on the Scottish Government, if it wishes to proceed with this policy, to do so by means of primary legislation.
14:51
At the outset I want to make two points clear on behalf of the Scottish Government. First, I reiterate this Government’s unequivocal commitment to the protection of privacy. The Scottish Government took the initiative in 2009 to set up an expert group to develop identity management and privacy principles, and the group included privacy expertise and interests from outside the public sector. Principles were established in 2010 and updated in 2014, and they guide the policies of the Scottish Government. I am determined that we continue to lead good practice and act in a manner consistent with those principles.
Secondly, I make it clear that the Government will consider carefully all of the representations made during the recent consultation, and I confirm that no decisions have been taken on any of the issues. I can also confirm that privacy impact assessments will be a necessary prerequisite of any proposals that are advanced and must satisfactorily address the issues that have been raised in the consultation process. Decisions will be taken only after there has been full parliamentary scrutiny of any proposals that we advance.
In trying to give a proper assessment of the changes that we propose and to determine whether they should be pursued, it is important to consider the purpose of the changes. Our first purpose is to ensure that in delivering public services a service provider knows that they are dealing with the right person, recognising the public’s growing expectation that they will be able to access public services online. The service user must also be sure that he or she is not being mistaken for anyone else. The consequences of not authenticating identity appropriately can be significant for individuals, who could receive the wrong service or no service at all. Those checks will help to prevent fraud and identify theft and are intended to give confidence to those who use public services online.
Our second purpose is to help to identify those taxpayers who should properly be defined as Scottish taxpayers for the purposes of the Scottish rate of income tax. That is critical because it will help to crack down on tax avoidance and evasion and will ensure that the correct amount of tax flows to the Scottish budget to support our public services.
Those are our purposes in holding the consultation.
Will the Deputy First Minister give way?
Of course.
I am grateful to the Deputy First Minister for giving way and I was grateful to him yesterday for meeting, alongside me, some of the campaign groups, such as the Open Rights Group, that are concerned about the matters in question. Does he acknowledge that they did not seek to ignore or circumvent the purposes that he has described? They understand those purposes but argue that there is a better way of achieving them that does not give rise to the same concerns around data security and privacy.
I will come on to say a little about that in the course of my remarks.
Those are our purposes in holding the consultation. The question now becomes how we achieve those two objectives. Our consultation paper sets out that the most secure, accurate and privacy and user-friendly way to do that is by strictly controlled use of the national health service central register. I believe that that approach is preferable to contracting with private sector bodies to use a combination of their databases and public sector databases, and it is preferable to creating a new database. There is one thing that we are not doing—we are not under any circumstances creating a new database.
The register has existed since the 1950s and legislation strictly regulates its use, which is further protected by agreements that the Registrar General for Scotland puts in place. The register contains core facts about individuals who were born in Scotland, drawn from birth records, and individuals who have registered with a general practitioner. However, I stress that, despite the title of the register, it does not hold health records. The only health information that is recorded is whether a person has been treated for cancer, and that is only released for research purposes under strict anonymised controls.
Another important point is that use of the NHS register—if the proposals proceed—will not be a novel departure. Primary legislation that this Parliament passed in 2006—the Local Electoral Administration and Registration Services (Scotland) Act 2006—put the national health service central register on a statutory footing, provided for a reference number, which is now referred to as the UCRN, or unique citizen reference number, to be contained in the register and provided powers for the sharing of information. It also provided for secondary legislation to extend who could have access to information from the register. That legislation was put on the statute book by a Liberal Democrat minister, George Lyon.
For the past nine years, when an individual has sought a concessionary travel card, the register has been used to verify that individual’s identity. That has occurred under strict controls. The system has worked well, and what we now propose is that other organisations—central Government bodies that will provide online services—should also be able to check specified data. I stress the word “check”. Willie Rennie said that he accepts the need for Governments to undertake authentication work. That is precisely what is proposed in the consultation exercise.
Does the cabinet secretary not recognise and agree that he is going beyond what the original legislation proposed? In essence, by introducing the CHIP—the community health index postcode—to the NHS central register, he is going from an opt-in to a compulsory system. Does he not recognise that?
No, I do not recognise that, because this is about people who are trying to access online public services opting to have their identity verified to protect their identity from identity fraud.
The final question that I want to explore is why we should consider this approach. Having read a number of the responses to the consultation and met the Open Rights Group yesterday, I am very aware of the concerns that have been raised. As we address those, there are additional important points that I believe the Parliament must consider.
Next year, the Scottish rate of income tax will be introduced, and we also have the plan for full implementation of the Smith commission proposals. Next year, as a result of the introduction of the Scottish rate of income tax, our block grant will be reduced by approximately £5 billion, and we will be responsible for raising an equivalent amount in revenue. It is vital that we get implementation of the new income tax powers right. Following the transition period, every 1 per cent error—every 1 per cent of the Scottish taxpayer base that we cannot identify—could cost this Parliament’s budget £50 million or more. That is £50 million for public services such as schools, hospitals and the police.
The responsibility for implementing and operating the Scottish rate of income tax lies with HM Revenue and Customs and the UK Government.
You must conclude, please.
They have asked us to consider the issues that are raised in the consultation, and in the interests of good government I am doing exactly that.
I pledge to the Parliament today that I will work co-operatively across the political spectrum to ensure that agreement is reached. We will subject any proposals that we bring forward to wide consultation and to the full parliamentary scrutiny that was provided for us in the LEARS act in 2006, which was put in place by the Liberal Democrats.
I move amendment S4M-12491.2, to leave out from “if it wishes” to end and insert:
“to report back to the Parliament on its response to the consultation before outlining the further steps that it intends to take on this matter, consistent with its adherence to privacy principles and the Local Electoral Administration and Registration Services (Scotland) Act 2006”.
14:59
I draw members’ attention to my declarations of interest in respect of my membership of some of the organisations that I will refer to in my speech.
From the outset, Scottish Labour wants to say that it fully understands the intention and purposes of the Government’s proposals. It also fully concurs with the need to establish a Scottish tax database in order to ensure that the tax can be fully collected in Scotland for Scotland; we accept that point. However, we believe that the issues really should have been debated in a full debate in Parliament at a much earlier stage, because some people see the matter as being the first step in establishing a national identification system, and it is that single system that is a matter of concern. Our central concern is that the registration data that is given by patients as part of a freely entered into compact with the NHS is to be used for other purposes for which consent was never given.
Before I elaborate on that, I will review some history. As the minister said, some data has been used for other purposes—for example, verification of benefit applications. However, that is an example of a positive request for information, and authentication in that situation is important. The relationship between the privacy of the individual and the needs of the state is a current issue. In an increasingly electronic age, our citizens’ privacy is daily more undermined. Too often, information about us is obtained or used without our full knowledge and appreciation. The most extreme aspect of that was represented in the “Citizenfour” documentary, which made it clear how GCHQ undertakes widespread surveillance of all our digital communications. It is the first action of a centralising state to capture as much information as it can about its citizens.
The issue of privacy was the subject of a review in 2009 called “Database State”, which I recommend to members. The review was sponsored by the Joseph Rowntree Foundation and led by Professor Ross Anderson from the University of Cambridge. I request that the Government consult Professor Anderson on the issue, as he is a world leader on privacy issues. The report assessed the 46 existing databases across major Government departments and found that a quarter of all the existing public sector databases that were reviewed were almost certainly illegal under human rights or data protection law. More than half of them have significant problems with privacy or effectiveness and could fall foul of a legal challenge.
Britain is currently out of line with other developed countries, where records and sensitive data on matters such as healthcare and social care services are held locally. In Britain, data is increasingly centralised and shared between health and social services, police, schools, local government and, now, even the tax man. The benefits that are claimed for data sharing are often illusory, and sharing can harm vulnerable people, not least by leading to discrimination and stigmatisation.
At first sight, the Scottish Government’s proposal looks innocuous. However, the British Medical Association and the Royal College of General Practitioners believe that although consensual registration of postcode and address to the NHS number is appropriate and will enhance health data nationally, the accessing of that and the community health index number by a tax authority is inappropriate. They also believe that accessing of those by many of the other 120 agencies is surprising, to say the least. As Willie Rennie said, Quality Meat Scotland, Architecture and Design Scotland and VisitScotland could access the data. I certainly do not want them to have my information, although I understand from what John Swinney said what he sees as being the purpose of that.
The organisations that Dr Simpson has listed would not have access to the data. They would be able to check and verify with the registrar general the identity of individuals to ensure that they were able to access public services, but they would not have access to the information.
Dr Simpson, you are approaching your last minute.
I do not want to be misunderstood; I am not suggesting that those organisations would have access to my NHS data. I accept that they would not. However, if someone gives permission for their authentication details to be used for one purpose, I do not think that it is appropriate for those details to be used for another purpose without their consent.
Willie Rennie also mentioned Ken Macdonald, who has said that the proposals could be in breach of the European rules. That is a very serious statement for the assistant information commissioner to make. He has called for a privacy impact assessment, so I welcome John Swinney’s agreement that that assessment will be carried out. Mr Macdonald has also said that use of a national identifying number—for whatever apparently positive purpose—must be
“subject to a proper debate”,
and he has cautioned against the
“creeping use of such unique identifiers”
that should
“not just happen by default”.
The BMA feels that that would undermine patient confidence in and people’s relationship with the health service.
If the NHS electronic data was totally secure and private—I accept the point that that is not what people will apparently have access to, but they will have access to the community health index number, and the CHI number is being increasingly used in relation to access to NHS data—
I am afraid that you are over time.
I took one intervention. Can I just have two seconds more? I have one more paragraph. It is important.
In NHS Lothian, over a two-year period, there were 794 breaches of inappropriate access to electronic data. The NHS system is not fit for purpose. It does not meet the European requirements under the I v Finland case. Therefore, we have a situation in which, by using people’s unique identifier, others can maliciously access NHS data.
You must close, Dr Simpson.
Linking one identifier with another is extremely dangerous. The topic needs a full debate.
I move amendment S4M-12491.1, to leave out from “and the concerns” to end, and insert:
As an amendment to motion S4M-12491 in the name of Willie Rennie (Privacy and the State), leave out from “and the concerns” to end and insert “; notes the concerns of the British Medical Association Scotland and the Royal College of General Practitioners that sharing personal information registered for health purposes with the government for the identification of income tax payers in particular would seriously undermine trust between doctors and patients, with the result that patients may feel reluctant to seek medical help from their doctor; notes also the concerns of privacy protection campaigners such as Liberty, Big Brother Watch and the Open Rights Group that allowing information to flow between health and tax agencies sets a dangerous precedent; believes that NHS identification should only ever be used for other purposes with express and informed consent; recognises the need for identification of all citizens who will be required to pay tax in Scotland; believes that the current proposals should be halted, alternative options should be sought and that the Scottish Government should consult further, and further believes that any future proposals should be subject to full parliamentary scrutiny and primary legislation.”
If members go over time, it will have to come out of back-bench or closing speeches. I cannot magic up time.
15:05
I thank Willie Rennie for bringing the issue to Parliament.
This is a wider debate about the role of the state and how far its power should extend. If we look back throughout history—it does not matter when, whether it was the age of the ancient Greeks or the disputes between people such as Thomas Hobbes and John Locke in British philosophical history, or whether it was people trying to rebuild our democratic traditions after two world wars—we see that this is an important issue. Indeed, it is as relevant today as ever, as Willie Rennie’s comments have shown.
The proposals relate to the possible changes to the national health service central register, which makes it a serious issue. Willie Rennie is quite right to say that it deserves the full attention of the whole Parliament. Indeed, given the very strong concerns that have been expressed by the information commissioner, the British Medical Association and the Scottish Council for Voluntary Organisations, I do not think that any party in this chamber could possibly argue otherwise. Therefore, the Scottish Conservatives will support the motion to have the matter properly debated in Parliament, and we will also support the Labour amendment.
Let us be clear that there are understandable aims behind the work: to improve the quality of data, which is an increasing part of our lives as Richard Simpson rightly said; to help to trace missing persons or vulnerable children; and to facilitate online access to data, to name but three. However, it is what goes beyond that has become so controversial, as was so ably set out by Willie Rennie.
The Open Rights Group has made it very clear that it believes that the unique citizen reference number is not a randomised number as the Scottish Government has claimed, and that the proposals to expand the right of identification of data to 120 public bodies instead of the current constraint to limit data sharing to the NHS and local authorities would, in effect, be one step closer to an ID card, even if it is not an ID card as such.
In particular, the diminished role of consent of the individual disturbs us most. John Swinney claimed this morning, and said it again this afternoon, that there would be a guarantee of privacy. He was very sincere about that. I can accept that he genuinely believes in that principle, but people are not fully convinced in practice for exactly the reasons that Patrick Harvie mentioned.
As soon as the actions of the state are directed too much in favour of compulsion and the laws lack public consent, the exercise of personal, social and moral freedom is necessarily inhibited. That should worry us all. That is why the Westminster Government, after a long and controversial debate, decided not to introduce ID cards. I have the transcripts of debates in this Parliament in 2005 when national ID cards were being considered and those from the House of Commons and House of Lords from the same time, which show why the proposals were eventually rejected. We need to be extremely careful not to do something that would involve a back-door movement towards ID cards in Scotland.
The trends in western democracies have been towards a more liberal attitude in social policy, and philosophical tensions about the role of the state have grown stronger. That is a contradiction in the SNP’s policy outlook. It is quick to tell us that it whole-heartedly espouses a liberal democratic tradition and that it will do much more to increase our personal freedoms by promoting greater equality and social justice, but over the course of its majority Government since 2011, the SNP has bordered on becoming much more paternalistic and is oriented towards the role of the state. That is another reason why I feel—
That is rubbish!
That comes on the back of legislation about named persons and a whole lot of other things. [Interruption.] It is absolutely the same thing. It is a prime example of pushing the boundaries of the state too far. It is symptomatic of a Government that I think has become overly intrusive in people’s lives. That is yet another reason why the issue must be looked at extremely carefully. We fully support what Willie Rennie has proposed in his motion. The Government’s proposals must be debated and that process must involve the full scrutiny of Parliament. We are also happy to accept the Labour amendment.
We come to the open debate. As I indicated at the start of the debate, we are very tight for time. Speeches should be of a maximum of four minutes, and any interventions must be taken within that time. Members know that I am not in the habit of cutting off microphones, but I am afraid that I may have to this afternoon.
15:10
This should be a very thoughtful debate rather than a party-political one, but I am afraid that Liz Smith’s contribution drifted into that area.
I ask myself whether the data is necessary, what its purpose is, whether it is sufficiently limited, whether the data is secure, and whether the proposals will command public support. I welcome the consultation that has just closed. I understand why the Liberal Democrats decided to have a debate on the matter, but it is early doors—there is some way to go. I notice that the Government’s view is not set in stone. I was a wee bit surprised to discover that as many as 120 organisations might have access to the data, but I expect that that may evolve.
This is new territory. I do not think that many members of the public understand that there is an NHS central register; they do not know about it. I did not know that National Records of Scotland is the public body that maintains and owns it. At the moment, only about 30 per cent of the population are on the register. I note the fact—which I think is significant—that it does not hold anyone’s records; it holds names, addresses and dates of birth so that records can be properly moved about.
I think that we all accept that we need a robust and fair database that can be brought up to date for the purposes of gathering income tax in Scotland. The collection of data is necessary, but whether we are using the right source might be open to argument. At the moment, local authorities and health boards use the NHS central register, but that arrangement is subject to individual agreement, so it is not a complete picture that is provided.
As has been mentioned, every one of us has a community health index number. Although many people do not know that, it is something that provides a link to the individual.
That is the second time Christine Grahame has mentioned low levels of public awareness. There is also the question of public perception. Does she agree that that can best be addressed by having the fullest debate further down the road, as per the Lib Dem motion?
I do not think that it is news to any member that members of the public do not know that they have a CHI number and do not know about the central register. That is a fact of life. People do not know that when they go online Tesco can ask them whether they want their favourite groceries and it will come up with everything that they buy every week. People hold data all over the place that we are unaware of.
I understand that the crux of the matter is the centralisation of the information that is currently held by health boards. Another issue is security in holding that information. The argument about security is a reasonable one to make, but I do not have such a problem with centralisation. Some years ago, I got a letter from Her Majesty’s Revenue and Customs that said that my tax was to go up because I was getting the state pension. I had not even applied for it, but the Department for Work and Pensions had been in touch with HMRC. Many Government agencies know what we are up to. There is now no need to tell the Driver and Vehicle Licensing Agency whether you have insurance—it can tell because it is in touch with the insurers. Such interlocking arrangements are already in place.
At issue is whether the data that is collected is necessary, whether it is secure and whether, in the internet age, it enables individuals and the state or the Government to function properly.
You must draw to a close.
Privacy is not absolute. There is a duty on the citizen to meet their tax obligations, so they will be required to surrender some privacy, as we already do for income tax and national insurance, to enable the state to function.
15:14
We all accept that there is a variety of reasons why Government must hold certain data about its citizens. It helps us to administer pensions, benefits, the welfare system and, as Christine Grahame said, the tax system, which is after all our subscription to society. It can help to keep people safe. In the case of the NHS central register, it allows patients’ medical records to follow them as they move around the country, or in and out of the armed forces, or in a variety of circumstances.
Willie Rennie was quite right to say at the beginning of his speech that that there are plenty of valid reasons why Government should keep important and necessary data, and it is important to say that that is not being disputed today. Nor would I dispute that stored data can be, and often is, put to a greater use. The Deputy First Minister mentioned some of the medical research that flows from the central register, and we would support that.
The key point is that all that activity must be properly regulated to protect people’s privacy and civil liberties. There are a number of questions around that, including who has access and why, but the fundamental point is how much data is held on a single database and how much sits on separate systems, because that is one of the fundamental protections. The public must have confidence in the laws and regulations that govern the use, storage and sharing of their data, and we need to know that public consent to changes in the way in which their data is used exists, because we need to satisfy ourselves that changes are fair and transparent, even if they are simply for checking and verification purposes.
Emails that I have received from my constituents in Glasgow certainly suggest that there are a lot of people out there with serious concerns about the changes that are being proposed, and that level of concern warrants the issue being raised in Parliament, so I thank the Liberals for bringing the debate to the chamber today. We all experience the frustration of the short speeches that you will rightly keep us to, Presiding Officer, but I think that we need to come back to the issue and have a much fuller debate.
I hope that we can all agree on the fact that concerns about privacy and liberty, whether or not the Government agrees that they are valid, must be fully addressed before we proceed any further, so I support the amendment in Dr Simpson’s name.
The Scottish Government has been keen to stress that the changes that are proposed are limited in scope and would be for specific purposes, one of which is that the new arrangements would help the Scottish Government to identify Scottish taxpayers as the Parliament gains a new raft of tax powers. We can understand that, but we need to pay serious attention to comments such as those made by the British Medical Association, which is deeply concerned about the use of central register information to identify taxpayers and is urging the Government to consider an alternative source of data. The health profession is warning the Government not to use a health database to support tax collection, because it could deter people from registering with their GP and could damage the relationship of trust between people and their doctors. Others, such as Ken Macdonald, have commented on issues that need to be taken seriously by the Government if we are to prevent a national identity database emerging by default.
I welcome the time that we have had to discuss the issue this afternoon. I have certainly supported my constituents when they have contacted me about the issue, but I remain convinced that the changes are substantive and must be subject not only to a full debate in this Parliament but to a broader national debate in the country, and to the most rigorous possible parliamentary scrutiny. That is the message that I wish to convey to the Government front bench today. We need to come back and look at the issue in greater detail.
15:18
I am delighted to participate in this debate. It is always a pleasure to have the opportunity to respond to Liberal Democrat members who want to compare the actions of the SNP Government with those of the Westminster Government. Maybe the Deputy First Minister would not be happy about it, but I would be delighted to make it a political debate, because I have political views about it.
We are now living in a modern world with a lot of services available on the internet, and we want our public services to be available on the internet. There are two ways of dealing with that modernisation. We can either do as the Westminster Government does and give everything to private companies to handle, or do as the SNP Government does and ensure that it stays in public hands and is controlled by the public sector.
Christian Allard will recognise that Atos, which is from France, supplies community health index number services to the NHS in Scotland along with a range of other private organisations. What is the difference?
As soon as you say Atos, I cannot do other than finish off the point. Atos is a French company that your Government at Westminster used.
Speak through the chair, please.
Atos thought that what it was asked to do was so dismal that it had to renege on the contract. It bought itself out of the Government contract. It is incredible that Willie Rennie uses that example.
Let us talk about identity cards. I happen to have an identity card, as I am still a French national. I am the only one in the chamber to have an identity card and let me tell Mr Rennie that I intend to stay the only one to have an identity card. The debate is not about identity cards. The SNP Government will ensure that there are no identity cards.
Ken Macdonald, the assistant information commissioner for Scotland and Northern Ireland, wrote that the Data Protection Act 1998
“requires that all data controllers must ensure that personal data shall be accurate and, where necessary, kept up to date. Although the”
NHS central register
“is the most authoritative record of individuals in Scotland, elements of the Register are not complete (for example, address information is only held for around 30% of the population). By adding the Community Health Index Postcode (CHIP) to the NHSCR and by matching and sharing both it and the Unique Property Reference Number, it is anticipated that the quality of the Register and the records held will be improved.”
That is the point.
We can compare the SNP Government’s proposal with what is happening down south. For example, Royal Mail has been privatised under the Liberal Democrat and Tory Government. Royal Mail, a privatised company, holds UK contact and address data—29 million business and residential postal addresses—so there is a great contrast between the Westminster Government and the SNP Scottish Government.
It is important that we protect the national health service as much as possible from globalisation. Many MSPs asked about foreign nationals who use our health service. The Government’s proposal will help to ensure that foreign nationals pay their health service bills. I remind the Liberal Democrats that they might want to pay their bills, as they have not paid their Police Scotland bill.
Our public services must be protected and I encourage members to vote for the Government amendment.
15:23
I am grateful for the chance to participate in the debate and congratulate the Liberal Democrats on bringing it to the chamber. I agree with the basic argument that, if such a change is to be proposed, it should be subject to primary legislation and the full scrutiny that that implies. I also welcome Richard Simpson’s amendment.
I do not agree with every word that has been spoken in criticism of the Government’s proposals—for example, Liz Smith might not be surprised to learn that I do not fully endorse elements of her speech—but that demonstrates the breadth of different perspectives that are expressing similar concerns on the matter.
There are people who try to draw a connection—a rather tenuous one, I think—with measures such as the named person scheme, which I do not agree with. There are people who come from a traditional liberal perspective, which is a different part of the political spectrum from mine. There are people whose antistate agenda sometimes borders on paranoia.
SNP members have raised concerns about the proposals as well. There are Labour members who might have voted against their Government’s bill on ID cards in session 2, others who might have voted in favour but uncomfortably so and others who have changed their position since.
There are the Information Commissioner’s Office, the Open Rights Group and some people whose analysis comes from a frankly technical and almost geekish point of view.
Such a broad range of different perspectives is leading many people to the same concerns, which we should take seriously. From all those different perspectives, I have heard no one suggest that the Government’s policy objectives—ensuring, for example, that everyone who is due to pay the Scottish rate of income tax pays it—are not valid or not important. The objectives are important. The argument here is that there is a better way to deliver on those objectives, which does not create a single unique identifier that covers the whole breadth of Government relationships and agencies—that, in effect, creates a single point of failure. If an error is made in that single, centralised system, whole aspects of our lives could unravel as a result.
The single point of failure is one of the crucial criticisms in the Open Rights Group’s briefing. The group ends the briefing, which I commend to members who have not had a chance to read it, by asking whether there is an alternative. Yes, there is a better way to do this—an opt-in authentication service. No personal data need be stored, but it would allow the user to prove their identity to public and private bodies without having to provide their passport and utility bills. It would reduce the scope for identity theft or fraud and make life easier for users without providing that single point of failure.
I think that the Deputy First Minister was listening seriously to those concerns in our meeting yesterday and I encourage him to be open to those alternative approaches. We can learn from them and be informed by them. We do not have to replicate absolutely everything that the UK Government is doing.
I have one request to make of the Deputy First Minister. I welcome his statement that there will be a full privacy impact assessment, and I welcomed it when he set up the privacy management group, which was informed by a wide range of external experts, including people such as Jerry Fishenden, Gus Hosein and Charles Raab. I ask him to please ensure that that privacy impact assessment is conducted by that external group of experts, not by civil servants, because many of us are concerned that it is not SNP policy that has brought this proposal here; it is long-standing civil service policy that has gone through changes of Government. It is the job of the Parliament to stand up for principles when the civil service tells us, “Minister, this is the only way to do it.” It is not the only way and I hope that the Government will think again.
15:27
I will say at the outset that I vehemently oppose the implementation of an ID card system of the type that has been proposed previously in another place. We should be proud to stand up for civil liberties without any hesitation and I would certainly not support such legislation if it was being proposed.
Since the preamble to this debate kicked off the other day in the media, I have heard some astonishing things said on the subject, including “slippery slopes”, “Big Brother is watching”, and “the end of democratic society as we know it”. Then I got sight of the motion, which—to be fair—is written in a reasonably temperate form of words, talking about concerns and debate. I see nothing unreasonable about the amendment in the name of John Swinney. As the Deputy First Minister has pointed out, if we are to have a broad use of services online, some form of information has to be shared across various public bodies and there has to be some way of identifying clearly that the subject of the ID process is the recipient of the service.
This morning, oddly enough, I was at a meeting at the Scottish Fire and Rescue Service asset resource centre at Newbridge, in my constituency. At that meeting, senior fire officers and others were discussing how the service would be run in the years ahead. Much of the work that the service will be doing will be under the preventative strategy and that, of course, crosses into, among other things, health and social care issues, such as when a pensioner is discharged back home. The risks may be obvious—possibly the pensioner is a bit wobbly on their feet, so a safety assessment could be asked for. Is there any reason why some sort of online request—from the recipient or from others—could not be made to the Scottish Fire and Rescue Service? That is not easy to do at present and, of course, work has to be done if we are to preserve civil liberties while producing a modern system that works. However, whatever happens, an ID has to be made.
More and more, we are using online services and, in many cases, old methods are simply not up to the job. We are moving into areas where speed of decision making is imperative and of course there is also the idea of it being cost effective.
With the Scottish income tax, a database may be one answer to the problem of how to identify a Scottish taxpayer. I know that many of the members of the Parliament’s Public Audit Committee are concerned about how tax collection is audited, given that Audit Scotland does not have a primary role in the audit function. We could find some comfort in at least being able to identify Scottish taxpayers, which will mean that we can work out roughly whether the numbers match up with the snapshot that is produced by HM Revenue and Customs.
I find it very strange that Willie Rennie complains about the way in which the Government has dealt with the subject. It is quite clearly just seeking to add to the legislation that George Lyon introduced some time ago. Members may call me a cynic if they like, but surely even Willie Rennie can see the hypocrisy in that.
We are dealing today with a consultation introduced by the Scottish Government. Different views will be brought forward; work will be done by ministers and civil servants—yes, civil servants—and an agreement will, one hopes, be reached among the parties.
There is no new super database being proposed. It is too early, in my opinion, to make a huge song and dance about the subject before we see the proposals. I say to the Liberal Democrats that the tactic of manufacturing a crisis so that they can run a campaign against it is one that we see regularly in my constituency, and it really is a bit much. I ask Liberal Democrat members why they do not act responsibly, and debate the facts rather than a worst-case scenario that will not happen.
I support the motion in the name of the Deputy First Minister.
15:31
Today’s debate has been important, but its brevity means that it is in itself not a sufficient consideration of the issues that are before Parliament. The Scottish Government appears to be standing alone in its attempt to persuade us that the proposals are not worthy of the full scrutiny of the legislative process.
Willie Rennie set out the argument in speaking to his motion. The key point is that we are moving from an opt-in system to a compulsory system with no consent and no proper knowledge or understanding of what is taking place. As Richard Simpson identified, there is a crucial difference between someone opting into something and someone finding that they have been opted into something without their knowledge.
I might have doubts about what the botanic gardens could do with the information that would be of insidious danger to individual citizens, but that argument misses the point. The point is that 120 public bodies are being offered the information, and we should be proceeding only through primary legislation.
Christian Allard has tried to intervene on a number of occasions, brandishing and waving about his ID card and telling us that there is no question of any ID cards following from the proposal.
Christian Allard rose—
I have no doubt that, historically, all those Frenchmen who marched for liberté, égalité, fraternité were told the same thing—that there would be no identity card as a result—and yet Mr Allard is the living proof that the long arm of the Élysée palace reaches down to the billet-doux à la France in Mr Allard’s pocket, which he was forced to wave before us.
Mr Swinney was in his most defensive mode. In all the years that I have spent in the Parliament, I have never seen him scrambling up the ice without a pick and looking quite so rattled. When we see the Deputy First Minister being deployed in full sincerity mode rather than taking the usual belligerent ministerial approach, alarm bells ought to ring.
The expostulations from Roseanna Cunningham and the other SNP ministers on the front bench made me think of one thing: the arrogance of power. It happens to all Administrations. The longer ministers are in office, the more they believe in the centralisation of the state and in the need for them to have the information that they require to be in control.
The SNP does not appreciate the irony. After eight years in government, it is doing exactly what, in all its years in opposition, it used to rail against every other Administration for doing.
We also heard from Mrs Grahame—
Mrs?
Ms Grahame.
We heard that the issue must not be party political.
Christine Grahame rose—
Ms Grahame does not come naked into the chamber without form before her. Had any other Government proposed the same thing, she would have been throwing her jewellery at the ministers.
The member has woken me up.
Ms Grahame cited the Tesco scheme, which is a perfect example of people opting in rather than being compulsorily enrolled in the Tesco information database.
Will the member take an intervention, please?
Ms Grahame said that the key test should be necessity. What necessity is there for the botanic garden to have all that information?
Excuse me—will the member take an intervention?
Jackson Carlaw is in his last minute.
I commented that I wondered whether it was appropriate for 120 organisations to have access and that I did not know that I had opted in to HMRC, the DWP and Tesco.
Yes, but the member obviously feels that the botanic garden’s need for the information is so great that she is prepared to support the Government’s approach this afternoon.
When I hear the excuse that we live in the modern world, I shudder. If, in decades past, the online scenario had been before people in other countries and under other regimes, would they have favoured the Government’s approach? I rather think that they would have. It is essential that parliamentary democracy prevails, that the matters are fully debated, that light is thrown on them and that a proper discussion is held on the direction that our country is taking. That is all that the motion asks for.
We want primary legislation and proper parliamentary scrutiny. The Government might have laudable intentions—as Patrick Harvie, we and others accept—but it cannot hide behind that fig leaf and argue that there is no major change. That point is no longer tenable.
15:35
The proposals for sharing information that is held on individuals in the national health service central register with a wide range of organisations caused increasing concern as the consultation drew to a close. We have heard about submissions from the BMA, the Royal College of General Practitioners and the UK information commissioner. They are not politically biased; they have genuine concerns that we need to listen to.
As Drew Smith pointed out, the NHSCR’s current purpose is to permit the movement of medical records—for example, when a patient moves and transfers their records from one GP practice to another. Each patient has a unique citizen’s reference number, to ensure that they have only one set of medical records, which is clearly to the patient’s benefit. At present, the NHSCR does not hold postcode information, although National Records of Scotland has that information, which is provided by health boards. I think that that relates to the CHI number.
The consultation document proposes adding address postcode information to the unique property reference number that the NHSCR already holds and permitting that to be shared with local authorities and health boards. Christine Grahame made a valid point about the amount of information that Tesco manages to glean about us when we do our shopping with our loyalty cards, but I doubt that Tesco is sharing any of that information, particularly with other supermarkets. I have always found it slightly worrying that Tesco might share information with the health service, which could find out whether people are buying alcohol or sweetened drinks, but I do not think that Tesco shares any of that information.
The proposed changes to schedule 2 to the National Health Service Central Register (Scotland) Regulations 2006 would allow the sharing of all the information, including postcodes and address codes, with health boards in England, Wales and Northern Ireland. Practising solicitors and charitable bodies could be advised that the information is contained on the register—they could not be given it, but they could be told that it is there—and the full name, gender, date of birth, postcode and address reference code could be provided to HMRC.
That puzzles me slightly, because I always thought that we all get a national insurance number when we get old enough to take up employment, and surely that number plus possibly the obligation to say where we live would be enough to tackle the issue of HMRC knowing who should have a Scottish tax code.
As others have said, the proposed new schedule 3 to the 2006 regulations covers 120 organisations, including the Scottish Parliament. It would allow those organisations to find out about information
“that has been provided by a body or person specified in Schedule 3 but does not match that information.”
I do not know whether that would mean that those organisations could check that the information that they have is correct or whether they could just check whether somebody else has the information.
I understand the Scottish Government’s rationale for wanting to extend myaccount—the online public services system that is used in local government and the health service. I use the equivalent UK Government system for taxes, and it is useful to be able to do that. However, the question is whether, if I do that, someone else can check all sorts of information. What does that have to do with Prestwick airport, the Forestry Commission or the national parks? If I use myaccount to book something in a national park, does that mean that somebody else has the right to know my information? I do not understand the rationale behind that.
I agree with the Government that we want to ensure that all Scottish taxpayers pay their income tax in Scotland.
I regret to say that you need to close, please.
That is important, but we do not need to make the proposed changes to achieve that. The issues that a number of organisations have raised are sufficiently serious to mean that the changes must not slip through as amendments to the 2006 regulations.
I regret to say that you have to close. Perhaps you did not hear me earlier.
We must discuss the issue in Parliament in full so that we have the reassurance that we require on the issues.
15:40
The debate has been a useful opportunity to discuss issues on which, as I said in my opening speech, the Government has taken no final decisions. We have had about 300 responses to the consultation, which closed last week, and the Government will consider all of them and reply accordingly, as my amendment suggests.
There is some fundamental misinformation at the heart of what colleagues have shared with Parliament today, and I will address some of that now. I accept that the list of public bodies is significant and comprehensive, and there is certainly plenty of scope for us to consider whether every one of those bodies needs the ability to access the proposed identity verification, which I will consider in the consultation exercise.
However, the proposal at the consultation’s heart is to enable a range of public bodies to do exactly what local authorities do when verifying whether people wish to have the concessionary bus pass. That is what is happening. In response to Dr Elaine Murray’s point, I say that no more information is retained; there is simply a mechanism for checking whether the person is who they say they are, to enable them to do whatever they want to do online with public services.
We are not creating a new database. Willie Rennie has been putting out press releases left, right and centre about the colossal cost of all this, but all that is proposed is that, when an individual’s postcode is not on their NHSCR record, it will be added. That will be it. The postcode is all that will be added to the system, to enable higher-quality verification that an individual is who they say they are.
I accept the sincere way in which the Deputy First Minister has addressed the issue, but it is about more than that. There is such public concern because there is one single database.
The issue has been around since the 1950s. In 2006, under the previous Liberal-Labour Executive, Parliament put the NHSCR on a statutory footing in the Local Electoral Administration and Registration Services (Scotland) Act 2006. What did my parliamentary colleagues at the time think that they were voting for?
Not one database
.
I see Tavish Scott waving at me. If he wanted to make an intervention, it would have been nice if he had been here to hear the debate.
The postcode is what will be added to the NHSCR.
The next question is about tax collection. HMRC has asked us to consider whether this would be a practical way of proceeding. I accept the points that health service bodies have made about the questions and I do not want to put off in any way anybody registering with their GP. However, people come on to the NHSCR as a consequence of being given an NHS number when they are born in Scotland’s hospitals, and when people register with a GP, they become part of the NHSCR.
This is all about ensuring that we can properly identify who should pay the Scottish rate of income tax, because I do not want anybody who should be paying the Scottish rate avoiding it. That money is due to be paid, to support the public finances of Scotland, and it will become ever more significant in the years to come.
I do not want people to be able to avoid paying the Scottish rate of income tax any more than the Deputy First Minister does, but does he at least accept that the proposal to have a single unique reference number across a range of functions appears, at least on the face of it, to breach his own privacy principles, and will he ensure that the privacy assessment is conducted by the experts who drew up the principles?
The privacy assessment will be carried out properly and appropriately, and I do not believe that the proposal breaches the data privacy principles that we set out.
I obviously irked Jackson Carlaw by trying to have a reasoned debate in Parliament. Maybe I should just make a hysterical contribution to Parliament—on that basis, I would compete with him for the most colourful contributions.
The reason for my approach is that I think that the public are being fundamentally misled by a lot of the things that are being said. I wanted to dispassionately provide clear information in Parliament. Mr Carlaw might shake his head and say that nobody has been misled, but I will share two things with Parliament.
Last night on television, Mr Rennie said:
“I mean, nobody has ever said that it’s about accessing ... NHS personal information.”
It is regrettable that, at 4 o’clock on Tuesday—yesterday—he put out a campaign email that said:
“The plans would mean civil servants from 120 public agencies accessing a database which includes NHS records.”
That is purely nonsense—absolute, shameful, total nonsense from him.
Willie Rennie rose—
I ask Mr Swinney to draw to a close, please.
Can I give way?
Yes, but the comment must be brief.
Can the cabinet secretary not see the difference between records and personal information? I drew that distinction, which he has failed to draw. That reflects poorly on him.
I know precisely what Mr Rennie is doing. He is trying to scaremonger because he has run out of road on every other issue.
You are in your last 10 seconds, Mr Swinney.
The Government has said that it will listen carefully to the points that have been made. I had a perfectly constructive meeting with the Open Rights Group yesterday. It has raised issues that are entirely worthy of consideration, as have the health organisations and the information commissioner.
However, the information commissioner correctly identifies to Parliament that the LEARS act was passed in 2006 to put the NHSCR on a statutory footing and that the registrar general’s ability to give access—in order to verify information—to a wider range of bodies was provided for in a regulation-making power that was presented to us by the then Liberal Democrat minister, who was the member for Argyll and Bute.
You really must draw to a close.
We are operating within the confines and the arrangements that Parliament has legislated for, but I assure members that I will come back to Parliament and we can have all the debates that we want about how to take forward an issue that has practical implications for protecting the taxpayer base of Scotland and access to our public services.
15:47
As Liberal Democrats we are pleased to have used our time in the chamber to debate privacy and the state. We welcome whole-heartedly the support of other opposition parties and hope that the SNP will reflect on the strength of feeling expressed. Willie Rennie, Richard Simpson, Liz Smith and Patrick Harvie have clearly and coherently set out the risks and what is at stake, which is more than can be said for Christian Allard in his contribution.
Liberal Democrats will always strive to seek a fairer balance between individuals and the Government at every level. We have led the debate time and again in council chambers, at Holyrood and at Westminster. We introduced laws governing DNA retention, we stopped plans for a snooper’s charter and we abolished the intrusive ID card system.
Some members here may recall the debate on ID cards that was held in this Parliament in 2008, during which Fergus Ewing, then Minister for Community Safety, lauded the warning of the information commissioner.
Will the member take an intervention?
The then information commissioner said:
“The more databases that are set up and the more information exchanged from one place to another, the greater the risk of things going wrong. The more you centralise data collection, the greater the risk of multiple records going missing or wrong decisions about real people being made ... Put simply, holding huge collections of personal data brings significant risks.”
Ministers ought to reflect on those previous anxieties. In 2008, the Scottish Government told us that it was
“finding ways to share personal data securely and with the strictest controls without creating a large centralised database.”
Today it is an altogether different story. Back then, the minister urged us to look to Germany, where—I quote Fergus Ewing again—
“the use of unique ID numbers and the storage of personal data on a central register are prohibited.”—[Official Report, 19 November 2008; c 12501.]
Today, the Scottish Government is advocating the wholesale use of unique identifiers, and in ignoring its own warnings, it could compromise the privacy of each and every one of us.
The Deputy First Minister referred to the fact that George Lyon introduced the 2006 act. Indeed he did; but, as Willie Rennie highlighted, the proposed repurposing of this register is fundamentally different from what could have been envisaged then, because it is shifting from an opt-in to a mandatory system and it is a unique single identifier system. In 2006, there was never any suggestion that anyone would seek to extend the scope of the NHS central register to allow access to 120 bodies.
If that was the case, why was the provision put in statute for access to be extended by regulation-making powers?
Because it was hard to envisage how things would have moved on at that time. What we are saying now is that, if civil servants are suggesting that this is a good way forward, it is time to say, “No, let’s do this by primary legislation.”
Will the member give way?
The member is not giving way at this time, Mr Doris.
Colin Keir and others expressed a narrow definition of privacy but, rightly, privacy campaigners such as the SCVO, NO2ID, the British Medical Association and many more have spoken out. On Monday, the frank and deeply critical verdict of the Office of the Scottish Information Commissioner was revealed, and it bluntly warned against
“the creeping use of such unique identifiers”
as the proposed UCRN, which could become the national identity number “by default”. It concluded that the proposals could breach the Data Protection Act 1998 and the European convention on human rights because they entail a shift away from the current model, which is based on consent and opting in, and move towards what is, in effect, a compulsory system. It said:
“The case has not been made as to why these organisations need our data and the required privacy impact assessments have not been carried out.”
We should be alarmed that the consultation on extending access to the central register has got this far when it was not accompanied by these assessments and did not set out alternative solutions, additional security arrangements, costs or a timescale and it lacked an analysis of the social, financial and technological implications of the scheme, which meant that people have not been able to respond properly to the consultation, which was a limited one.
The Scottish Government has done nothing today to dispel those reasoned and principled concerns.
Will the member give way?
I have no time.
As Willie Rennie pointed out last October, the Scottish Government published the Scottish Government’s principles for identity management, which quite clearly says that
“Large centralised databases should be avoided”
and that, if a public service organisation needs to link personal information from different systems and databases,
“it should avoid sharing persistent identifiers.”
Less than six months later, in pursuit of nothing more than administrative expediency, John Swinney has turned his back on those principles.
Of course we need the means to verify our identity, and the Government must be able to authenticate that in order to prevent fraud or establish entitlement. However, aggregating our personal information to the extent that is proposed, and the universal use of the unique citizen recognition number across the public sector is unprecedented.
Linking databases in that way is dangerous and illiberal because it opens up the possibility of tracking and mapping access to public services from birth. Powerful data mining and profiling would become conceivable. The aggregation of small bits of seemingly innocuous data to build a picture of an individual child or an adult while barring people from knowing what the state knows or, indeed, being able to correct errors in that data—[Interruption.]
Interventions from a sedentary position are no more welcome today than they have ever been.
Professor Solove, an internationally known expert on privacy law points out:
“Privacy is often threatened not by a single egregious act but by the slow accretion of a series of relatively minor acts. In this respect, privacy problems resemble certain environmental harms, which occur over time through a series of small acts by different actors. Although society is more likely to respond to a major oil spill, gradual pollution by a multitude of actors often creates more problems.”
The UK Government has specifically ruled out a national database on five separate grounds, including fears of national surveillance and risks to the security of a single database. As Willie Rennie highlighted, it is pioneering alternative approaches that avoid costly and unwieldy super databases.
A string of data breaches has eroded public confidence in the ability of the state to store and handle our personal information sensitively and responsibly. Personal information is regularly lost by the NHS. It is found on memory sticks in hospital car parks; it is left on public transport; or it is sent to the wrong address. There were more than 800 such NHS incidents between 2009 and 2013. Councils lost data on 360 occasions during the same period. The Scottish Government now proposes to allow 120 public sector organisations access to our personal date via the enhanced and augmented central register. Why?
Will the member give way?
The member is in her last minute.
We need to know why information should be disclosed to each body. The merits of every claim to our personal data must be interrogated and not granted on a whim.
Secondary legislation is intended to establish comparatively minor technical details, and the repurposing of this database is anything but minor. The risks are great, and this afternoon’s short debate has served only to highlight how much more patently still needs to be evidenced and explored.
The issue must be the subject of the most meticulous scrutiny, meaningful engagement and a vote of our entire Parliament. Only primary legislation can prevent the creation of a shadowy, sweeping ID database by the back door. John Swinney’s assurance this afternoon is not sufficient, and the only way in which we can ensure that the risks are properly understood is to vote for the motion today.
Previous
Portfolio Question TimeNext
Mental Health